WEF Advancing Towards Digital Agency 2022

Advancing Digital Agency:
The Power of Data

Intermediaries
INSIGHT REPORT
FEBRUARY 2022
Images: Getty Images
Contents
Preface 3
Executive summary 4
1 The challenge: Human–technology interaction 5

and the data value chain
1.1 Introduction: The trust gap in data sharing 6
1.2 Introducing data intermediaries 9
1.3 Exploring data value chains 11
2 The opportunity: Trustworthy human-centric data intermediaries 13
2.1 Data intermediary organizational models 14
2.2 The policy environment 17
2.3 Human-centricity and fiduciary duty 18
3 Moving towards trusted digital agency 20
3.1 The role of digital identity in supporting human agency 21
3.2 Automated decision-making 25
3.3 A potential trusted digital agency model 26
4 Reshaping human–technology interaction 28
4.1 How the use of data intermediaries shapes human– 29

technology interaction
4.2 User experience design consequences of using a third- 30

party digital agent
5 Levers of action 31
5.1 For governments: Future-proof regulatory support 32
5.2 For businesses: A policy leadership role 36
Conclusion 37
Glossary 39
Contributors 41
Acknowledgements 42
Endnotes 43
Disclaimer
This document is published by the
World Economic Forum as a contribution to a project,
insight area or interaction. The findings, interpretations and
conclusions expressed herein are a result of a collaborative
process facilitated and endorsed by the World Economic
Forum but whose results do not necessarily represent the
views of the World Economic Forum, nor the entirety of its
Members, Partners or other stakeholders.
© 2022 World Economic Forum. All rights reserved.

No part of this publication may be reproduced
or transmitted in any form or by any means,
including photocopying and recording, or by any
information storage and retrieval system.
Advancing towards Digital Agency: The Role of Trusted Data Intermediaries 2

February 2022 Advancing Digital Agency:
The Power of Data Intermediaries
Preface
The power of the data ecosystem has never
been greater but the system itself is becoming
more difficult to navigate.
Navigating the data ecosystem
The power of the data ecosystem has never Contrasted with this complexity is our reliance
been greater but the system itself is becoming on data sharing both as our way of life and
more difficult to navigate due to increasing as the backbone of the global data economy
complexity. We share and receive data every day and the key to technological innovation.
to interact with the technologies that serve us,
whether in a personal or commercial context. If mistrust in the data ecosystem acts as a point
Anne Josephine Data value chains then funnel, use and reuse that of failure leading to suboptimal outcomes for
Flanagan data, usually for commercial or public interest us all, what can be done? What if there was a
Data Policy and purposes. These value chains, often involving better way whereby data could be more easily
Governance Lead, World
personal data, are at best complicated to follow; traced, more easily permissioned, more easily
Economic Forum
at worst they can lead to mistrust in data sharing controlled by data rights holders (including
and can potentially give cover to bad actors. people) across the data ecosystem?
Data intermediaries as a lever of action
In this report, the World Economic Forum’s In an era that has policy-makers moving beyond
Task Force on Data Intermediaries, composed just privacy laws and to grapple with developing
of business, academic and civil society actors policy levers designed to support data-sharing for
worldwide, explores these questions and more. common purposes, the task force shares what it
Sheila Warren Building on the Forum’s Redesigning Data Privacy: has learned to support responsible policies. The
Deputy Head, Centre Reimagining Notice & Consent for Human- value-added use of data intermediaries as a key
for the Fourth Industrial technology Interaction1 report, the task force to unlocking complexity and building trust holds
Revolution Network, examines data value chain scenarios as they the promise of protecting the interests of data
World Economic Forum
already exist today – and may exist in the future – sharers and data subjects alike – and ultimately
with a view to improving both human–technology that of society.
interaction and data sharing more broadly.
Towards trusted digital agency
Taking lessons from global business, the research Finally, although any views expressed do not
community and cutting-edge technology design, represent the views of any individual taskforce
we explore best practices in the use of data member or their organizations, we invite you
intermediaries. We identify various models, to join us on this journey of exploration as we
including the organizational data intermediary, unearth and build a picture of where consensus
such as the data trust, that assumes a fiduciary may or may not lie in unleashing the power of data
duty. We explore the automated gateway that intermediaries leading to trusted digital agency –
predetermines standard rules. And we look to the and where and when these types of policies could
future, to the artificially intelligent agent that allows potentially be deployed.
for autonomous third-party decision-making on
our behalf, with its associated promises and perils.
Advancing Digital Agency: The Power of Data Intermediaries 3

Executive summary
Data intermediaries represent a new policy
lever to navigate the challenges of the
growing data ecosystem.
The challenge
Everyone is familiar with the paradigm of going time. Where once people had screens to navigate,
online and clicking on terms and conditions they new ambient data collection methods with their
don’t understand (or take time to read). No one many benefits create nervousness and resignation
knows (nor follows) what happens to their data. when people don’t have the full picture. In some
This status quo creates a reliance on companies to cases, individuals may opt out of interacting with
be responsible but can lead to mistrust in the data technologies that would be of huge benefit to their
ecosystem as a whole. Further, mistrust between lives. But what if it were possible to outsource these
people and technology becomes amplified the decision points to a trusted agent acting on an
more complex the data ecosystem becomes over individual’s or even a group’s behalf?
The opportunity
Now that screenless technology is a part of everyday lever through and around which individuals can
life, there is an opportunity to rethink the human– potentially navigate the challenges of the growing
technology interaction paradigm and reposition data ecosystem. This report seeks to shed light
the debate to focus on roles and responsibilities on an alternative method of mediated human–
beyond the person. How can the use of data technology interaction whereby data appears to
intermediaries help people navigate technologies travel seamlessly from people to technology in a
and data ecosystem models without losing sight of human-centric and, crucially, trusted manner. By
what it means to be human, in terms of agency and communicating shared incentives, establishing
expectations? How can people think beyond that reputation or receiving third-party verification, as
given that, as they move towards the complexity of well as having assurance structures to mitigate risk
screenless metaverse issues, their understanding of to both the intermediary and the rights holders,
“humanness” is transforming? Data intermediaries– data intermediaries can increase trust between
especially digital agents – represent a new policy people and the technology they interact with.
The solution
This report explores the opportunities and risks of innovation through the introduction of a trusted third
data intermediaries and, specifically, third-party digital party. Crucially, it suggests levers of action for both
agents. From data trusts to trusted digital agency, the public and private sector to ensure a future-
the report paints a picture of a world that is more proof digital policy environment that allows for the
empathetic to people and to companies, providing seamless and trusted movement of data between
greater certainty for data sharing as a foundation for people and the technology that serves them.

1 The challenge:
Human–technology
interaction and the
data value chain
Trust between parties who seek
to share data is not a default state.

1.1 Introduction: The trust gap in data sharing
People mistrust “Our days are filled with myriad discrete data important when considering that people share data
even the most collection moments. Even when we have genuine every time they interact with the technologies
responsible and intent to affirmatively consent to each moment of in their lives.
ethical companies data collection, it is practically impossible to do so:
No individual has the time to provide affirmative As Bill McDermott, former Chief Executive Officer
because the
consent on a near constant basis. This reality of SAP, has noted: “When trust is there, we can take
system – the data
arguably undermines our individual agency.”2 giant strides, turning our greatest challenges into
ecosystem – is our biggest opportunities. When it’s not, the needle
so confusing to The world is experiencing something of a mistrust gets stuck. Small hurdles become insurmountable.
navigate. pandemic when it comes to people’s engagement Division overwhelms unity.”3
with the data ecosystem. This global “trust gap” or
“trust deficit” is a barrier to economic growth, digital As defined by Russell Hardin,4 trust is a belief
innovation and social cohesion. The technology that an actor will perform a specific action within
ecosystem is ultimately powered by the collection, a specific context, whereas trustworthiness
sharing and processing of data, often personal is a property of an actor. The goal of data
in nature. Data sharing is a driver of innovation intermediaries and the infrastructure that
in technology and of the digitization of mature supports them is to enable data rights holders
economic models. to trust trustworthy data intermediaries.
But trust between parties who seek to share or That is not to say that without trust and
exchange data is not a default state; it is something trustworthiness there is no sharing of data; but
that needs to be earned or built, often as a result with trust and trustworthiness there will be greater
of great effort over time. This includes building trust participation and in turn an increase in the volume and
between people and technology. It is all the more indeed the veracity of data made available as a result.

The problem of notice & consent
When presented The challenges of meaningfully consenting to could they truly anticipate how their data would
with privacy personal data sharing, meaning the collection be used?
notices, it is and processing of personal data, are well-
necessary to take known.5 Much of people’s interaction with And what if there is no screen? Ambient data
technology relies on giving consent for data collection, through for example closed circuit
the time to consider
collection and processing via a medium such as television and connected devices, is increasingly
the implications a screen. When presented with privacy notices, common. Getting to an acceptable default state
of terms and it is necessary to take the time to consider the is more urgent than ever as the world moves
conditions and implications of terms and conditions and to towards the creation of the metaverse where
to overcome the overcome the barrier presented by the attention the metaphysical state of human–technology
barrier presented required to think explicitly about preferences. interaction becomes ever more seamless.
by the attention People need to think about what they really
required to think care about and foresee what their data might Other lawful bases for data collection and
explicitly about be used for – if they can imagine it. The term processing do exist in some jurisdictions, such as
preferences. “decision fatigue”6 reflects something real: Lorrie legitimate interest or performance of a contract
Cranor and Aleecia MacDonald of Carnegie under the European Union (EU) General Data
Mellon University researched7 the unfathomable Protection Regulation, but they have their own
burden of reading privacy notices that people limitations. Courts the world over have been clear
typically experience and the resulting difficulty that notice and consent is the preferred lawful
in being afforded the time to meaningfully react, basis in certain scenarios. In situations where
understand and consent to them. People are notice and consent has been deemed to be the
simply too busy to take the time to read every only existing acceptable standard, that constraint
consent notice on websites. And even if they did, can have limitations as described earlier.
Resultant mistrust
Today’s default state is not healthy. On the As for the law, it struggles to keep up. Heavily
one hand, people are sometimes accepting weighted in favour of principles that lack the
and often left feeling disempowered; on the nuance of specific scenarios, regulation’s
other hand, organizations struggle to access favourite tool is simply to ask: Can this
and process data that can meaningfully entity collect your data? And individuals say
improve lives, health and even the planet. “yes” without meaningfully understanding
the benefits as well as the costs, and so on
People mistrust even the most responsible and and so forth as they continue to “consent”
ethical companies because the system – the without always meaningfully consenting.
data ecosystem – is so confusing to navigate.
A new approach
What if there was a better way? What if you via a third-party data intermediary? Elements
could outsource the decision-making fatigue of such a sophisticated and nuanced data
to a trustworthy third party? What if you could ecosystem already exist but the appropriate
pre-consent to your preferences so that you policy frameworks are far from being in place to
did not need to continuously opt-in? What make such a scenario viable at a systemic level.
if technology allowed you to outsource your
decision-making even further – to a digitally In addition to asking this question, this
automated agent, potentially using artificial report also explores the secondary effects
intelligence (AI), which could actively make of such a scenario through the examination
those decisions for you? All such scenarios of relevant use cases and asks what
require the enlisting of an intermediary. actions public and private sector actors
can take when probing such issues for the
Is the world ready for such a radical and human- benefit of building a more robust, human-
centred approach to managing data relationships centric and sustainable data ecosystem.

