The Amsterdam Law & Technology Institute’s team is inviting external faculty members to publish guest articles in the ALTI Forum. Here is a contribution authored by Kelsie Nabben, socio-technical researcher on resilient peer-to-peer digital infrastructure, crisis technologies and trust at the RMIT.
With data trusts, a responsible party is legally appointed as the trustee over a group of people’s data to act on behalf of their preferences. The intent behind Decentralised Autonomous Organisations as an institutional governance structure is to enable people to coordinate and govern themselves, by relying on self-executing rules that are encoded in software on a public blockchain. Rather than appointing a legal representative to negotiate and enforce rules through legal mechanisms, rules in decentralised blockchain-based systems are inscribed in software code where they are transparent, verifiable, and enforceable, and digital tokens are used to align incentives among diverse stakeholders in the system. The aim is to return power to individuals regarding the use of their personal data through data stewardship, meaning “the trustworthy and responsible use and management of data” to unlock the value of aggregated data in a fairer way.
What is missing is a governance framework and institutional enforcement mechanism that places participants in control of “their” data to control, utilise, and benefit from it. This article explores an idea proposed in a recent working paper on if and how principles of data trusts might apply to “Decentralised Autonomous Organisations” (DAOs) as a decentralised data governance structure for digital data trusts, by which users can control, store, and choose how their data is utilised.
The key idea is: if DAOs were designed and programmed to operate like data trusts, then the DAO would have the fiduciary duty for data governance on behalf of participants, and this would be enforceable in the rules of the system. Thus, issues of enforcement around data use and abuse in the digital economy could potentially be mitigated.
To explore this idea, I outline the fundamentals of trusts, the concept of data trusts as a data governance framework, and the idea of DAOs as data trusts to steward and utilise data on behalf of participants. I then explore possible use cases and early examples of this governance infrastructure in practice in blockchain communities. I find that DAOs are a promising digital governance infrastructure for people to operationalise the principles of data trusts, whereby the promise of data stewardship is entrusted to software code and self-governance, rather than third-party legal representatives. This contribution lends itself to further scholarly research and industry practice to test the concept of DAOs as data trusts as a data governance model for greater individual autonomy, verifiability, and benefit over personal data.
Data Governance: from Data Trusts to Data DAOs
While there are no one-size-fits-all solution data governance frameworks, data trusts are a novel data governance structure among others, including data collaboratives, data foundations, and data cooperatives.
Trusts have existed for centuries and are an important innovation in property rights law by separating properties’ legal ownership and control from its equitable ownership and benefits. A trust is a legal relationship in which the holder of a right, known as a “beneficiary” or “trustor”, gives it to another person or entity, known as a “trustee”, to keep and use it on their behalf for another’s benefit. Trustees are generally compensated for performing their role and penalised through the legal system for breaching their fiduciary duty in a court of law. Examples of trusts include land trusts, testamentary trusts, purpose trusts, employee trusts, and co-ownership.
A data trust is a relatively new concept, predicated on participatory, democratic, cooperative governance structures whereby a legal entity acts as an independent fiduciary steward of data. Data trusts are a data governance and utilisation structure that allows individuals to state their aspirations for data use and mandates a trustee to represent those interests through the legal mechanism of trusts. Generally, data is pooled among participants in a data trust and a representative is legally appointed to represent the interests of members in the utilisation (for example, monetisation) of that data.
Members pool their data and appoint a legal trustee, that is bound by a fiduciary obligation to exercise on behalf of the trust’s beneficiaries. This includes negotiations between the data trustee on aggregated data on behalf of beneficiaries, and data collectors or analytics organisations on how the data is utilised or monetised, in accordance with the terms of the trust.
A key motivation behind data trusts is to distribute the benefits arising from data more equitably. “A successful data Trust will be one whose constitutional terms better encapsulates the aspirations of a large part of the population” state Delacroix and Lawrence (2019).
A data trust relies on nation-state regulatory instruments for different types of data, such as the General Data Protection Regulation framework in the EU to confer rights. According to the Centre for Internal Governance Innovation, “Like powers of attorney, data trusts are flexible and de facto global”. This means that they can be written in ways that create legally accountable governance structures. Another way to think about a data trust is “as a container — one that can hold assets”.
