Blog 2: Data Trusts & E-Commerce

Modern Data Governance Needs

Have you ever wondered what really happens with the data you provide your online services and accounts? Of course you have! Using Google, Amazon, Twitter, Facebook, and any other e-commerce or social media service not only allows them to keep your data, but use it to generate product recommendations and targeted ads.

The individual user has little autonomy over what happens to their data they knowingly or unknowingly provide online services and websites. There are specific laws for protecting User Data, but in the US they are only just being introduced in Congress (for example, see H.R.4240 - 117th Congress (2021-2022): User Data Protection Act. (2021, June 29). (https://www.congress.gov/bill/117th-congress/house-bill/4240). General Data Protection Regulation (https://gdpr-info.eu/) do exist, as well as the Personal Data Protection Bill, however, current data rights are often exchanged from the company and its consumers through Privacy Policies, User Agreements, and/or Terms of Condition, which are challenging and lengthy to read and difficult to combat if they are read and disagreeable to the user. Teresa Scassa, the Canada Research Chair in Information Law and Policy at the University of Ottawa’s Faculty of Law, sums it up perfectly: “There is simply too much to manage, and often the way it is presented to consumers makes it difficult for them to make informed choices. In this context, clicking “I agree” without reading privacy policies is an act of surrender, not of consent” (Scassa 2018).

We hear you, Teresa.

Recently there have been calls for companies to answer for how they manage user data and what they use it for, an example being the recent 2020 inquiry into multiple e-commerce and social media companies including Amazon, TikTok, Twitter, and others (Diaz 2020), as well as multiple discussions on ethical data use in many other applications, including other tech companies like Uber, Google Maps, and Facebook (Janiszewska-Kiewra, Podlesny, & Soller 2020).

We believe that businesses should have clear, transparent standards on how they will use customer data that is human-readable. Büt Camp Inc. wants a solution that allows our customer data to benefit the company, researchers, and other companies through ethical data sharing.

A Data Trust is a legal framework for managing data (Qlarion).

What that really means is that there is a group of beneficiaries that produce data who enter a legal contract based on trust law with trustees who follow the contract and facilitate the appropriate handling of the data. This means that beneficiaries have complete control and understanding of how their data is being used and why.

There are 3 primary concepts involved in a data trust (Ada Lovelace Institute and AI Council 2021):

1. There is a clear intention to establish a trust

2. The subject matter or property of the Trust is defined

3. The beneficiaries of the Trust are specified (including as a conceptual category rather than nominally)

Data Trusts are used in several fields, including social media, hospitals and other health data repositories, research data, artificial intelligence research and data, and, you guessed it, e-commerce.

Key Entities for data trusts include the following:

• Beneficiaries: Data producers (customers, individuals, companies, organizations, society)

• Trustees: Those entrusted with monitoring compliance and gatekeeping of data based on agreed-upon terms with the beneficiaries

• Trust Law: “Trust law refers to laws governing the creation and implementation of trusts, which are fiduciary relationships. In this type of relationship, one party (called the trustor) gives a second party (called the trustee) the right to hold title to assets or property for the benefit of a third party (called the beneficiary).”

• Data Rights: The right for individuals to know what is happening with their data without having to read intentionally confusing and lengthy agreements

• Technology: Validation, storage, and security measures applied to data with access limited to the Trustees

• Funding Models: Ranging from funded, unfunded, endowment, subscription, etc.

• Shared Data Goals: Understanding of and agreement of beneficiaries on how data is shared, to whom it is shared, why it is shared, and compliance with these parameters
  
  

Below is a lifecycle for how a data trust works with Büt Camp, Inc. built into the model. Essentially, we provide a clear, concise statement to all users describing their data rights before they enter any personal information. We keep only the data necessary to complete an order successfully, and data is put into a data trust that Büt Camp uses for ethical research.