Assumptions
For the purposes of this paper, several for example, if combined with other datasets.
assumptions are made. This includes business-to-consumer (B2C) and
business-to-business (B2B) relationships involving
The first assumption is that whatever the data someone’s personal data, but business-to-
sharing relationship, data rights holders will government (B2G) scenarios are also relevant.
inherently mistrust each other without appropriate If data intermediaries anonymize personal data
safeguards, positing that a data intermediary and/or handle non-personal data, it may be
can potentially become that missing safeguard, recommended that they should have a process in
depending on the data-sharing scenario and the place to test the robustness of their anonymization
characteristics of that intermediary. The assumption methodology. Nevertheless, given the difficulty
in all cases is that data rights holders have an of disassociating personal data from data sets
interest in their data rights: for example, people that contain otherwise non-personal data, and
care about information about them and companies the higher regulatory bar placed on the handling
care about the value of proprietary information. of personal data, personal data will be used as a
proxy for all data.
Secondly, when exploring data intermediary
possibilities, the relationships may be binary And finally, there is no silver bullet approach:
or multi-party in nature. An example of this policy responses are as nuanced as the scenarios
is where data collected about people in a they respond to. It is assumed that the findings
smart city environment can be used for the of this work as they pertain to personal data may
purposes of urban planning; while the people be adjusted as relevant to apply to the treatment
whose data was collected are themselves of different scenarios, including exclusively non-
rights holders, the sharing takes place several personal data-sharing scenarios, such as B2B
times throughout a data value chain.8 sharing of proprietary data generated from non-
personal data sources or unknown future use
Thirdly, it is worth nothing that data is contextual, cases. Indeed, it is intended that this paper be
which means that non-personal data may become made available to contribute to future work by
personal in nature depending on the context, others in this space.

1.2 Introducing data intermediaries
The possibilities of a mediated approach to (such as people or businesses), depending on the

data sharing by a third party are as limitless parties’ relationships, intentions and resources.
as the possibilities of data sharing itself. Data They do so by encapsulating, communicating and
intermediaries can empower people to control enacting the shared interests of the relevant parties
and even automate the flow of data about and safeguarding their interests. At their most basic
themselves, improve cross-border data flows, level they facilitate the exchange of information; at
and allow for the leveraging of personal data for their most sophisticated they can assume decision-
social impact, to name just a few use cases. making, including on behalf of people.
Data intermediaries can take many forms; but what By definition, it is assumed that data intermediaries
they share is a primary purpose of facilitating and are always third party in nature, as witnesses
managing data relations between data rights holders to the primary data sharing transaction.
How specific data rights holders

may benefit from data intermediaries
To facilitate trust between data rights holders, at the most basic level data intermediaries may
communicate shared incentives, establish reputation or receive third-party verification; and have
assurance structures in place to mitigate risk to both the intermediary and the rights holders.
In addition, they can take on different roles for different kinds of data rights holders.
BOX 1 The role of data intermediaries for different data rights holders
People & society that complies with a set of base standards, such as those as
A data intermediary can play a significant role in enabling people determined by a sector or industry: this is already the case in
to be more in control of their personal data, determining what relation to information security and the tracking of illegal activity
personal data is shared with which participants and for what online. A data intermediary can also help participants navigate
purposes. They can vet parties that would receive the data laws, regulations and other complex data privacy requirements,
to determine if they are “trusted” based on a set of externally thereby effectively outsourcing some of these services to the
published standards and criteria, thereby removing the obligation intermediary. It is for this reason that there has been a boom
from the individual and thus removing the deficiency of the notice in so-called “regtech” whereby third-party processes manage
and consent mechanism common in data protection regimes. A information compliance. Such third parties could be classified
data intermediary can leverage economies of scale to implement as private data intermediaries.
technologies to enable greater protection of personal data
through real-time anonymization, pseudonymization9 or other In a similar vein, scientific research institutions have been
privacy enhancing technologies and services. Conversely, the
proponents of data trust models for a number of years, given
data intermediary could also verify and confirm the identity of
that the data trust can act as a trustworthy conduit to manage
the individual, thereby providing additional guarantees that the
access to data that otherwise would be inaccessible for
information being shared belongs to the individual and has not
purposes other than research.10 This paper examines data trusts
been misappropriated or obtained by other means.
in more detail later.
Data intermediaries could also provide a variety of services, Government & public sector bodies
including that of matchmaker between supply and demand for Although there is growing momentum to enable greater sharing
data. They could engage in security, authentication and fraud
of public data by government bodies, this remains sporadic and,
prevention activities, such as performing verification services
where personal data is involved, complex and limited. Open
on the participants and the data being introduced based on a
data policies seek to streamline access to publicly held data but
range of parameters, from potential copyright infringement to
often fall short. The World Economic Forum’s recent work on
information security scanning of malicious code.
empowered data societies,11 sheds light on this topic through
Businesses & private sector organizations the example of improving access to publicly held data in the City
A data intermediary can act as a conduit to gain greater of Helsinki. One finding of that work is that citizen-held data can
access to permissioned personal data. It can also enable be a rich source of relevant information for government service
greater sharing of that data between private corporations provision and can enhance people’s lives by delivering value
and organizations. Private entities could benefit from the use for societies if conducted in a human-centric manner. A data
of a data intermediary as a method of third-party verification intermediary can help ensure trust in such a scenario.

Advanced competencies of data intermediaries
The above are just a few main examples of the – Leverage individuals’ personal data for social
usefulness of data intermediaries. Some of the impact, such as to contribute to academic or
more advanced competencies of data intermediaries scientific research.
may include:
– Providing added-value services to participating
– Storing individuals’ personal data within a members, such as data anonymization and/or
personal data space or a vault so that data aggregation, benchmarking services, security
processing can happen within that space and fraud prevention.
without the transmission of personal data to any
parties outside the space; rather the insights – Acting as a data aggregation and/or
from the data are transmitted in a manner similar pseudonymization and/or anonymization layer.
to federated data learning models. Echoes of
this idea appear in a proposal for Common – Acting as a proxy for consent to offer individual
European Data Spaces.12 control to the data subject.
– Advising individuals on uses of their data, If data intermediaries can add so much value, why
including tracking who is uses their data and are they not used more often? One possible answer
for what purpose. is the complexity of the data value chain within
which date intermediaries operate by definition and
– Strengthening individuals’ negotiation power the policy environment surrounding both it and the
when influencing the terms of the data use(s), data ecosystem as a whole.
negotiating a “fee” for the data exchange, or
solving disputes.

1.3 Exploring data value chains
The data ecosystem versus the data value chain
In describing the difference between the data infinite ways, the model also contains a feedback
ecosystem and a data value chain, the former loop. This feedback loop is something everyone
might be termed as all data, all transactions and is familiar with: it is the means by which functional
the global space within which data exists and is data sharing takes place and how technology
processed, whereas the latter is a value chain of knows what to serve back. It has implications
sorts. Data exists in the data ecosystem by default, for online advertising, profiling and, taken to the
but once data is collected and processed it enters a extreme, is key to dark patterns (which combine
data value chain and that value chain is as long and heretofore disparate data sets for purposes of
as infinite as the life of the data. manipulating the user in a non-transparent manner).
But importantly, without this feedback loop it would
Open Data Watch’s data value chain model below be impossible for people to interact with today’s
describes the four major stages of the life cycle of technologies in any meaningful fashion. In other
data: collection, publication, uptake and impact. In words, the feedback loop is a neutral feature of the
addition, as data is an infinite resource and (absent data value chain but may be open to manipulation.
external constraints) can be reused infinite times in Disposing of data closes the feedback loop.13
FIGURE 1 Open Data Watch’s Data Value Chain14
Identify Analyse Connect Use
Collect Release Incentivize Change
Process Disseminate Influence Reuse
Feedback
Production use – increasing value of data
Collection Publication Uptake Impact Feedback

Beyond notice & consent: How a data intermediary
alters the flow of data in a data value chain
Once automated Introducing a data intermediary into the data value digital identity interacted with relevant scenarios
decision-making chain can fundamentally alter the flow of data in those preferences and permissioning could be
the transaction by disrupting at least one point taken forward by a data intermediary to conduct
starts to occur, a
in the chain. brand new transactions. The value of this is that
type of synthetic
the person does not need to be asked more
data precedent Under the notice and consent model, a person
than once what their preferences are; but an
arises. This means consents to the collection and processing of their
obvious downside is that the use cases may
that a data-use data at the very beginning of the data value chain.
be very different from each other and consent
pattern emerges The data then flows through the data value chain,
is being inferred, which may reduce individual
guided by the permissions set before the data
that infers further agency and lead to unintended outcomes.
entered the chain.
use cases.
4. Automated decision-making by a digital agent:
A data intermediary could alter this process in
In this scenario a data intermediary digital agent
several fundamental ways. If the purpose of a data
takes on the role of decision-maker. Consent is
intermediary is to effectively accompany personal
automated as before but this time using AI the
data by adding a layer of permissioning onto the
data intermediary agent decides autonomously
accompanying metadata (or use metadata as a
what kind of data permissioning a person might
proxy), that permissioning effectively follows the
like. This opens the door to even more possible
data (technically it acts to determine the use of
uses of that data. This type of scenario disrupts
the data) throughout the entirety of the data value
the normal flow of data in the data value chain
chain and will trigger changes on a case-by-case
at all stages and again can carry both wonderful
basis depending on what the permissioning allows
opportunities and considerable risks. The key to
for. A similar model is in use in permissioned and
success here lies in the quality of the automated
permissionless blockchains.
decision-making and the underlying algorithm.
Below are some different variations of
5. Replenishing and automating across multiple
permissioning scenarios in the data value
data value chains: Once automated decision-
chain using data intermediaries:
making starts to occur, a type of synthetic data
1. Notice & consent: This is the default state precedent arises. This means that a pattern of
whereby people consent to the collection data use emerges that infers further use cases. If
and processing of personal data. There are this could be harnessed at a systemic level with
alternative lawful bases for data collection and appropriate policy safeguards, the data and its
processing but in all cases a pre-determination associated permissions could be recycled over
is made that the data can lawfully enter the and over and look slightly different every time
data value chain. but should reflect the preferences of the user.
The move is towards a fully automated system
2. Transferred permissioning: The data
of personal data collection and processing to
intermediary could take the data into a
overcome notice and consent limitations. This
brand-new data value chain by relying on the
is a scary and amazing space and arguably
permissions from previous unrelated incidents
not so different from a world absent of any
of data collection and processing by the same
data protection and privacy requirements: the
person. This alters the collection phase of the
difference here is that there is a system, ideally
data value chain (identify, collect, process) by
with backstops, designed in a human-centric
leapfrogging past specific notice and consent.
manner and therefore retains the preferences
3. Pre-permissioning using digital identity: of the user and exerts limits accordingly. In
This mimics transferred permissioning above, fact, there is no reason AI agents could not be
except now the power of digital identity is programmed to be conservative if that is what is
introduced. For example, if someone’s digital reflective of the user’s preferences. In addition,
identity stored their general preferences for data such a system would require clear rules to avoid a
collection and processing, then any time that conflict of interest on the part of the digital agent.
Important note on best practice
When it comes to personal data, most data not explicitly and meaningfully given, regardless
protection and privacy regimes do not currently of the jurisdiction. Notwithstanding that other
allow for many of the above scenarios. In most lawful grounds for the processing of personal data
jurisdictions that use the notice and consent model, already exist beyond notice and consent, this paper
consent needs to be specific and meaningful looks at what the appropriate data intermediary
in order for the data to be considered to have backstops would need to be in order to make the
been lawfully obtained. Best practice for now is above a reality. Inherent in this is the use of both
therefore to avoid inferring consent where it is public and private policy levers.

2 The opportunity:
Trustworthy
human-centric
data intermediaries
Some common features emerge that start
to build out conditions for the third-party
intermediary being independent, having a set of
duties in their performance, being a dedicated
asset and with clear rules of the game.

