If you do business with European Union citizens, you are likely aware of the EU’s General Data Protection Regulation (GDPR)–and if you are not, you should be (check out our overview of the GDPR). Anna Artyushina highlights what appears to be a significant change in the EU approach to personal data and privacy outlined in the European data Governance Strategy released in February (2020) and organizations who interact with EU citizens’ data should be aware of these upcoming changes and how they might change their EU data strategy.
One of the most significant changes is that the EU is looking to create a pan-European market for personal data of EU citizens. These markets would be structured as trusts treating the data as a resource that is managed on people’s behalf with fiduciary duties towards its clients.
These trusts will take storing and moving of EU citizens’ data away from companies who will instead need to access the data via the trusts, assumedly for a fee. EU citizens are expected to collect “data dividends” which are yet to be fully defined.
Anna Artyushina raises some potentially concerning questions that we will need to watch to see how they play out:
- Does the EU’s intent to profit from citizen’s personal data weaken its position to regulate the data industry?
- Could improper use of data trusts deprive citizens of the rights to their data that they have come to expect?
Data trusts have been proposed and instituted by IBM and Mastercard for EU clients in Ireland and governments including the UK and Canada have employed data trusts to stimulate their AI industries.
Anna Artyshina cautions that “Unfortunately, data trusts do not guarantee more transparency. The trust is governed by a charter created by the trust’s settlor, and its rules can be made to prioritize someone’s interests. The trust is run by a board of directors, which means a party that has more seats gains significant control.” In short, citizens and governments need to keep an eye on trusts to make sure they are not abused to the detriment of citizens.
This appears to be a radical departure from the EU’s previous approach to data privacy by empowering individual EU citizens to manage their own data through the GDPR.
Image Source: Pixabay