Once data is pooled and governed under a data trust, it can be utilised by other stakeholder (who want to purchase it to train machine learning algorithms, or donated for research, for example) in the interests of the constituents of the trust (the trustors). Thus, trustors become both data providers and beneficiaries of their data when it is utilised. Uses of the data could include data monetisation through selling data or data mining, as well as donation. An example of this is the Swiss “MIDATA” model, which allows owners of data to actively contribute to medical research for the common good, by granting selective access to their personal data. This collective consent and bargaining structure which aims to protect the interests of individuals is viewed as an approach to realise the data mining potential of large datasets, without compromising the rights of individuals.
The benefits of data trusts are numerous. Beyond providing the structure of fiduciary governance (i.e. flexible vehicles that can minimise and contain the risks around experimenting with different models of governance), data trusts can act as a way for data rights holders to aggregate and build leverage towards collective bargaining for more balanced, publicly beneficial data relationships.
Data trusts are viewed as a potential structure for greater self-determination over data privacy after years of “weak consent based models” of check boxes and legal jargon. Data trusts also form a solid basis for experimentation to solving problems that require data in the ability to adapt and develop the rules of governance and use according to specific use cases. Data trusts can continue to steward, maintain, and manage how data is used and shared, including access, who gets to define those terms, and penalties for misbehaviour.
Existing Limitations of Data Trusts
Trust structures can be both powerful in their approach to participatory ownership as well as limited, due to their reliance on trustees to act in the interests of beneficiaries, and beneficiaries dependence on traditional legal recourse if things go wrong, such as data being leaked where it cannot be revoked.
A key contention with data trusts is that flexibility in the preferences of beneficiaries and the rules of the trust mean that data trusts rely on traditional mechanisms of legal recourse if things go wrong. Yet, if trustees fail to act in the interests of beneficiaries, data is not well stewarded, or the appropriate business models are not applied to steward data in the individuals’ or public interest, mistakes are expensive and time consuming to dispute.
For example, technical architectural challenges, such as how an individual disentangles and extracts their unique data to “exit” a trust once it is collected and collated is difficult, if not impossible.
In contrast, a Decentralised Autonomous Organisation clearly defines and expresses rules in software code, and can incorporate semi-automated dispute resolution and arbitration mechanisms.
A Proposal for DAOs as Data Trusts
The term “DAO” stands for “Decentralised Autonomous Organisation”. A DAO is a blockchain-based system that enables participants to coordinate and govern themselves, mediated by a set of self-executing rules deployed on a public blockchain (although the concept stems from cybernetics and pre-dates blockchain technology and applications). Thus, governance in a DAO is decentralised from central control, and reliant on people to define the rules, and software code and automation to execute the rules.
In a data trust, the “overriding aim of the governance structure is to achieve trust” between participants in the trust and other who wish to utilise the data. Conversely, blockchain technology provides an infrastructure to distribute trust between disparate parties and enforce rules through software code for collective self-governance. Blockchain is sometimes referred to as “trustless” infrastructure.
This governance philosophy and technology emerges from the ideas of a distributed group of activists known as the “cypherpunks” that advocated for the use of encrypted technologies for greater individual rights in society. From these origins, “DAOs” have been to facilitate the collective self-governance of cryptocurrencies, social tokens, decentralised finance protocols, and more.
“…instead of a hierarchical structure managed by a set of humans interacting in person and controlling property via the legal system, a decentralised organization involves a set of humans interacting with each other according to a protocol specified in code, and enforced on the blockchain” states co-founder of the Ethereum blockchain Vitalik Buterin in 2014.
This aligns neatly as an evolution on the aforementioned essential characteristics of a data trust, including a clear purpose, a legal structure between stakeholders, rights or duties over stewarded data, a clearly defined decisions making process, an articulation of how benefits are shared, and a sustainable funding model.
With a DAO as a data trust, the DAO itself is the trustee with fiduciary responsibility for stewarding data towards on behalf of beneficiaries, with rules represented and enforced in software code rather than nation-state law and legal enforcement mechanisms.
In such cryptocurrency enabled institutional structures, blockchain-based digital tokens are leveraged as value to align incentives, such as a reward to beneficiaries for contributing data, as payment to fund the operations of the DAO, or as staked collateral which risks penalty upon misbehaviour to enforce the consensus of what desired is. According to this ethic, what constitutes “good behaviour” is determined by those who design the system, and those who consent to this by choosing to participate in it.