2.1 Data intermediary organizational models
For human-computer interaction, researchers have manner to a data steward and other related
developed a definition of online trust as an evolution fiduciaries. Much as a doctor is charged with
of its offline counterpart. In the real world, “trust is taking care of patient health or a lawyer with
the social capital that can create cooperation and legal affairs, the digital fiduciary is responsible
coordination.”15 In the cyberworld, trust becomes for assisting individual clients in managing their
“an attitude of confident expectation in an online digital selves. At a minimum, this means that
situation of risk that one’s vulnerabilities will not be a digital fiduciary upholds its duty of care by
exploited.”16 This is at the core of the confusion of doing no harm to its clients and upholds its
current human–technology interaction, where data duty of loyalty by not having any conflicts of
collection is so ubiquitous as to make people feel at interest. Under a more expansive definition,
risk of being vulnerable. To solve this, intermediary a digital fiduciary upholds its duty of care by
third parties can be helpful. protecting and enhancing the individual’s digital
experiences and upholds its duty of loyalty by
Much can be learned from data intermediary actively promoting the individual’s interest.20 The
models that are already in use in commercial digital fiduciary can be an individual or an entity,
and academic spheres today, whether they a private or public (governmental) body and, if
share personal data or not. The section below private, a for-profit or not-for-profit enterprise.
examines some of the most relevant and trusted
data intermediary models already in existence Fiduciary duties can be defined, implemented
at the B2B level. and enforced in a variety of ways, including
via: a new legal framework, existing contract
– Data stewards law, voluntary certification, or a professional
association with licensing and related assurance
Organizational leaders such as the chief data infrastructure (like for physicians or lawyers).
officer may hold a designated data steward role,
or teams may be empowered to ensure that – Data trust
data is leveraged in a responsible way. The data
steward’s role is to manage data rights and data A data trust is a repeatable framework of
reuse, identifying opportunities for productive agreements based on trust or contract law,
cross-sector collaboration and responding allowing data rights holders to delegate control
proactively to external requests for functional of their data to a trustee.
access to data, insights or expertise. Stewards
are active in both the public and private If the data trust employs trust law, the trustee is
sector, promoting trust within and outside their bound by fiduciary duties of loyalty and care to
organization on how data is being used. In act in the interest of the beneficiary. The trust
some cases, the data steward can be an entity pools individuals’ power and provides an agent
with duties to carry out the interests of a group to negotiate their interests, suited to managing
of data rights holders, a community,17 or the individuals’ asymmetric relationships with
entity holding the data. companies in a complex technical environment.
Upholding duties of loyalty requires the data
To establish and demonstrate their trust to be independent and may preclude the
trustworthiness, data stewards may take data trust from being a for-profit company.
on a professional role, including verifiable Although trust law does not exist in all countries,
ethics obligations or certification.18,19 Outside fiduciary duties are more common globally.21
organizations must always perceive the A data trust can be designed for different
data steward as trustworthy. In the case of levels of beneficiary participation, delegating
B2G data sharing, the data steward could various degrees of decision-making power to
The data steward even facilitate relationships between the the trustee.22 A data trust contract then is “a
can both lead private and public sector. Thus, the data contract among one or more controllers of data
responsible data steward can both lead responsible data (the ‘entrusters’) and a third party under which
management within their organization and the entrusters empower the third party (the
management within
increase the trustworthy perception of their ‘data trustee’) to make certain decisions about
their organization sector and facilitate new relationships. use or onward supply of data (the ‘entrusted
and increase data’) on their behalf, in the furtherance of
the trustworthy – Digital fiduciary stated purposes that may benefit the entrusters
perception of their or a wider group of stakeholders (such
sector and facilitate A digital fiduciary takes on the mantle of duties entrusters or stakeholders being referred to as
new relationships. of care and loyalty but in a somewhat different the ‘beneficiaries’).”23

– Data collaborative – Data commons
A data collaborative is a data sharing relationship A data commons is a network of relationships

that can take multiple forms, including public between data rights holders who have equal
interfaces, a trusted intermediary, data pooling, rights to a common, indivisible data resource.
research and analysis partnerships, prizes and The structure follows Elinor Ostrom’s eight
challenges, and intelligence generation. In a principles for governing commons,27 as follows:
relationship between organizations of different
sectors, the data collaborative allows for one or 1. Boundaries of users and resource are clear
more parties’ data, insights, models or expertise
to be shared.24 A data collaborative encourages 2. Congruence between benefits and costs
data sharing by enabling public interest use of
previously siloed data. While the sharing could be
multidirectional between multiple varying parties, 3. Users had procedures for making own rules
data collaboratives most often refer to private
sector entities sharing data with the public sector 4. Regular monitoring of users and
or with public interest groups. Incentives for resource conditions
corporations to share data include reciprocity
in data access, research insights, reputation,
5. Graduated sanctions
revenue through data collaborative agreements,
regulatory compliance or philanthropy and
corporate social responsibility (CSR), or 6. Conflict resolution mechanisms
environmental social and governance (ESG).
7. Minimal recognition of rights by government
– Data cooperative
8. Nested enterprises
A data cooperative is a network of agreements
between peers with mutual interests, allowing
data resources to be pooled.25 Members bring The data is an undivided resource and members
in data and are responsible for stewarding the have equal rights to the data; thus, the data
data. Data is brought and removed as members remains unchanged despite members joining
join and leave.26 and leaving.28

Public versus private models
Can a data Some common features emerge that start to build data architecture and data standards for which
intermediary be out conditions for the third-party intermediary all organizations would be required to comply.
truly independent, being independent, having a set of duties in This will require deep expertise in privacy, data
especially in their performance, being a dedicated asset and and technology, and therefore upskilling of the
relation to the with clear rules of the game. Considering the staff and/or hiring of a “data steward” with the
difference also in various duties of care from model required skillsets.
services it may
to model, does it make a difference whether the
offer and the
intermediary is public or private in nature? Can a However, whether a public body can be said
financial incentive data intermediary be truly independent, especially in to be “trusted” will be dependent on the role
to perform? relation to the services it may offer and the financial of government in any given country, its level
incentive to perform? The following section explores of control, access and use of surveillance
some further characteristic options, especially as laws and related technologies. Although a
they relate to human–technology interaction and the super-intermediary may enable vast sharing
collection and processing of personal data. of data between multiple participants,
enabling economies of scale and a consistent
– Public data intermediaries interoperable approach even across borders,
if there is no trust in the system, in the
A public body or government agency could government and its underlying intentions, there
take on the role of an intermediary, especially may not be active use, unless under the force of
as it relates to data coming from public bodies. law. This would then impact the veracity of data
Therefore, it can also act as an aggregator being shared and could in turn stifle innovation.
or gateway for such information. Such an
intermediary could play an even greater role – Private for-profit data intermediaries
in making the data more easily accessible,
identifiable, searchable and usable, including Whether and how a for-profit commercial
coordinating interoperable systems, especially entity can successfully serve its clientele under
across the public sector at least. Therefore, the voluntary fiduciary duties of care and loyalty
role of a public body is arguably greater if it is an remain open to debate among stakeholders.29
aggregator of multiple sources of public data. A key driver of the success of this model is how
Another role it could play is to act as a super- the intermediary derives economic value to be
intermediary, setting the national standard, able to perform and make this service available.

Without strict controls on the access, use and however, is an immense opportunity for the
transfer of the underlying data provided by most responsible organizations that could be
data ecosystem participants, this model could incentivized to create or pay a trusted third-party
incentivize the intermediary to examine ways intermediary to increase their independence and
to profit from the data itself, unless prohibited transparency with respect to their user base and
by law or contractual arrangements. Where a thus commercial appeal with respect to offering
participation fee may not generate sufficient services to their users.
profit, the provision of additional services
could satisfy the economic argument without – Non-profit data intermediaries
requiring any service that involves or enables
the intermediary to profit from the data itself, A non-profit data intermediary will need to
directly or indirectly. A hybrid of this approach be economically viable to exist and cover
and variation of cost models could bridge this ongoing costs. An independent non-
issue. Various models could also co-exist, with profit intermediary may be preferable as
a certification or trust mark for those that abide a third-party neutral body, with the usual
by certain agreed standards. On the other hand, caveats of a successful non-profit.
2.2 The policy environment

Governments are starting to pay attention to the – Human rights law – Data intermediaries in
idea of trusted intermediary bodies to support data Europe must comply with human rights law
sharing. The new European Union Data Governance (e.g. European Union Charter of Fundamental
Act “aims to foster the availability of data for Rights), for example by ensuring data
use by increasing trust in data intermediaries intermediary services do not result in unfair
and by strengthening data-sharing mechanisms bias and discrimination
across the EU.”30 The Government of the United
Kingdom also recently commissioned a report31 – Antitrust and competition law – The data
on data intermediaries that has determined they intermediary could not be used as a vehicle to
can empower both people and businesses in data share or disclose materially sensitive information
sharing activity. As governments seek to regulate between competitors. On the other hand, data
data sharing, agile, innovative and positive solutions intermediaries could serve as effective antitrust
will be needed. remedies to address market failures and
incumbent platform companies.
Governments A key question in more broadly actualizing data
are starting to pay intermediaries that can eventually act as digital – Intellectual property law – The data
attention to the agents for people will be the role of assurance intermediary could protect the trade
idea of trusted structures in facilitating trustworthiness. Legal secrets and intellectual property rights
intermediary frameworks, whether statutory or contractual, of data sharing participants
can act as assurances to limit harm to data rights
bodies to support
holders and provide a safer ecosystem for building – Data localization requirements – The data
data sharing.
trust but are insufficient on their own. Thus, other intermediary may need to process/store certain
forms of assurance, such as professional codes of types of data “on soil”, meaning within a
conduct, licensing and adherence to social norms, country/region (e.g. Russia, China)
may be necessary to establish trustworthiness
among intermediaries. Driven by the recognition of the importance of the
data economy, it is clear that many governments
In the area of human–technology interaction, a understand the significance of making data available
majority of governments worldwide have already for innovation; at the same time, policy ambitions to
established baseline data protection and privacy promote data sharing are coming to light. However,
requirements, even if there are differences between because that often involves the sharing of personal
jurisdictions. Some governments are now also data, data protection and privacy issues continue to
regulating automated decision-making via AI be important. But data protection and privacy are
legislation. There is also much to be learned from highly evolved areas of policy-making, so it will be
parallel policy areas beyond data protection interesting to see how policy in the area of trusted data
and privacy: intermediaries evolves to take account of this tension.

2.3 Human-centricity and fiduciary duty
What might creating safeguards for data intermediaries

look like in reality? Two complementary concepts come
to the fore: human-centricity and fiduciary duty.
Human-centricity
“Human-centricity means focussing on Autonomy and agency are core tenets of human-
something variously called (self-)sovereignty, self- centricity and fit in with the aims of restoring
determination, self-governance, autonomy, agency trust to human–technology interaction. Human-
or the like, in terms of the people involved with the centric design is a well-researched and used
generation of data. These concepts derive from space but human-centricity has typically taken
the internationally-recognized concepts of human a backseat to a rights-based approach when it
rights. A human-centric approach is one that comes to data protection and privacy norms,
makes central the following: that people have the especially when it comes to regulation.
right to determine, without any kind of coercion or
compulsion, what happens to them.”32
Fiduciary duty
A more highly developed area of consideration – The fiduciary duty of care = act prudently
is fiduciary duty. A fiduciary typically abides by towards the entrustor
two basic types of duties: care and loyalty.
In turn, these can be further subdivided into four – The “thin” fiduciary duty of loyalty = have no
specific duties: conflicts of interest between duties and clients
– The general tort-like duty of care = do no harm – The “thick” fiduciary duty of loyalty = promote
to others the entrustor’s best interests.