Benefits

• Ethical use of customer data through law and policy that protect data rights and use, rather than selling it to other companies(1)

• Trust becomes a major marketing opportunity tool as a plus to buying from the company

• No difficult, lengthy contract agreements

• Shared understanding of what data is used for

• Large repository of user data to pull from for market analysis and lead generation that may include additional companies’ data that they have also put into the same Data Trust

• Supports data rights, rather than the data itself as an intangible object, which does not restrict the type of data but rather how it is used¹

• Flexibility and data storage and data access2

• Multiple Data Trusts means multiple options to choose from that can fit the needs of the Beneficiaries (customers of e-commerce) and data users (Büt Camp Inc.) alike

• Funding models vary so Data Trusts can be chosen based on a preferred funding source or structure

• Supports risk mitigation for data storage and vulnerability

• Supports responsible data sharing to increase and improve valid research

• Misuse of data, while possible, can be mitigated by the data stewards authorizing the access once trust is broken

Risks

• Lower targeting marketing opportunities

  • “The same piece of data, depending on a particular context, can be personal and non-personal, more or less likely to relate to an identifiable natural person, and with a stronger or weaker link to that person. […] The difficulty lies, first, in determining at which point the level of relation to an individual is sufficient to establish property rights, and second, in tracing the presence of such a relation.” (3)

• Even data from Trusts can be examined to mine potentially specific health and well-being data

• Like social media data, there is a high potential for loyalty card data to be used, particularly from supermarkets, in the context of personalized health analysis. (1) Loyalty card data could, for instance, provide information about what individuals or families have been consuming in their diet.

• Traditionally, dietary intake information is gathered by self-reporting. Yet, evidence suggests that this self-reporting approach is inaccurate, with biases towards perceived norms.

• Funding models for Data Trusts widely vary and sustainability for each model has not been explored long-term.

• Security and archival models for storage have not yet been standardized (although many frameworks are in development)(4-5)

• Data can still potentially be used to harm, stigmatize, or create purposeful miscalculations by malicious agents.

Notes

1. Delacroix, S and Lawrence, N. (2019). “Bottom-up data Trusts: disturbing the ‘one size fits all’ approach to data governance.” *International Data Privacy Law, *9(4) pp. 236–252. DOI https://doi.org/10.1093/idpl/ipz014 

2. Wylie, B., and McDonald, S. (2018). “What is a data trust?” Centre for International Governance Innovation. Retrieved from https://www.cigionline.org/articles/what-data-trust/ 

3. Purtova, N. (2017). “Do property rights in personal data make sense after the Big Data turn: Individual control and transparency.” Journal of Law and Economic Regulation, 10(2). https://ssrn.com/abstract=307022

4. Kemp, R. (2019). “Data trusts and frameworks are gaining traction and on the cusp of widespread adoption.” Kemp IT Law. Retrieved from https://www.kempitlaw.com/data-trusts-and-frameworks-are-gaining-traction-and-on-the-cusp-of-widespread-adoption/

5. McNealy, J. (n.d.). “A framework for data trusts.” Stanford PACS. Retrieved from https://pacscenter.stanford.edu/research/digital-civil-society-lab/a-framework-for-data-trusts/

The current environment of e-commerce is more connected and interwoven than ever with software, apps, mobile/wearable devices, and sites that track your every movement and action online. The benefit to consumers is more relevant data processed and delivered to them via ads hyper-personalized to their current wants and location, the ability to see where you are and where you’ve been, medical portals tracking health, purchasing habits, etc. As the scope and speed of data are cross-referenced, a customer becomes an encyclopedic data point with vast amounts of specific personal and private information that can be damaging if leaked or used by unscrupulous companies to drive profits through the sale of that data. This leads to a trust deficiency in consumer minds of businesses on the web in general, creating a more significant barrier to gaining a more reputable reputation.

Using a Data Trust allows the e-commerce business to access, store, and evaluate data on current customers, potential customers, and trends while simultaneously keeping that data safe and manageable by the customer via the trust’s legal structure and access rules. Building trust in e-commerce is no different than trust between two people. Trust is inherently hard to gain and easy to lose. In e-commerce, trust is a primary driver of why a consumer may buy from your store versus a competitor (Laudon & Traver 2018) company with a higher reputation is a company that can more easily charge higher prices, lower the risk of newer products, and even create consumer evangelists.