Where rules or conduct beyond the enforcement capabilities of the blockchain are suspected to be violated, DAOs are adopting a range of arbitration mechanisms, including decentralised, software-based “courts” such as “Kleros” and “Celeste”.
The benefits of DAOs as data trusts numerous. They include efficiency gains which enable scalability, such as the ability for DAO participants to collectively pool and aggregate data, appoint code or human labourers to advocate on behalf of the use of the that data for the benefit of contributors, collective bargaining power, and tools for management of administrative functions (for example, multi-signature wallets).
DAOs may also afford privacy benefits to participants. Depending on the rules of the DAOs, sometimes participants can remain anonymous. Furthermore, public blockchain technology was birthed out of encryption technology, and privacy via encryption is a high value in some blockchain communities. Data can be encrypted-by-design in decentralised networks and stakeholders can choose to remain pseudonymous or anonymous in their interactions depending on the design of the protocol.
This could aid both beneficiaries of data DAOs, as well as traditional data trusts to innovate in data governance and utilisation practices. Furthermore, within the emerging area of research on relationships between DAOs and individuals, software enabled data trusts may provide greater optionality and low switching costs for people to choose the DAO which has the rules they would like to apply to their data and changing between data DAOs if they wish to exit one and participate in another.
Potential Limitations of Data DAOs
This approach of marrying the concepts of DAOs and trusts to govern data requires further research into the benefits and risks of this approach.
DAOs are extremely experimental governance models as both the scholarship and tooling surrounding these governance infrastructures is constantly evolving through active research and development in decentralised technology communities. DAOs can have unintended technical and social consequences, such as hacks or inequality. The societal outcomes of DAOs remain understudied.
DAOs are heterogenous, manifesting themselves in many forms, for different objectives from shared investment vehicles, such as FlamingoDAO, to approaches to collective governance of platforms, such as GitcoinDAO. DAOs vary widely in legal structure, from registered legal entities for participation by U.S. accredited investors only, to completely unregistered, open-source software organisations.
Different objectives mean that some DAOs optimise for a diversity of goals, including financial upside, ideologically driven aspirations towards decentralised software development, social engagement, or more complex social purposes.
Furthermore, the role of people and algorithms across the variety of expressions of these software encoded assemblages remains to be determined. The responsibility of who gets to govern in decentralised technology systems largely falls on engineers, surfacing questions with regards to the “neutrality” of decisions made by algorithms in the system.
The Decentralised Digital Economy Requires New Data Governance Models
The information age has brought about significant changes in patterns of data collection and use, which are difficult to predict and respond to. In this context, society will need a range of governance tools to anticipate and respond to emerging digital opportunities and challenges. DAOs are an active site of experimentation in governance. With a concentration of software engineering talent and governance researchers, rapid iteration on data governance rules, practices, and tools may be possible.
This article has explored the fundamentals of data trusts and decentralised autonomous organisations to propose DAOs as a data governance framework and operational infrastructure for collective data pooling, management of shared resources, and utilisation.
Data trusts provide a general-purpose framework for DAOs to model data storage and utilisation design and implementation. By conceiving of DAOs as data trusts, the motivation of distributing the benefits of pooled data and protection of personal data is enacted through trust in code as the DAO stewards and negotiates as a trustee on behalf of the beneficiaries. This is a logical evolution of data governance with DAOs as a governance due to user experience limitations and digital literacy requirements). DAOs as data trusts un-silo data while allowing for persistent individual control, storage, governance, and utilisation to the benefit of those that contribute to the network.
Just as data trusts are one component of governance, which is interdependent on policies, politics, rights, other infrastructure, economics, and more, data DAOs are one approach to structuring data governance through DAO infrastructure.
The contribution of this article on data DAOs has been to go beyond recognising decentralised digital institutional technology and data as a resource to more deeply explore a digital data governance framework to operationalise decentralised data governance. This contribution invites further scholarly research and industry practice to test the concept of DAOs as data trusts as a data governance model for greater individual autonomy, verifiability, and benefit over one’s data and how it is used.
Citation: Kelsie Nabben, Decentralised Autonomous Organisations (DAOs) as Data Trusts, ALTI Forum, April 18, 2022.
Invited by Thibault Schrepel