Importantly, because fiduciary duties are The law of fiduciaries does not exhaust the
considered relational, they run not with property common law as a rich source of rights and
but with the person and their entrusted confidence. responsibilities. Other potential common law-
based sources of intermediary duties/rights
While those are primary duties, others also have include torts, bailment and misappropriation.
been recognized.33 These include confidentiality Indeed, a policy framework that matches
(keeping confidences shared during the course the duties to the specific digital concern
of the fiduciary relationship) and good faith (a being addressed can be envisioned.
catch-all for having the right intentions).34 Unlike
a contract, a fiduciary duty could foreseeably be One approach is to conceive of the responsible
perpetual in nature, as in the case of lawyers and and trustworthy data intermediaries desired in the
doctors whose fiduciary duty continues even after data ecosystem – or at least the person at the
the contract ends. data intermediary responsible for trustworthy data
processing – as having the role of “data stewards”.
BOX 2 Liability: A tricky question
By managing collectively massive amounts of be done by creating dedicated global alternative

data originating from many data sources, data dispute resolution mechanisms (including arbitral
trusts are not in a position to assess the legality tribunals) that would be better equipped –
of all the uses of the data that are made. They are compared to national courts or national regulatory
consequently exposed to liability risks in a way bodies35 – to solve “data disputes” (i.e., disputes
that can be compared to the liability of other online about the use of data).36 Multi-territorial alternative
platforms for the illegal content that they contribute dispute resolution systems would make it possible
to sharing. to avoid the geographic fragmentation that would
result from (parallel) national court litigation/
The risk of liability of data trusts could further national regulatory proceedings. Alternative
be managed by designing appropriate dispute dispute resolution mechanisms consequently offer
resolution mechanisms that shall apply in case of a most convenient and attractive tool to address
legal disputes affecting data trusts. It is essential to the challenges of what has been called “massive
ensure that the complex disputes that may arise in online micro-justice”37 (i.e. the challenges resulting
connection with the use of data in the context of from the need to manage a multitude of small
data trusts (e.g. misappropriation of data, loss of (micro) disputes, as is done in the digital online
data, access to data vs protection of confidentiality) environment with respect to content moderation
and that may involve multiple parties (data holders, on digital platforms).38 Proposals have been made
data trusts and data users) shall be solved in a to set up specific dispute settlement mechanisms,
cost-efficient and coordinated manner. This could including dispute review boards.39

3 Moving towards
trusted digital agency
Digital agents may negotiate access to
data above and beyond a simple binary
gated function.

3.1 The role of digital identity
in supporting human agency
Can the use of data intermediaries establish a expectations? Our digital identities
notion of sort of “digital self-determination40” by may hold the key to allowing us to
helping people navigate technologies and data determine how we can start to navigate
ecosystem models without losing sight of what the data ecosystem around us in a more
it means to be human, in terms of agency and sophisticated manner.
Digital identity
A digital ID is the electronic equivalent of an specific purpose. Some of the biometric based
individual’s identity card. It is a way to provide digital ID systems have already been adopted in
verified personally identifying information of an financial transactions and for a cash-free shopping
individual for a software to read and process. Both experience. Such authentication and authorization
online and offline environments can adopt digital processes can be completed in real time and free
identity. And it can also act as a key by storing and of hassle.
deploying permission.
Good digital identity has five key components as
Carefully designed and properly managed, digital ID defined by a multistakeholder group curated by the
can also enhance privacy protection and reduce the World Economic Forum: useful, inclusive, secure,
rise of identity fraud since each time only minimum offers choice, fit for purpose.41 Figure 2 shows the
information is needed for authentication for the importance of Identity in everyday lives.

FIGURE 2 Identity in everyday lives
Healthcare
For users to access insurance, treatment; to
monitor health devices, wearables; for care
providers to demonstrate their qualifications
Telecommunications
To monitor devices and Financial services
sensors transmitting data such To open bank accounts, carry
as energy usage, air quality, out online financial transactions
traffic congestion
Telecommunications Food and sustainability

For users to own and use For farmers and consumers
devices; for service providers to verify provenance of
to monitor devices and data on produce, to enhance value and
the network traceability in supply chains
Digital
identity
Entities People
Devices Things
E-government Travel and mobility

For citizens to access and use To book trips, to go through
services – file taxes, vote, border control between
collect benefits countries or regions
Social platforms Humanitarian response

For social interactions; to To access services, to
access third-party services that demonstrate qualifications
rely on social media logins to work in a foreign country
E-commerce
To shop; to conduct business
transactions and secure payments
Source: World Economic Forum, 2018, Identity in a Digital World A new chapter in the social contract.
BOX 3 Digital identity has an evolving scope42
Authentication: Processes that determine if Profile: May include inherent data attributes (such
authenticators used (e.g. fingerprints, passwords) as biometrics) or assigned attributes (such as
to claim an identity are valid. Sometimes names or national identifier numbers).
digital identity goes beyond authentication.
History: Credit or medical histories, online
Authentication is a security process that
purchasing behaviours.
compares attributes to confirm a claim. In
principle, there is no need to know who the Inferences: Judgements or decisions made based
person is. In digital identity, there may be a on authentication processes, profiles and histories
need to link the person to their identity and that (e.g. a bank decides the attractiveness of an
may require identity verification technologies. individual for a loan).

Individuals can already use decentralized and use them directly for identity authentication
identity solutions, for example, personal data and data access authorization with apps and
servers to import their personal data and websites.43 This technology can empower
on-device data storage, from banking and users to take control of their personal
healthcare information to social media data, information, increasing data portability.
TA B L E 1 Evolutions in digital identity solutions and how they can help
Now Evolution Future
Digital ID Consent Shift control to user Agency
Traditional intermediaries Personal data stores, on- Next level of data intermediaries
and user consent (e.g. web device data storage and more (embedded in body, devices,
browsers, apps, mobile devices) advanced data intermediaries homes, cities, etc.)
(e.g. smart devices, agents)
Characteristics – Focus on Verified Attributes – More collaborative digital – A fundamental level of

(address, age, health status) ID approaches (within ID proofing and verified
sectors, e.g. health, attributes remains (I am
– Governance: centralized, banking; at national levels, really who I say I am)
distributed, federated e.g. across borders; or
at regional levels, e.g. – Focus shifts from only
– Looser data stores (e.g. verified attributes and
travel corridors, trust):
profile built by larger tech credentials to profiles and
companies, by browsers) – Personal data stores inferences about a person
(e.g. Digi.Me) focusing on
– Self-declared attributes (e.g. – Fluid boundaries between
consumer to business (C2B)
social media login) data stores, agents
and user control, reducing
need for business-to- and data managed on
business (B2B) interactions individual’s behalf
– User-driven web (e.g. Solid – Evolving definition

project) and embedding of control/agency
digital ID into the web
– Needs scalable user
experience
agency concepts
– Query-based ID (e.g.
Demos UK), avoiding data
exchange, just answer
queries “are you over 18?”,
“are you vaccinated”, etc.?
Policy – Data protection and privacy – Credential interoperability Create definitions and
considerations (technical, legal levels) thresholds of ownership,
– Security requirements delegation, liability
– Legal acceptance
– Data minimization of digital ID Prescribe transparency,
auditability, predictability
– Certification of – Trust frameworks linked
issuers, verifiers to attributes, exchange Allow for scalable (rule-
of credentials based vs granular per
data items) approaches to
– Recourse and liability scope of data agency
Create sandboxes
for experimentation

How digital identity helps solve decision fatigue and improve
data sharing potential in human–technology interaction
Digital identity can allow for the selection of Digital identity then can be the key to unlocking
preferences and the making of certain choices in a less ethically concerning but arguably equally
advance, such as “pre-consent”, avoiding doubling impactful scenario as an AI-enabled digital agent.
of efforts. This already happens in device usage: Digital identity allows the digital agent to recognize
when setting up a new phone, for example, users that the data belongs to a specific user and consult
can predetermine privacy settings before using any the permissions that that user has authorized
app. Their identity is usually inherently connected to (effectively data processing scenarios that the user
their devices. Similarly, through the use of cookies, has pre-consented to) and act accordingly in line
browsers can remember which user is which with the user’s wishes. Crucially, consent can be
through a set of identifiers. given in advance for a myriad of use cases and that
consent can be attached to the user’s digital ID.
BOX 4 Vaccine passports
The COVID 19 pandemic has led to a heightened health data with the establishment per se, in a
focus on the power of medical data, specifically sort of zero-knowledge proof scenario whereby
so-called vaccine passports. These passports the trusted data intermediary verifies that the
by nature serve as a form of digital identity. data subject is vaccinated but does not share
Commercial entities serve as a type of centralized any other information. This avoids unwanted
data intermediary in several jurisdictions. Given secondary effects of the establishment sharing
the sensitivity of this type of health data, in many the data any further.
cases governments have procured third-party
contractors to administer and manage such However, at a collective level, vaccine data is an
systems. Unsurprisingly, strict security and privacy incredible public health asset. The United Kingdom
criteria are central to such systems in most cases, Government in particular has acknowledged
not least because a public policy health concern this44 and has suggested that anonymization,
relies on increasing trust in the system. pseudonymization and data shielding techniques
could be harnessed in a controlled environment to
Such vaccine passports are used when travelling allow for the reuse of that highly sensitive data. In
between jurisdictions and at a local level, such such cases, notice and consent is not required per
as when entering dining establishments or se for the reuse of the data but the intermediary
other places where proof of vaccination status processes the data undergoes must be done in a
is necessary. Importantly, these intermediaries controlled environment so that the findings of the
provide a means of verifying status without sharing data set are made available rather than the data itself.

3.2 Automated decision-making
Machine decisions vs human decisions
To automate the data intermediary process there money and the data that represents the value of
are some additional concerns about machine that money. Nowhere is this truer than in blockchain
decision-making that people may inherently distrust technology and cryptocurrency, where the value of
due to the machine’s lack of empathy.45 In addition, assets is intangible and inherently and inextricably
as well as perceived harm, as the Future of Privacy fully dependent on trusted data.
Forum points out, harms associated with automatic
algorithmic decision-making can vary.46 Many different technologies could potentially serve
a role as an intermediary; but some of the most
So how to instil trust? It comes down to backstops interesting and relevant are those acting as software
of governance including provisions for recourse and agents. A software agent is defined by four key
mechanisms for redress. The rules of a banking hallmarks: autonomy, social ability, responsiveness
transaction – the execution of standardized and and proactiveness.47
consistent behaviour throughout the transaction –
acts as a de facto data intermediary because Excitingly, digital agents may negotiate access
the data is handled through a specific process to data above and beyond a simple binary gated
with rigorous backstops. This example plays out function. Using sophisticated algorithms may allow for
especially in the payments industry, where people decisions that emulate agency and autonomy in as
rely on trusted third-party technology to handle close a way to human decision-making as possible.
BOX 5 The four key hallmarks of a software agent48
Autonomy: Agents should be able to perform the Responsiveness: Agents should perceive their
majority of their problem-solving tasks without environment (which may be the physical world,
the direct intervention of humans or other agents; a user, a collection of agents, the internet, etc.)
and they should have a degree of control over and respond in a timely fashion to changes that
their own actions and their own internal state. occur in it.
Social ability: Agents should be able to interact,
when they deem appropriate, with other software Proactiveness: Agents should not simply act
agents and humans in order to complete their in response to their environment; they should
own problem solving and to help others with their be able to exhibit opportunistic, goal-directed
activities where appropriate. behaviour and take the initiative where appropriate.

3.3 A potential trusted digital agency model
In order to be truly at the service of the individual, their data across different services needs to respect
a trusted digital agent (TDA) that automates a certain number of rules. Below is an outline of a
permissions for people and effectively manages prototype concept of how such a TDA might work.
CASE STUDY Meet Valexander, a TDA
Rules of the game for Valexander, a friendly, – The TDA should therefore be able to
trustworthy TDA perform a basic check that compliance
exists before any data sharing occurs, with
The TDA will base its decisions mostly upon: the caveat that a verifiable third party likely
conducted the compliance itself.
– Previous consents and preferences of the
person, as well as the full context of such – Such checks could be traced using smart
consents (who, what, when, why, etc.). contracts on the chain, for instance.
– Previous consents and preferences of the large – TDAs should have contracts with people
amount of people that agent serves. guaranteeing it serves their best interests.
– Information about the person (age, gender, – Auditability, explainability of its processes
objectives, etc.).
– The TDA needs to be able to explain why
– Information about the services it exchanges it shared data with one service and not
data to and from: with another.
– Nature of the service – It needs to be able to list the criteria it

based its decisions on.
– Type of organization
– While this is not always entirely possible
– Business model with machine learning/deep learning (ML/
DL) technologies, inputs need to be clear
– What data is needed by the service when and explainable and there needs to be
and why. accountability of the TDA.
Such a TDA needs to guarantee: – Human interaction for some data sharing
– Neutrality on the services it recommends – On some sensitive or crucial data sharing

(regarding the type of data or type of
– The business model of the TDA should not processing that will occur), the person
depend on the services it shares data to needs to validate the data sharing.
and from in order to guarantee its neutrality.
– Accuracy of the data shared
– Compliance for data sharing
– Since, for instance, the TDA will allow
– Data sharing needs to be compliant with people to easily keep their profiles up to
regulation, sectoral rules, contracts and date, it needs to make sure data shared is
governance frameworks. always accurate and up to date or provide
some grade on the accuracy of the data.
– While the TDA may perform basic
compliance checks, it is unlikely to be able – This will be possible when the data provider
to conduct full-fledged compliance reviews. is the data holder/subject but less so when
For instance, for personal data to be shared the data provider is an organization.
lawfully under the General Data Protection
Regulation (GDPR), the data must have – Interoperability with other TDAs
been collected lawfully in the first place (by
the data provider) and the data may not – People need to be able to easily change
be used for incompatible purposes (by the TDAs without losing their preferences,
data user). This is a complex area and must just as it is possible to change telecom
be nuanced, so the TDA is best seen as providers without losing the number.
supplementary to compliance itself.