An example of how powerful trust can be is Apple’s reputation in the eyes of consumers. “Apple has a powerful brand and unrivaled track record when it comes to the user’s experience – in particular, it has taken a strong stance on privacy. Last month its iPhone advert said ‘We believe your privacy should never be something you have to question’” (Mavadiya 2019). But even one of the most trusted companies on the planet is subject to the fragility of the trust factor. When Apple announced, they were rolling out iPhone photo data scraping for images of child sexual abuse. This announcement was met with immediate backlash as even though the intentions were good, it felt like a betrayal of the core value of privacy Apple has maintained (Associated Press 2021).

Our first step as an e-commerce company is to begin to foster trust through the use of a Data Trust. This step is one of many on the long road to becoming a company known for being ethical and honest with the data we’re given.

Büt Camp. Inc. (BCI), an e-commerce certified B-Corp, selling single-person temporary shelter directly to emergency responders, local disaster preparedness groups and councils, survival preppers, and day hikers, has an ethical duty to store data that does not treat the customer’s privacy as a source of income. We employ Data Trusts for our benefit and the benefit of the consumers and potential customers.

In terms of research data, similar to AI research, and sharing data responsibly, Büt Camp Inc.’s product is built on an innovative, patented PLA technology. We feel that sharing this data with others in a Data Trust and those our Data Trust approves, rather than with anyone who may reappropriate it, is optimal for continuing research in PLA technology and ethical data sharing.

Data Büt Camp, Inc. Collects

Customers order from Büt Camp, Inc.’s online store via the web or progressive web application (PWA). The order process requires a certain amount of data from the customer to allow BCI to process and deliver the order. Data entered, gathered, and generated includes but is not necessarily limited to:

• Full name

• Company if applicable

• Address

• Credit card

• Email address

• Phone number

• SKUs purchased and quantities

• Time of purchase

• Shipping Preference

• Unique order number

• Contact preferences

• Length of time on BCI site

• Number of visits to BCI site

• SKUs placed in cart or removed

• Recent purchases

• Discounts used
  
  

Maintaining Our Mission

Data is stored only in the Data Trust. Only relevant data needed for purchase completion, BCI marketing campaigns, lead generation, customer feedback, etc., is requested and given, adhering to the trust’s strict governance rules. Logs keep records of all transactions involving the data to analyze for misuse or data manipulation.

The data held by the trust is not only used by Büt Camp, Inc. but is also available to researchers of biodegradable cornstarch-based polylactic acid (PLA), other companies, public sector agencies, and the customers themselves. The customers can see at any time the data collected by Büt Camp, Inc. and what it is used for and why it may be accessed, and by whom. A BCI customer has the right to disallow any information they wish not to be accessed, as long as it does not interfere with the process of completing a purchase. After purchase, the customer can elect to destroy all relevant data or anonymize it for later use, stripping any personal data that could be traced back to that individual or entity.

This level of conditional and ethical data governance is best suited for use in a data trust. With a third party trust guiding and maintaining the data and access to it while also explaining the use patterns, customers and Büt Camp, Inc. can be assured that any customer and BCI data is safe and helpful to the community overall. Ethical data practice is a guiding principle of BCI to be a steward to people and the environment.

