To most normal people, data rights are a profoundly unsexy topic. Here at CDOT Future, we are not normal people.

Among the most exciting and strategic avenues for UK/CDOT collaboration is the growing  CDOT role in providing structures for the stewardship, ownership, and exchange of data. Through specialised laws, Britain’s offshore jurisdictions (the CDOTs) can bring material economic and social advantages to the UK, and indeed the wider world.

Society faces a problem - data is valuable, but no-one can really agree how to actually value that data, how to own it, how to manage it, and how to optimally distribute that value across society. On a political level, we also face an issue of disempowerment - individuals do not feel in control of their data. Jersey’s data trust proposition, along with the Isle of Man’s forthcoming data asset foundation, represents a bold and valuable endeavour to answer these questions. 

What is a data trust?

Data trusts are a novel legal arrangement designed to enable the better aggregation, management, control, exchange and governance of diverse datasets. Given the economic value of data, its role in shaping our social and economic lives, this is of immense potential importance. 

Launched in 2023, the Jersey data trust program represents the world’s first trust law based data trust vehicle. As such, it is a vision that unites technology governance, commercial growth, and social responsibility - and a useful way of demonstrating the nimble, pro-innovation role that Britain’s offshore jurisdictions can play in the tech economy

Data rights, data wrongs

Data trusts exist to own, steward, and / or manage the aggregated data of individuals and organisations. They have arisen in order to address a set of commercial and political problems posed by the ongoing development of the data economy. These include:

1. The problem of power: control of data gives tech giants, data brokers, and their clients vast powers over the lives of individuals. Individuals get better goods and services, but lose relative social and political power.

2. The problem of distribution: The data generated by data producers, whether individuals or organisations, drives the commercial power of large tech firms. However, data producers gain little direct value from the data they generate. Data trusts were in part envisaged as a way of helping people monetise or otherwise utilise their own data.

3. The problem of collective power: Despite the data rights enshrined in GDPR and similar legislation, individuals have very limited ways to meaningfully control their data. They have even fewer to combine into collectives and negotiate better terms from data collectors and data buyers. In theory, where multiple individual data producers are able to combine forces, they have higher negotiating power. 

4. Silos and aggregation: Because of uncertainty on data ownerships and data sharing rights, many potentially valuable data sets remain siloed and under utilised. This is a blocker on innovation and economic growth. 

5. The problem of social trust: data trusts were also envisaged as a means by which to engage a greater sense of trust and engagement among data producers 
   

Associated problems: enabling individuals, collectives, and organisations to hold more control, derive more value, and exercise greater sovereignty over their data requires tackling other associated problems. Data trusts are therefore also associated with policy debates on:

1. Data ownership and data as property: Part of the power disparity arises because it is difficult for individuals to meaningfully ‘own’ their data. They produce data, and that data is collected by the owners of digital systems. Individuals may or may not get value back via product improvements and insights. However, they cannot claim that data as their own, for it is difficult to extend property rights to data. Debates on whether and how to treat data as property are therefore also debates on what rights individuals and organisations hold over the data they produce.

2. Portability and liquidity: Data is only valuable insofar as it can be used by the entities who need it. If data is siloed and isolated, it cannot be used and has low or even no value. If individuals and organisations can ‘own’ their own data, deriving value from it requires that data to be rendered portable and liquid - and therefore usable. 

Researchers, policymakers and entrepreneurs have been working on a varying set of solutions to these issues. Among them are data trusts.

Data trusts: potted history & typology

The data trust discourse emerged from UK academic and policy circles circa 2017. Hall and Presenti’s review of the UK AI economy recommended the development of data trusts as a means to promote data sharing between different parties; the concept was further explored in projects such as the Data Trust Initiative led by Lawrence and Delacroix. As befitting its academic and political roots, there is a wide spectrum of ideas on what a ‘data trust’ could actually look like. Broadly, we see 3 main (and increasingly divergent) understandings  of the term:

1. An actual fiduciary trust: This sort of data trust is an actual trust created and managed using the principles of English trust law. Data is settled into the trust, and a trustee or set of trustees manages it on their behalf. This model places a strong emphasis on (a) property and (b) the fiduciary responsibilities of the trustee, and was explored in papers such Bottom-up Data Trusts and Containing Multitudes. Jersey’s data trust concept is in this tradition. 

2. Some other sort of fiduciary vehicle: Trusts have two difficulties - they need to operate over property, and they need to have beneficiaries, the latter of whom have various equitable rights. Both of these pose problems in the data context, leading to work on alternate forms, in particular the foundation. The Isle of Man is currently working on a data asset foundation law. Read here for more information on data foundations and here for the Isle of Man project

3. A general word for a ‘data commons’ or ‘data union’: Here, the data trust is not a ‘trust’ in the legal sense; instead, it is a shared resource held by partners who trust each other. ‘Data commons’ can be understood in a variety of ways. Examples include scientific resources like the All of Us Research Hub or Mobilithek, a German platform that collects and shares transport data. Data Union examples include the First International Data Union; initially focused on local data portability and self-storage, it plans to develop into a global consent and data sharing infrastructure for people to control their own data and engage in collective bargaining with data collectors. 

As the variety of approaches to ‘data trusts’ attests, the data trust discourse deals with practical questions - what is the best way to manage data and rights around data - and highly political ones. As economic value becomes increasingly driven by the collection and use of data, the question of who owns, manages, and derives value from data resources is innately political. Questions of data governance are therefore also questions of political and economic philosophy.