To enable this, governance is needed. This – Governance rules, standard contracts and
governance is larger than the TDA or the agreements for TDAs
organization that develops it. It includes the person
and the public and private organizations that form – How consents and preferences are stored
a legitimate and representative alliance to make
such decisions (public-private-people partnership). – Interoperability standards of the TDAs
Possible suggestions to ensure good governance – Certifications for TDAs

of TDAs:
– Business models of TDAs guaranteeing
– TDAs could be registered at the appropriate
neutrality of TDAs for the digital services
authority and precise requirements
should be installed, as well as audits
– The public information about the digital
and certifications.
services the TDA will share data to and from:
– TDAs could be interoperable and rely on
open standards. Non-compliance should be – What data is needed, when it is needed,
fined and prosecuted. Liabilities should be why does each service need it and what is
clear for the organization developing the TDA. the business model?
– TDAs should be neutral and independent – How is that information described and
in regard to the digital services that will use provided? For instance, for the health
the person’s data, in order to prevent any sector there should be a registry so that
conflict of interest and ensure the TDAs only health services (public and private) register
serve the interests of the person. that information.
– The person can manage and decide its – This will guarantee fair access to data about
preferences on the data, reset any profile the services needed by TDAs, explainability
the TDA is supposed to use, and needs to of the TDA’s decision and foster competition
be able to reverse an automatic decision
among TDAs.
made by the TDA or made in consequence
of the TDA’s decision.
– It is essential to ensure a person can change their
TDA and that there is competition among TDAs:
– Governance structures (public-private-
people partnerships) need to be mandated
or created to decide and standardize: – People can easily switch from one TDA
to another without losing their preferences
– When human interaction is necessary or profile. TDAs can differentiate on the
quality of their AI but not on the data
– The automatic decisions that can be they access about the person or about
reversed and how the services.
In the case of a sophisticated approach like the one the opportunities and risks of TDAs as the world
above, TDA interoperability must be mandatory in moves towards trusted digital agency that is not just
order for this system to function. But Valexander interesting from a technical and policy perspective
is just one example: this paper’s role is to unearth but may become essential in one form or another.

4 Reshaping human-
technology interaction
The use of a data intermediary to
overcome the limitations of notice and
consent does not do away with the core
components of notice and consent but
merely displaces them.

4.1 How the use of data intermediaries
shapes human–technology interaction
The system Designing for online interfaces and interactions intended to reduce the overarching issues into
should be relies upon existing heuristics. Such heuristics three principles: agency, legibility and negotiability.51
accessible, have remained largely unchallenged despite HDI pushes individuals beyond user awareness
interrogable, developments in both the underpinning business and control, extending this to include questions
intelligible and models of online platforms and data protection over how a user might interrogate the system in
law. Even when designing to support user consent, order to support their understanding and then how
controllable.
the rule of minimal distraction (that a designer the user might allow the system to exert control
should seek to ensure the user is not distracted or over how their data is used. Arguably, even if a
noticeably redirected from their principal activity/ data intermediary distributes consent, the user
goal) remains a tenet.49 However, when the locus should still be unsurprised by what happens, be
of consent is distributed or redirected, as in the able to interrogate the model, and have the tools
case of data intermediaries, this then requires available that allow them to act, if they so choose.
substantial rethinking of how to approach the So, the system should be accessible, interrogable,
design of such interactions. At its most basic, a intelligible and controllable.
priori consent requires that the user be cognizant
of the transaction, informed of its implications, Finally, the use of a data intermediary, to overcome
and capable of agreeing to the terms. the limitations of notice and consent, does not
do away with the core components of notice and
One might assume that if a data intermediary consent but merely displaces them. Informing,
is sought, then this is a voluntary choice (and agency and revocation (awareness and control)
ultimately revocable); therefore, the moral role of are still central to the functioning of an effective
interaction designers is not to replicate consent intermediary. Equally, agreeing to trust such a
but simply to scaffold understanding and promote system with data requires a priori assent but with
agency,50 so as to ensure that any signal of assent the additional burden of informational sufficiency,
is sufficiently supported. This notion of informational as with any software product. However, given
sufficiency is highly contextual but broadly includes: the normative nature of such a system, it is
(a) how much a user should understand and the also necessary to consider how to design the
presentation of this information; (b) what aspects onboarding/assent process to be one more akin to
of the system or the data transfers should be an engagement with any offline intermediary. While
highlighted/brought to the surface and how/when such relationships are notoriously difficult to model
this might occur; and (c) when and how to alert through systems design, one interesting concept
users to changes in system state. Another way to is that of building in latency, or the affordance of
consider this is to first ask: “How much do I need delay, in the law and the design of computational
to know to ensure I am neither surprised nor upset systems.52And the “ongoing pursuit of seamless
by the use of my data?” The second question to user experiences forecloses opportunities for
ask is: “How soon, and in what way, would I wish to engagement with the text, meaningful reflection,
know this?” suspicion and interrogation, thereby limiting
agency and autonomy,”53 raising the importance
Another way to look at this issue is through human of building moments of latency into interaction
data interaction (HDI), a normative framework design, particularly in the build-up to assent.

4.2 User experience design consequences
of using a third-party digital agent
The design for which a digital agent framework Inclusive: A universal, non-discriminatory and
becomes universally accessible and desirable accessible tool that allows ease of use and inhibits
must follow a traditional approach to achieving exclusion, and whose design prevents surveillance.
ease of use. To a greater degree when dealing
with digital identity and personal data, there exists Secure: A trusted and open framework that is
a challenge of trust and participation, which auditable and designed with a dashboard that
makes it vital to achieve a low rate of attrition. provides notifications of all data access points.
Beginning with the user, there must be a high Choice: A user-centric and user-
degree of individual control and open knowledge managed design where alternatives are
developed into the framework to ease concerns of provided through informed consent.
surveillance, misuse and security vulnerabilities.
Purpose: The accuracy and sustainability of design
To the first point of surveillance, a data intermediary that encourage use across services over time, with
could be designed as a pass-through mechanism predictable outcomes.
without knowledge of the data exchanged, where
no access to the data is required for the service. The EU’s Data Governance Act proposes
Producers of data will be sceptical of each point of a framework for the governance of data
interaction between producer and consumer, thus intermediaries, including the obligation to have
creating a need for open design. neutral and independent data intermediaries,
interoperability of data intermediaries, registration
With a blurred reality of liability and consequences for and specific governance organizations.
data misuse, a decentralized exchange system such
as blockchain must be incorporated to enhance Initiatives are emerging to unite data intermediaries
security and limit siloed control. The responsibility of and public and private service providers to
intermediaries to act on behalf of both parties creates form such governance organizations and start
a need to establish well-checked decentralized building those rules for automatic human-centric
transaction and decision-making processes data sharing. For example, in the European
throughout the entire exchange. Whether government, Union, aNewGovernance unites leaders of such
enterprise, private company or individual, trust must TDAs and organizations in the skills (education,
be earned and security proven through the design of a employment, etc.) and mobility sectors. In India,
framework that includes the following attributes: Sahamati does the same for the banking and the
healthcare sector. Both are producing governance
Useful: A portable and responsive design that rules and are working on concrete use cases to
functions across platforms and is acceptable to less help build such human-centric data networks.
tech-savvy users.

5 Levers of action
Having a clear regulatory environment
will serve the users of data intermediary
services, as they are safeguarded from
risks associated with them.

5.1 For governments: Future-proof regulatory support
For entities to use and invest in data intermediaries, sharing, although as mentioned earlier, this is
legal certainty is key. But this area is complex. shifting quickly.
Having a clear regulatory environment will serve
the users of data intermediary services, as they In contrast, however, there usually is immense
are safeguarded from risks associated with them, pressure on legislators to act in areas where existing
and the flourishing of the market as a whole, data protection and privacy policy fails as a system,
as liability risks will be easier to navigate and as in the case of high-profile data breaches. An
competition will be rooted in a level playing field. example of this is AdTech and the constant opting
in and out via cookie banners, where the European
The demand is there: irrespective of regulatory Parliament now calls for a complete ban of targeted
gaps, more and more data trust initiatives are advertisement in the European Union Digital
emerging because of their usefulness.54 Services Act.55
The consensual sharing of data rests on the Effective trustworthy data intermediaries, which
balance of incentives (such as for innovation, opt in or out on behalf of people, might ease the
profit or philanthropy) and disincentives (such subjective need for strict legislation in specific
as privacy concerns and proprietary interests or industries and for specific use cases and instead
other disincentives such as external regulatory allow for a more harmonized and holistic approach
intervention). In many cases, regulation intervenes with multiple applications. The appeal of TDAs
to bridge this trust gap by demanding a level of is that they are similarly simplistic and complex:
data protection and privacy be adhered to. While when a TDA can navigate any data sharing
that may tackle disincentives, in most markets scenario, the sky is the limit for the opportunity –
there remains a lack of regulatory support for data and the risk.
BOX 6 Relevant existing and upcoming legislation
Prominent examples of existing or upcoming to the custodian’s clients. Importantly, the

legislation concerning data intermediaries: proposal also requires that large platform
companies provide these custodians with
– European Union GDPR interconnection and data portability via
transparent and accessible interfaces.58
The European Union General Data Such interoperability provisions will be key if
Protection Regulation (GDPR)56 lays down trustworthy data intermediaries are to have
horizontally applicable rules on the handling a reasonable opportunity to fully represent
of personal data in the European Union. It the delegated interests of their clients and
does not have explicit provisions on data thereby compete successfully with large
intermediaries and could be amended platform companies.
to implement a clear and legally secure
framework for them. – European Union Data Governance Act
– US ACCESS Act Chapters 3 and 4 of the European Union

Data Governance Act59 discuss for-profit
In the United States, the ACCESS Act and not-for-profit data intermediaries at
of 2019 is the first proposed federal length. They comprise obligations such
legislation expressly allowing for end-users as that of neutrality of intermediaries and
to delegate their data rights to trusted registration schemes, and establish the
“third party custodians”.57 The proposed bill concept of data altruism and standardized
incorporates a general “duty of care” owed consent forms.
Due to the risks that data intermediaries can pose by guaranteeing that the monetization of the
to fundamental rights – next to their benefits if service mainly derives from the management
implemented correctly – it seems consequent of the data and possibly the provision of
to explore having certain provisions for data added value services and not from using the
intermediaries enshrined in law. data itself. The EU’s Data Governance Act
contains provisions of this nature and echoes
– Transparency and neutrality the ePrivacy Directive60 where providers of
electronic communications services may
Transparent data trusts may be more neutral transport data but may not harness it for their
than others. One way this can be achieved is own purposes, including commercial use.