• Ada Lovelace Institute and AI Council. (2021). “Data trusts.” Exploring legal mechanisms for data stewardship. Retrieved from https://www.adalovelaceinstitute.org/feature/data-trusts/ 

• Artyushina, A. (2020). “The EU is launching a market for personal data. Here’s what that means for privacy.” MIT Technology Review. Retrieved from https://www.technologyreview.com/2020/08/11/1006555/eu-data-trust-trusts-project-privacy-policy-opinion/ 

• Balkan, J., and Zittrain, J. (2016). “A Grand Bargain to Make Tech Companies Trustworthy.” The Atlantic. Retrieved from2 https://www.theatlantic.com/technology/archive/2016/10/information-fiduciary/502346/ 

• Delacroix, S and Lawrence, N. (2019). “Bottom-up data Trusts: disturbing the ‘one size fits all’ approach to data governance.” *International Data Privacy Law, *9(4) pp. 236–252. DOI https://doi.org/10.1093/idpl/ipz014 

• Desmond, J. (2021). “Data trusts forming as alternate model of protecting data privacy.” AI Trends. Retrieved from https://www.aitrends.com/data-privacy-and-security/data-trusts-forming-as-alternate-model-of-protecting-data-privacy/ 

• Diaz, J. (2020). “Amazon, TikTok, Facebook, Others Ordered To Explain What They Do With User Data.” NPR Radio. Retrieved from  https://www.npr.org/2020/12/15/946583479/amazon-tiktok-facebook-others-ordered-to-explain-what-they-do-with-user-data 

• Emanuel, R. (2020). “Why eCommerce Data Matters (and how to use it).” Parkfield Commerce. Retrieved from https://www.parkfieldcommerce.com/post/why-ecommerce-data-matters 

• Gold, R., Ambrosini, S., London, R., and Lauck, M. (2019). “Silicon Valley Regional Data Trust: A Scalable Model for Improving Educational Outcomes and Well-Being for Children and Families.” National Interoperability Collaborative. Retrieved from https://nic-us.org/wp-content/uploads/2019/03/NIC-CA-SVRDT-AScalableModel.pdf 

• H.R.4240 - 117th Congress (2021-2022): User Data Protection Act. (2021, June 29). https://www.congress.gov/bill/117th-congress/house-bill/4240 

• Hardings, J. (2020). “Data trusts in 2020.” Open Data Institute. Retrieved from https://theodi.org/article/data-trusts-in-2020/

• Janiszewska-Kiewra, E., Podlesny, J., and Soller, H. (2020). “Ethical data usage in an era of digital technology and regulation.” McKinsey Digital. Retrieved from https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/tech-forward/warp-speed-how-gpus-can-enable-large-scale-healthcare-enterprise-applications

• Kemp, R. (2019). “Data trusts and frameworks are gaining traction and on the cusp of widespread adoption.” Kemp IT Law. Retrieved from https://www.kempitlaw.com/data-trusts-and-frameworks-are-gaining-traction-and-on-the-cusp-of-widespread-adoption/  Zarkadakis, G. (2020). “”Data trusts” could be the key to better AI.” Harvard Business Review. Retrieved from https://hbr.org/2020/11/data-trusts-could-be-the-key-to-better-ai

• McNealy, J. (n.d.). “A framework for data trusts.” Stanford PACS. Retrieved from https://pacscenter.stanford.edu/research/digital-civil-society-lab/a-framework-for-data-trusts/ 

• Purtova, N. (2017). “Do property rights in personal data make sense after the Big Data turn: Individual control and transparency.” Journal of Law and Economic Regulation, 10(2). https://ssrn.com/abstract=3070228

• Ruhaak, A. (2019). “Data trusts: why, what and how.” Anouk Ruhaak. [personal blog]. Retrieved from https://medium.com/@anoukruhaak/data-trusts-why-what-and-how-a8b53b53d34 

• Scassa, T. (2019). “ Enforcement powers key to PIPEDA reform: Reforms to the Personal Information Protection and Electronic Documents Act must give the privacy commissioner real enforcement powers.” Policy Options Politiques. Retrieved from https://policyoptions.irpp.org/magazines/june-2018/enforcement-powers-key-pipeda-reform/ 

• Voznick, N. (2019). “UK: The first data trust pilot projects.” One Trust Data Guidance. Retrieved from https://www.dataguidance.com/opinion/uk-first-data-trust-pilot-projects

• Wylie, B., and McDonald, S. (2018). “What is a data trust?” Centre for International Governance Innovation. Retrieved from https://www.cigionline.org/articles/what-data-trust/