Why data trusts have struggled 

Despite initial hopes in 2017-21, few data trusts currently exist. They have struggled with:

Property: To exist, English trusts need property to be settled into the trust. Until recently, however, it has been very difficult to consider data as property. One can have certain flights over data - copyright, for instance - but data itself is not property. No property, no trust. 

Beneficiaries: English trusts generally require beneficiaries. Purpose trusts exist, but these must be charitable. If a data trust has beneficiaries, this gives them all sorts of rights over the trust that may not fit the vision of a data trust project. As for charitable status - for many data trust projects, this would defeat the point.

Regulatory Speed:  Although many UK policymakers were calling for data trusts, the law in the UK is a lengthy and complex process. This limits its ability to rapidly innovate and experiment. 

Issues with CLGs: in the wider, non-trust use of the term, companies limited by guarantee have been mooted as potential data trust vehicles for the UK market- but these are limited to charitable purposes. 

Business model: with a lack of clarity around data ownership and data stewardship, firms have been unable to see how their business models could be improved by participating in data trusts

The Jersey experience: a path forward

Jersey’s data trust laws illustrate a route forward for the wider adoption and commercialisation of data trusts. Through its trust industry, Jersey holds deep expertise in asset stewardship, and has a nimble political system able to rapidly form and adopt new laws. This has resulted in the Jersey data trust.

The structure: Jersey data trusts are created through a trust instrument and operate within Jersey’s pre-existing legal framework for trusts, the Trusts (Jersey) Law 1984. The trust instrument will outline the purpose of the trust and how the data within it can be shared and used. At core, it is there to provide clear and binding rules for the stewarding and sharing of data, and what rights trustees have over the data. 

Using the data trust, data from multiple parties can be pooled and shared by the data trustee in line with the purposes of the trust. Each trust instrument may provide multiple purposes for which the data within the trust can be used. 

The property: The data ‘property’ settled into the trust consists of database rights and contractual rights over a given dataset. 

The persons & roles: The following persons are involved in the datatrust :

• The settlor: The previous owner of data settles their rights over data - in the form of database rights and contractual rights over a data set - into the trust. 

• What if multiple settlors?

• The trustees: Data guardians, acting under Jersey trust law and regulated by the Jersey FInancial Services commission. These have the same duties as standard Jersey trustees under the Trusts (Jersey) Law 1984. Under Jersey law, the trustee(s) are obliged to fulfil the purposes of the trust. If something goes wrong with the trust or its data, the trustees bear fiduciary responsibility.

• Enforcer: Separate to the trustee, this officer is under a duty to monitor the trustee and enforce the purposes of the trust 

• Beneficiaries: because Jersey data trusts are non-charitable purpose trusts, they do not need beneficiaries

• Controller: The trustee is the controller of the data collected by the trust. Trustee is thus also registered with Jersey Office of the Information Commissioner and subject to Data Protection (Jersey) Law 2018.

For further analysis, read these notes from Monoceros and Mourant

The pilot: LifeCycle

LifeCycle was the first Jersey data trust, and as a result represents the world’s first data trust created using trust law. LifeCycle was established as a non-charitable purpose trust. It has a Jersey SPV trustee, LifeCycle (Trustee) Ltd. This is administered by a separate body, Icecap Ltd, and an enforcer, JTC Trustees Ltd. 

To develop the trial, some 650 Jersey-based cyclists attached sensors to their bicycles. Alongside ‘ride report’ forms, these sensors were used to record data about their journeys. This was used to understand cycling conditions, identify potholes, and generate insights on Jersey cyclist journeys.

The cyclists signed contracts with the trustee; this contractual right was then settled into the trust. 

Further examples include the Roberta Trust, a Jersey data trust created to facilitate the collection of data for women’s health research

Future developments

• Trust-stacking: Each trust instrument may provide multiple purposes for which the data within the trust can be used, and this can be used to recombine trust data into new entities. Imagine 5 data trusts, each of which have 10 purposes for which it is permissible to use their data. 1/10 purposes is shared between them. To facilitate the pooling of data for that particular data purpose, it is possible to create shared ‘master trusts’ - entities that exist to pool and reshare data for that given purpose. 

• Commercialisation: While the LifeCycle and Roberta data trusts are not for profit, future Jersey data trust entities can exist for the commercialisation of data. As before, the main thing is that the trust instrument allows such commercialisation

Data stewardship: a new growth industry?

If the UK and it’s network of offshore jurisdictions get it right, they can collectively flourish as global centres for the ethical stewardship, ownership, and exchange of data. The skills, insights, and experiences that enabled London to become a global hub of finance can be used in a highly analogous fashion in relation to data. As the world moves into competing great power blocks, the UK and CDOT jurisdictions can use their regulatory flexibility to become a central hub for data exchange. All that is needed is will

Data trusts, CDOTs and the UK tech industry

Jersey’s experience with the data trusts illustrates the role of the CDOTs as laboratories for innovation. In a large and complex jurisdiction like the UK, adapting trust laws to fit the needs of data trusts would be a long and highly complex process; years could easily be spent in consultations, assessments, and stakeholder alignment, not to mention effecting any legislative changes. As a small, nimble, and separate jurisdiction - yet one deeply tied to the UK - Jersey has been able to conceive, develop, and execute a data trust structure far in advance of the UK itself. The LifeCycle pilot showed how these trusts could be used; now, with the Roberta project, Jersey data trusts are being used to improve the healthcare of women on the British mainland. As Jersey expands its nascent data trust industry it will be able to provide more value to the UK, and to data trust participants overseas.