– Data portability Human-centricity is a more nuanced concept
based on taking into account the interests of
Already provided for under data protection and the person, their autonomy and their agency.
privacy legislation, data portability is seldom Human-centric policies will help develop a
supported in reality. To move to a world of trusted human-centric data ecosystem within which
digital agency, data portability must be explicitly human-centric data intermediaries can survive.
supported in operational terms. One way to
manage data portability is via a data intermediary. – Insolvency
– Fiduciary duty vs human-centricity In instances where data is held directly

by the data trust – and not decentralized
While imperfect, the fiduciary duties that are and only managed centrally – provisions
owed to the data subject could be defined in cases of the entity’s insolvency or
in legislation, in particular in markets with no liquidation seem advisable.62 This echoes
privacy and data protection law. An example well-understood security protocols and
of such a definition can again be found in the the decentralization of servers, as well
European Union Data Governance Act, which as being the premise of decentralized
states that “the provider offering services to autonomous organizations (DAOs).
data subjects shall act in the data subjects’ best
interest when facilitating the exercise of their – Access rights of public authorities
rights, in particular by advising data subjects
on potential data uses and standard terms Which and to what extent public authorities
and conditions attached to such uses”.61 More such as law enforcement and intelligence
To move to a
generally, most privacy and data protection services shall have access to data managed
world of trusted laws, such as the European Union GDPR, by data intermediaries is naturally an area of
digital agency, impose strict obligations on entities handling conflict. This holds particularly true in cross-
data portability personal data, whether they act as a data border cases, as can currently be observed
must be explicitly controller or data processor. However, this may in the ongoing US-European Union conflict
supported in not be appropriate in all cases, especially where over the Privacy Shield, which was recently
operational terms. rights and interests collide or are unknown. struck down by the European Court of

It may be Justice because it deemed personal data protection regulator, for example, to deal
preferable not well enough protected from access with data protection issues in relation to
to promote from US intelligence.63 Data retention and intermediaries, which increases the rights
decentralized surveillance are usually matters of national of the individual. But the business outcome
security and defence; nevertheless, increased argument to do this is more persuasive, as a
models (such as
transparency increases trustworthiness in stronger regulator, more trust in more sharing
those in Web 3.0) the data ecosystem.64 For this reason it may of data, and individual rights also increase. In
that do not rely be suggested that the intermediary enjoy addition, close collaboration among regulators
on a centralized a carve out requiring a warrant, much like – across countries and across sectors – would
database, or data telephone data in many jurisdictions. contribute to more effective enforcement and
sharing enabled by therefore further enhance trust in data sharing.
secure application – Oversight
programming Recommendations for the development of
interfaces that As the inevitable counterpart of every legislative standardized policies for data intermediaries:
rely on strong obligation, appropriate opportunities for
authentication oversight need to be guaranteed. This seems – Sandboxes – It may be worth exploring
particularly reasonable in relation to data trusts, how regulatory sandboxes can
methodologies.
where certain risks such as unintended biases contribute to building trust in the data
or discrimination would be hard to catch from sharing economy. These sandboxes
the outside. Under current circumstances, would enable data intermediaries and
that is likely to be a national regulator or data other participants to test new data
protection authority; but a new model could sharing projects and technologies in
emerge, especially if fiduciary duty is required. a safe and controlled environment,
while receiving privacy guidance.
Any regulatory framework with a weak regulator
will not incentivize compliance, regardless – Security – Where data intermediaries
of the intensity of the regulation. In addition, get access to credentials (e.g. username
where a regulator also plays a more proactive and password) or amass vast amounts of
role in publishing guidelines, best practice and personal data or confidential information,
standard templates, this will create additional this raises potential security concerns.
trust in the knowledge that participants have It may be preferable to promote
a verified benchmarked to judge compliance. decentralized models (such as those in
There is a balancing act to be struck and it Web 3.0) that do not rely on a centralized
could be that in those jurisdictions that have database, or data sharing enabled
a weak regulator, the intermediary model will by secure application programming
follow that same approach. The argument interfaces (APIs) that rely on strong
against this would be strengthening a data authentication methodologies.

– Liability: Under certain limited – Delegation: Policy-makers may wish to
circumstances it may be appropriate to consider developing a “right to delegate”
establish a special regime for reduced provision in future data protection and
liability for those entities that voluntarily privacy legislation. Such a provision is
accept the fiduciary duties of care, loyalty contained in the ACCESS Act legislation
and confidentiality vis-à-vis their customers currently pending in the US Congress.
or patrons, and adhere to strict human- To the extent that individuals are granted
centric criteria. These entities would certain rights, such as data portability and
by design be required to go above and interoperability, they also may also be
beyond current legal data protection and granted express permission to delegate
privacy requirements. Recognition of those rights to a trusted third party – a
such a status could be geared to sector data intermediary. This mechanism
co- or self-regulatory measures, such as would, among other things, prevent
professional codes of conduct or best delay or interference with the ability of
practices, which include robust enforcement individual data subjects to exercise their
measures to ensure compliance with the rights with the assistance of trustworthy
specified fiduciary duties. Such a regime third parties. Such a provision could be
would need to be tightly controlled to avoid limited to those entities that can satisfy
the circumnavigation of the spirit of data specified pre-determined standards and
protection and privacy laws and avoid would also need to be carefully monitored
unintended consequences. to avoid unintended consequences.
BOX 7 Cross-border data flows and data transfers
As a consequence of the GDPR’s focus on the corporate structure, and independence. They will
protection of the European Union’s fundamental also need to consider the impacts of legislative
right to privacy, it contains a strict purpose movements to localize the residency of data
limitation for granting consent, which currently intermediaries and require representatives in-
hinders many use cases of data altruism. Another country, among other similar requirements, which
area with potential is that of cross-border data could prejudice those use cases, even when
transfers: With the right amendments to the law, ostensibly motivated to protect personal data.
could an adequacy decision (Art. 45 GDPR) be
issued in favour of a data trust? Finally, it is critical to emphasize the need to enable
and facilitate global data flows while maintaining high
Data intermediaries will need to consider where standards for privacy and security, as the free flow of
they are located, their place of legal establishment, data is the backbone of any data sharing economy.

5.2 For businesses: A policy leadership role
Meanwhile, as useful as regulation is, businesses requests for data presents a host of challenges
also have a role to play in developing responsible and implications, especially in light of three
data intermediaries. While some aspects of trends: (i) law enforcement and intelligence
how business will ultimately drive the design community responsibilities to safeguard
of digital agents have already been discussed, national interests against domestic and
responsible businesses may wish to explicitly transnational threats; (ii) increasing restrictions
consider the following: on cross-border data flows based in part on
concerns with those lawful access/surveillance
– Standards responsibilities and authorities; and (iii)
increasing desire to localize and tap into data
Widespread standards are a precondition for to develop revolutionary technologies like AI.
efficient and well-functioning data intermediary
systems. Standardized machine-readable In addition, the fact that daily lives are
formats and communication protocols increasingly lived online leads to requests
allow for the automation of the execution of between private parties to access data via
services offered by data intermediaries and mechanisms like a subpoena.
thus allow them to scale. The private sector
has a crucial role to play in the adoption of Businesses using data intermediaries will
standards: what industry as a whole uses therefore need to consider:
ultimately becomes endorsed at a systemic
level. A government, in turn, may endorse it – Whether to encrypt data in a way that only
later, either explicitly or implicitly; at the very the authorized recipients can access the
least standards are passively tolerated. data – such that not even the intermediary
itself can access the data in an intelligible
– Certification/licensing schemes fashion (which may, however, prevent
the data intermediary from offering some
Certification, or licensing schemes, such as services that require access to the data
certificates of conformity are a well-established in the clear);
co-regulatory measure and an acknowledged
option for the regulation of data intermediaries.65 – Whether to seek legislative relief from
A certification could work as follows: the and protection against lawful access
legislation would define a set of core criteria requests; or
that all certified intermediaries should meet
in order to demonstrate their neutrality; this – Whether to create policies and procedures
set of core criteria could be the absence of to handle such requests (which is a legal
conflict of interest, no competition with data obligation under GDPR and other privacy
users (e.g. no development of own data apps laws globally).
in competition with others, so as to avoid any
risks of self-preferencing) and the commitment – Collaboration
to not discriminate between companies that
would like to offer data services (openness Finally, businesses may wish to consider
obligation).66 Certification under these criteria learning from non-traditional allies, such as
could then either be voluntary or compulsory. peers with different business models but who
could benefit from the use of TDAs. Peer-to-
– Law enforcement and access requests peer learning can provide opportunities for
the application of TDAs. Those applications
This inevitable pressure to either resist or in turn inform the broader policy and
comply with lawful access or intelligence governance debate.

Conclusion
Opportunities abound to create and adopt novel manner, people, businesses and governments
solutions to the challenge of enabling users to require trusted safeguards that respect human-
make durable decisions for how data about centricity and proprietary rights alike when
them is used and to make sure their wishes are designing alternatives to notice and consent.
abided by – and to be able to share that data.
Since it is not possible for every business to Businesses meanwhile are already using data
do this, the solution is to give them a service intermediaries in instances of delegated agency,
provider: a data intermediary. The idea of placing such as in the payments industry. Businesses are
a trusted data intermediary inside the data value more empowered than they may believe given
chain can also be a form of standardization. that digital agency policy is in its infancy; but it will
In order to fully harness the data ecosystem become established in a way that endorses norms,
in a responsible, cohesive and interoperable including the identification and prevention of harms.
What could go wrong? What could go right?
In many ways, a lot of things are already going agency. This is due to the echo chamber effect
wrong. Users are carved up as products and their of group think.
data used in ways they are uninformed about – or
feel uninformed about; in ways that their data might On the flip slide, a lot could go right:
be used, which could be inconsistent with the
users’ values or preferences; or in unexpected ways – A balance of control for any user to understand
that the application did not disclose. In worst case the decision they are making as to voluntarily
scenarios, digital agents could lead to the non- providing their data or withholding it, thanks
transparent use of data, including in ways that harm to their understanding of the policy of the
the data subject. application and the accountability of the
host company OR the scaling of the user’s
At the system level, without efficient diversity, permission sets according to skill set on
people may find the opposite – that they have or understanding technology.
perceive to have reduced spectrum of choices or

– Granularity to provide options as to what data present choices to the user but the choices
the user will volunteer (for example, if I am a dog would already be created by the application.
owner, I might be happy to volunteer that data,
so I get dog food ads; but I do not want my – Some decision automation without interrupting
healthcare data shared). the user’s current task, without worrying about
risky use of the data.
– Improved data provenance as a result of
increased legal certainty. It is essential to Trusted digital agency that harnesses the power
consider data provenance when working on of data intermediaries holds so much promise; but
things like blockchain and machine learning it is clear that a one-size-fits-all solution does not
exist. Instead, it is necessary to look at lessons
– A user would have the ability to choose their from industry and academia to observe what can
preferred application, which might align with be learned and the meaningful actions to take to
their personal values and the values of the successfully rewrite notice and consent where it is
application or company. An application may less relevant.
A multistakeholder call to action
In developing the rules of the game for trusted data making from a unique vantage point – that it is
intermediaries giving rise to a potentially automated possible to start to understand the rich tapestry of
regime of personal data sharing at a system level in the implications of data intermediaries, especially
a manner that overcomes the limitations of notice trusted digital agents, in different scenarios.
and consent regimes, it is the voice and presence
of people that matter most. This presence can be The concept of trusted digital agency is effectively
amplified by taking a human-centric approach to in policy “beta67 mode and therefore requires testing
the issue and placing people at the centre of such a from all stakeholders. Only when the concept is
step change in data policies. tested will it be possible to unearth the solutions
that society will demand to advance towards
But it also requires a multistakeholder approach trusted digital agency. That will be the key to
to get right. It is only by listening – to people holistic, systemic policy-making that leverages
to understand their experience and desires, technological advancement for human-centric, pro-
to businesses to understand their innovations innovation purposes in areas such as international
and constraints, to scholars who can isolate data transfers, healthcare research and diagnostics,
commonalities between models, and of course to innovation itself and a safer and more inclusive
governments who aim for evidence-based policy- online world.

Glossary
Cross-border data flows Data trust
The movement of data across international borders, An entity or group of entities that is entrusted
usually at the business-to-business level. to manage a specific data ecosystem or data
value chain.
Data controller
As defined in the GDPR (Article 4), the natural or Dataspace
legal person, public authority, agency or other A common space designated to use data for
body which, alone or jointly with others, determines a specific purpose or purposes.
the purposes and means of the processing of
personal data. Decentralized autonomous organizations
(DAOs)
Data ecosystem Independent, self-governed and self-funded
The ecosystem within which data exists and decentralized organizations based on a foundation
operates, either locally or at a global level. This of smart contracts.
can include the data itself and the applications
and infrastructure that support its storage, access, ePrivacy Directive
processing, use and reuse. Directive 2002/58/EC of the European
Parliament and of the Council of 12 July
Data portability 2002 concerning the processing of personal
The ability to port data from one system to another. data and the protection of privacy in the
electronic communications sector (Directive
Data processing on privacy and electronic communications).
As defined in the GDPR (Article 4), any operation
or set of operations that is performed on personal General Data Protection Regulation 2018
data or on sets of personal data, whether or (GDPR)
not by automated means, such as collection, Regulation (EU) 2016/679 of the European
recording, organization, structuring, storage, Parliament and of the Council of 27 April 2016
adaptation or alteration, retrieval, consultation, on the protection of natural persons with regard
use, disclosure by transmission, dissemination to the processing of personal data and on the
or otherwise making available, alignment or free movement of such data, and repealing
combination, restriction, erasure or destruction. Directive 95/46/EC.
Data processor Human-centricity

As defined in the GDPR (Article 4), a natural or Putting people’s wants and needs at the forefront
legal person, public authority, agency or other of process and systemic decision-making.
body that processes personal data on behalf of
the controller. IoT (internet of things)
A network of items – each embedded with
Data protection and privacy laws sensors – that are connected to the internet.
Laws that govern the collection and processing
of personal data and personally identifiable Metaverse
information and that vary from territory to territory. A virtual reality space in which users can interact
These differences can act as both a hard and soft with a computer-generated environment and
barrier to the movement of data across borders other users.
and can cover personal and/or non-personal data.
Open Data Watch’s Data Value Chain
Data provenance The Data Value Chain framework68 helps technical
Identifies the origin of the data processor and data practitioners understand how interoperability adds
owner and documents a record of the history of value to data on the data value chain. The data
the data since collection. value chain describes four major stages: collection,
publication, uptake and impact. It is essential to
Data subject reference interoperability at each stage, starting
As defined in the GDPR (Article 4), an identified or from when the handshake happens between
identifiable natural person; an identifiable natural systems, to either consume or deliver data in the
person is one who can be identified, directly or value chain. For example, it will define classifications
indirectly, in particular by reference to an identifier and standards to be followed while collecting
such as a name, an identification number, location and storing the data. Importantly, it describes
data, an online identifier or to one or more factors how downstream systems should use the data.
specific to the physical, physiological, genetic, The interoperability checklist must also reflect the
mental, economic, cultural or social identity of that organizational practices and data management
natural person. plans that cover the entire data value chain.

Open data Software as a service (SaaS)
Data that is made available for anyone to access Software solutions that reside in the cloud but, due
and use to high-speed connectivity, can be used in real time
as if they resided locally.
Personal data
As defined in the GDPR (Article 4), any information User experience (UX) design
relating to a data subject. It is important to note The design process through which people
that information that relates to a data subject, even experience the technology they interact with.
without a name, can qualify as personal data under
the GDPR. Web 3.0 or Web 3
The third generation of the internet, which is
Regtech decentralized in nature and enabled by distributed
First coined by the United Kingdom’s Financial ledger technologies.
Conduct Authority (FCA) in 2015, which called it
a “subset of fintech that focuses on technologies Zero-knowledge proof (ZKP)
that may facilitate the delivery of regulatory A concept in cryptography whereby one party can
requirements more efficiently and effectively prove the existence of something to another party
than existing capabilities.” In simple terms, it without revealing the properties of that something.
refers to any technology that ensures companies
comply with their regulatory requirements.69

Contributors
Lead author
Anne Josephine Flanagan

Data Policy and Governance Lead,
Task Force on Data Intermediaries (Co-authors)
Michael Bahar Caroline Louveaux

Partner, Co-Lead, Global Cybersecurity and Chief Privacy Officer, Mastercard
Data Privacy, Eversheds Sutherland
Ewa Luger
Paula Barrett Chancellor’s Fellow, The Alan Turing Institute,
Partner, Co-Lead, Global Cybersecurity and Edinburgh University
Data Privacy, Eversheds Sutherland
Bijan Madhani
Laura Brandimarte Privacy and Data Policy Lead, Meta
Assistant Professor of Management Information
Systems, University of Arizona Allan Millington
Director, Data Office, EY
Matthias De Bievre
Chief Executive Officer, VISIONS Teresa Patraquim da Conceição
Head Privacy Team, International, Novartis
Megan Doerr
Principal Scientist, Sage Bionetworks Steven Tiell
Lead, Responsible Innovation + Data Ethics,
Edwin Doyle Accenture
Global Security Strategist, Check Point Software
Aleksandr Tiulkanov
Cristian I. Duda Special Adviser on Digital Development,
Managing Partner, Chief Digital Officer, Council of Europe
Haefeli & Schroeder Financial Lines
Joe Toscano
Richard Gomer Founder, BEACON
Research Fellow, Trust & Digital Agency,
University of Southampton Stefaan Verhulst
Co-Founder and Chief Research and Development
Jana Gooth Officer, Governance Lab @ NYU
Legal Policy Adviser, European Parliament
Jacques de Werra
Jennifer King Professor of Law; Director, Digital Law Center,
Privacy and Data Policy Fellow, Stanford Institute University of Geneva
for Human-Centered Artificial Intelligence
Richard Whitt
Gary LaFever President, GLIA Foundation
Chief Executive Officer, Anonos
Christian Wickert
Xiao Liu Head, New Technologies Policy, USA, Merck
Assistant Professor, McGill University

Acknowledgements
Suzie Albizzati
Head, Corporate Marketing, AlixPartners
Donald Bullers
Global Technical Lead, Elastos Foundation
Jan Huizeling
Vice-President, Digital Labs, Yara International
Robert Kain
Chief Executive Officer and Co-Founder, LunaPBC
Richard Kibble
Global Head, Data Privacy, Alcon
Kimmy Bettinger
Project Specialist, Data Policy
Evîn Cheikosman
Policy Analyst, Crypto Impact and Sustainability
Accelerator
Tenzin Chomphel
Project Coordinator, Data Policy
Sheila Warren
Deputy Head, Centre for the Fourth Industrial
Revolution Network
Danielle Carpenter
Editor
Laurence Denmark
Design

Endnotes
1. World Economic Forum, 2020, Redesigning Data Privacy: Reimagining Notice & Consent for human-technology interaction,
https://www.weforum.org/reports/redesigning-data-privacy-reimagining-notice-consent-for-humantechnology-interaction.
2. Ibid.
3. McDermott, B., 2019, “Mind The Gap: The Trust/Experience Paradox”, Forbes, https://www.forbes.com/sites/
sap/2019/01/15/mind-the-gap-the-trustexperience-paradox/?sh=4df2fd4e6275.
4. Hardin, R., 2002, Trust and Trustworthiness, Russell Sage Foundation.
5. World Economic Forum, 2020, Redesigning Data Privacy: Reimagining Notice & Consent for human-technology interaction,
https://www.weforum.org/reports/redesigning-data-privacy-reimagining-notice-consent-for-humantechnology-interaction.
6. Tierney, J., 2011, “Do you suffer from decision fatigue?”, New York Times, https://www.nytimes.com/2011/08/21/
magazine/do-you-suffer-from-decision-fatigue.html.
7. McDonald, A.M and Cranor, L.F., 2008, “The Cost of Reading Privacy Policies”, I/S: A Journal of Law and Policy for the
Information Society, 2008 Privacy Year in Review issue.
8. Data2X and Open Data Watch, n.d., The Data Value Chain: Moving from Production to Impact, https://opendatawatch.
com/wp-content/uploads/2018/03/Data_Value_Chain-WR-1803126.pdf.
9. GDPR Article 4 requires heightened requirements for pseudonymisation beyond merely replacing direct identifiers
with tokens for individual fields within a single data set. Such heightened requirements for pseudonymization include
protecting all data elements, protecting against singling out attacks, dynamism, non-algorithmic lookup tables and
controlled re-linkability,
10. World Economic Forum, 2019, Federated Data Systems: Balancing Innovation and Trust in the Use of Sensitive Data,
https://www3.weforum.org/docs/WEF_Federated_Data_Systems_2019.pdf.
11. World Economic Forum, 2021, Empowered Data Societies: A Human-Centric Approach to Data Relationships,
https://www3.weforum.org/docs/WEF_Empowered_Data_Societies_2021.pdf.
12. European Commission, 2020, Data sharing in the EU – common European data spaces (new rules), https://ec.europa.eu/
info/law/better-regulation/have-your-say/initiatives/12491-Data-sharing-in-the-EU-common-European-data-spaces-new-
rules-_en\.
13. Tiel, Steven, 2020, “AI Ethics vs Data Ethics”, Ethics of Data, https://ethicsofdata.com/ai-ethics-vs-data-ethics.
14. Data2X and Open Data Watch, n.d., The Data Value Chain: Moving from Production to Impact, https://opendatawatch.
com/wp-content/uploads/2018/03/Data_Value_Chain-WR-1803126.pdf.
15. Corritore, C. L., Kracher, B., & Wiedenbeck, S., 2003, “On-line trust: concepts, evolving themes, a model”, International
Journal of Human-Computer Studies, 58(6):737–758, 2003.
16. Ibid.
17. Kapoor, A. & Whitt, R.S. 2021, Nudging Towards Data Equity: The Role of Stewardship and Fiduciaries in the
Digital Economy.
18. Ibid.
19. Verhulst, S.G., 2021, “Reimagining Data Responsibility: 10 new approaches toward a culture of trust in in re-using data to
address critical public needs”, Data & Policy, 3, 2021.
20. Whitt, Richard S., 2020, “Old School Goes Online: Exploring Fiduciary Obligations of Loyalty and Care in the Digital
Platforms Era”, 36 Santa Clara High Tech. L.J. 75, https://digitalcommons.law.scu.edu/chtlj/vol36/iss1/3.
21. Brandusescu, A. & van Geuns, J., 2020, Shifting Power through Data Governance 2020, https://assets.mofoprod.net/
network/documents/ShiftingPower.pdf.
22. Delacroix, S. & Lawrence, N.D., 2019, “Bottom-up data Trusts: disturbing the ‘one size fits all’ approach to data
governance”, International Data Privacy Law, vol. 9, issue 4, November 2019.
23. Cohen, C. and Wendehorst, C., 2021, ALI-ELI Principles for a Data Economy, Data Transactions and Data Rights, ELI
Final Council Draft, https://www.principlesforadataeconomy.org/.
24. Young, A. & Verhulst, S.G., 2020, “Data collaboratives”. In: Harris, P, Bitonti, A, Fleisher, C, Skorkjær, BA (eds)
The Palgrave Encyclopedia of Interest Groups, Lobbying and Public Affairs. Cham: Palgrave Macmillan. https://doi.
org/10.1007/978-3-030-13895-0_92-1.Google Scholar
25. Ada Lovelace Institute, 2021, Exploring Legal Mechanisms for Data Stewardship, https://www.adalovelaceinstitute.org/
report/legal-mechanisms-data-stewardship/.
26. Ibid.

27. Ostrom, E., 2015, Governing the Commons: The Evolution of Institutions for Collective Action, Cambridge University Press.
28. Ada Lovelace Institute, 2021, Exploring Legal Mechanisms for Data Stewardship, https://www.adalovelaceinstitute.org/
report/legal-mechanisms-data-stewardship/.
29. Some entities are experimenting with various real-world proof of concept exercises to determine, among other factors,
the potential viability and scalability of the commercial digital fiduciary model. See Whitt, R., 2021, Gaining Real-World
Validation of the Digital Fiduciary Model, Aapti Institute, The Data Economy Lab, White Paper Series, November 2021,
https://www.linkedin.com/feed/update/urn:li:activity:6874905018835849216/.
30. European Parliament, 2020, Regulation of the European Parliament and of the Council on European data governance
COM(2020) 767 final.
31. H.M. Government, 2021, Unlocking the value of data: Exploring the role of data intermediaries, https://www.gov.uk/
government/publications/unlocking-the-value-of-data-exploring-the-role-of-data-intermediaries/unlocking-the-value-of-
data-exploring-the-role-of-data-intermediaries.
32. Lähteenoja, V., Flanagan, A. J., & Warren, S., 2021, “On the importance of human-centricity and data”, World Economic
Forum, https://www3.weforum.org/docs/WEF_On_the_Importance_of_Human_Centricity_2021.pdf.
33. Other fiduciary duties include good faith and confidentiality, as per Black’s Law Dictionary, 2019, 11th ed. which defines
other fiduciary duties as “good faith, trust, special confidence, and candor”.
34. Lähteenoja, V., Flanagan, A. J., & Warren, S., 2021, “On the importance of human-centricity and data”, World Economic
Forum, https://www3.weforum.org/docs/WEF_On_the_Importance_of_Human_Centricity_2021.pdf.
35. See Open Data Institute, 2019, Data trusts: legal and governance considerations, https://theodi.org/wp-content/
uploads/2019/04/General-legal-report-on-data-trust.pdf, p. 8: “court action is expensive and likely to be too slow for
the needs of a data trust, which include maintaining confidence that its rules provide appropriate protections for all the
stakeholders in data. Thus, the report suggests that alternative dispute resolution mechanisms need to be incorporated
into the data trust’s rules”.
36. On the emergence of data disputes and of data arbitration, see de Werra, J., 2019, “Using Arbitration and ADR for
Disputes about Personal and Non-Personal Data: What Lessons from Recent Developments in Europe?”, American
Review of International Arbitration, vol. 30, n° 2, p. 195-217, available at: https://archive-ouverte.unige.ch/unige:134313;
de Werra, J., 2018, “From Intellectual Property (Data-Related) Disputes to Data Disputes: Towards the Creation of a
Global Dispute Resolution Ecosystem for Data Disputes in the Digital Era”, in: Resolving IP Disputes (Graz: NWV Verlag),
2018, p. 87-109, available at: https://archive-ouverte.unige.ch/unige:113027.
37. de Werra, J., 2016, “ADR in Cyberspace: The Need to Adopt Global Alternative Dispute Resolution Mechanisms for
Addressing the Challenges of Massive Online Micro-Justice”, Swiss Review of International & European Law 2016, 289-
306, https://ssrn.com/abstract=2783213.
38. See the report Data trusts: legal and governance considerations by BPE Solicitors, Pinsent Masons and Chris Reed at
Queen Mary University of London, 2019, https://theodi.org/wp-content/uploads/2019/04/General-legal-report-on-
data-trust.pdf, p. 8: “[…] court action is expensive and likely to be too slow for the needs of a data trust, which include
maintaining confidence that its rules provide appropriate protections for all the stakeholders in data. Thus the report
suggests that alternative dispute resolution mechanisms need to be incorporated into the data trust’s rules.”
See also de Werra, J., 2016, “ADR in Cyberspace: The Need to Adopt Global Alternative Dispute Resolution Mechanisms
for Addressing the Challenges of Massive Online Micro-Justice”, Swiss Review of International & European Law 2016,
289-306, https://ssrn.com/abstract=2783213.
39. See the report Data trusts: legal and governance considerations by BPE Solicitors, Pinsent Masons and Chris Reed at
Queen Mary University of London, 2019, https://theodi.org/wp-content/uploads/2019/04/General-legal-report-on-
data-trust.pdf, p. 41: “[…] dispute review boards (“DRB”), are ordinarily seen under construction contracts and exist for
the length of a particular project. These are put in place by contractual arrangement and governed by the International
Chamber of Commerce Board Rules. The model however could equally be applicable to disputes arising out of a data
trust if similar DRB provisions were to be put into the terms of use for the providing or licensing of data.”
40. International Network on Digital Self-Determination, https://idsd.network/.
41. Source: World Economic Forum, 2018, Identity in a Digital World: A new chapter in the social contract,
https://www.weforum.org/reports/identity-in-a-digital-world-a-new-chapter-in-the-social-contract.
42. World Economic Forum, 2018, Identity in a Digital World: A new chapter in the social contract, https://www.weforum.org/
reports/identity-in-a-digital-world-a-new-chapter-in-the-social-contract.
43. Kinston, J. & Ng, I., 2021, “Personal Data Servers will help take back digital ID from big tech”, Wired, https://www.wired.
co.uk/article/personal-data-servers.
44. Centre for Data Ethics and Innovation, 2021, Unlocking the value of data: Exploring the role of data intermediaries – An
exploration of the role intermediaries could play in supporting responsible data sharing, https://assets.publishing.service.
gov.uk/government/uploads/system/uploads/attachment_data/file/1004925/Data_intermediaries_-_accessible_version.
pdf.
45. Turner, C., David, S., Ahuja, A. & Wulfsohn, G., 2016, Accenture Labs Ethical algorithms for “sense and respond” systems,
Accenture, https://www.academia.edu/31436602/Accenture_Labs_Ethical_algorithms_for_sense_and_respond_systems.

46. Future of Privacy Forum, 2017, Unfairness By Algorithm: Distilling the Harms of Automated Decision-Making,
https://fpf.org/wp-content/uploads/2017/12/FPF-Automated-Decision-Making-Harms-and-Mitigation-Charts.pdf.
47. For example, see Jennings, N. & Wooldridge, W., 1996, “Software Agents”, IEE Review, January 1996, pp 17-20, http://
www.cs.ox.ac.uk/people/michael.wooldridge/pubs/iee-review96.pdf.
48. Ibid.
49. Friedman, B., Smith, I., Kahn, P., Consolvo, S., Selawski, J., 2006, “Development of a Privacy Addendum for Open-
Source Licenses: Value Sensitive Design in Industry”, Proc. UBICOMP, ACM Press (2006) 194—211.
50. Luger, E. & Rodden, T., 2013, “An Informed View on Consent for Ubicomp”. UbiComp ‘13: Proceedings of the 2013 ACM
international joint conference on Pervasive and ubiquitous computing, September 2013, pp. 529–538,
https://doi.org/10.1145/2493432.2493446.
51. Human Data Interaction, n.d., What is Human-Data Interaction?, https://hdi-network.org/intro_to_hdi/.
52. Diver, L., 2020, “Computational Legalism and the Affordance of Delay in Law”, Journal of Cross-Disciplinary Research in
Computational Law 1 (1), https://journalcrcl.org/crcl/article/view/3.
53. Luger, E. & Rodden, T., 2013, “An Informed View on Consent for Ubicomp”. UbiComp ‘13: Proceedings of the 2013 ACM
international joint conference on Pervasive and ubiquitous computing, September 2013, pp. 529–538,
https://doi.org/10.1145/2493432.2493446.
54. See for example:
– MyData Operators, which is empower individuals by improving their right to self-determination regarding their
personal data, at https://mydata.org/;
– Decode, a consortium of 15 organizations from across the European Union, at https://www.decodeproject.eu/;
– The Solid project at the Massachusetts Institute of Technology, at https://solid.mit.edu/;
– RadicalxChange (RxC), a global movement for next-generation political economies, at https://radicalxchange.org/.
55. European Parliament resolution of 20 October 2020 with recommendations to the Commission on a Digital Services Act:
adapting commercial and civil law rules for commercial entities operating online (2020/2019(INL)), Art. 17,
https://www.europarl.europa.eu/doceo/document/TA-9-2020-0273_EN.html.
56. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive
95/46/EC (General Data Protection Regulation), https://eur-lex.europa.eu/eli/reg/2016/679/oj.
57. See Whitt, R., 2021, “Hacking the SEAMs: Elevating Digital Autonomy and Agency for Humans”, Colorado Technology
Law Journal, Vol. 19, Issue 1, 137, 202 (2021).
58. Ibid.
COM (2020) 767.
60. European Parliament and European Council, 2002, Directive 2002/58/EC of the European Parliament and of the Council
concerning the processing of personal data and the protection of privacy in the electronic communications sector
(Directive on privacy and electronic communications) as amended, https://eur-lex.europa.eu/eli/dir/2002/58/oj.
COM (2020) 767 final.
62. Cf. Data Ethics Commission of the Federal Government of Germany, 2019, Opinion of the Data Ethics Commission,
p. 134, https://www.bmjv.de/SharedDocs/Downloads/DE/Themen/Fokusthemen/Gutachten_DEK_EN_lang.pdf?__
blob=publicationFile&v=3.
63. InfoCuria, n.d., Case-law, https://curia.europa.eu/juris/documents.jsf?num=C-311/18.
64. World Economic Forum, 2021, A Roadmap for Cross-Border Data Flows: Future-Proofing Readiness and Cooperation in
the New Data Economy, https://www.weforum.org/whitepapers/a-roadmap-for-crossborder-data-flows-future-proofing-
readiness-and-cooperation-in-the-new-data-economy.
COM (2020) 767.
66. European Commission, 2020, EU Commission impact assessment accompanying the proposal for a Regulation on
data governance (Data Governance Act) from 25 November 2020, SWD (2020) 295 final, p. 26, https://ec.europa.eu/
newsroom/dae/document.cfm?doc_id=71225.
67. Beta mode is the test and trial period for a new piece of software when rapid learning and experimentation occur.
68. Open Data Watch, 2018, “The Data Value Chain: Moving from Production to Impact”, https://opendatawatch.com/
publications/the-data-value-chain-moving-from-production-to-impact/.
69. EQS Group, 2021, “What Is RegTech?”, https://www.eqs.com/en-us/compliance-knowledge/blog/what-is-regtech/.

The World Economic Forum,
committed to improving
the state of the world, is the
International Organization for
Public-Private Cooperation.
The Forum engages the

foremost political, business
and other leaders of society
to shape global, regional
and industry agendas.

91–93 route de la Capite
CH-1223 Cologny/Geneva
Switzerland
Tel.: +41 (0) 22 869 1212
Fax: +41 (0) 22 786 2744
contact@weforum.org
www.weforum.org

WEF Advancing Towards Digital Agency 2022

Uploaded by

Copyright:

Available Formats

WEF Advancing Towards Digital Agency 2022

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WEF Advancing Towards Digital Agency 2022

Uploaded by

Copyright:

Available Formats

Advancing Digital Agency:

The Power of Data

1 The challenge: Human–technology interaction 5

1.1 Introduction: The trust gap in data sharing 6

1.2 Introducing data intermediaries 9

1.3 Exploring data value chains 11

2 The opportunity: Trustworthy human-centric data intermediaries 13

2.1 Data intermediary organizational models 14

2.2 The policy environment 17

2.3 Human-centricity and fiduciary duty 18

3 Moving towards trusted digital agency 20

3.1 The role of digital identity in supporting human agency 21

3.2 Automated decision-making 25

3.3 A potential trusted digital agency model 26

4 Reshaping human–technology interaction 28

4.1 How the use of data intermediaries shapes human– 29

4.2 User experience design consequences of using a third- 30

5.1 For governments: Future-proof regulatory support 32

5.2 For businesses: A policy leadership role 36

© 2022 World Economic Forum. All rights reserved.

Advancing towards Digital Agency: The Role of Trusted Data Intermediaries 2

Navigating the data ecosystem

Data intermediaries as a lever of action

Towards trusted digital agency

Advancing Digital Agency: The Power of Data Intermediaries 3

Advancing Digital Agency: The Power of Data Intermediaries 4

Advancing Digital Agency: The Power of Data Intermediaries 5

Advancing towards Digital Agency: The Role of Trusted Data Intermediaries 6

Advancing Digital Agency: The Power of Data Intermediaries 7

Advancing Digital Agency: The Power of Data Intermediaries 8

The possibilities of a mediated approach to (such as people or businesses), depending on the

How specific data rights holders

Advancing Digital Agency: The Power of Data Intermediaries 9

Advancing Digital Agency: The Power of Data Intermediaries 10

The data ecosystem versus the data value chain

FIGURE 1 Open Data Watch’s Data Value Chain14

Identify Analyse Connect Use

Collect Release Incentivize Change

Process Disseminate Influence Reuse

Production use – increasing value of data

Collection Publication Uptake Impact Feedback

Advancing Digital Agency: The Power of Data Intermediaries 11

Important note on best practice

Advancing Digital Agency: The Power of Data Intermediaries 12

Advancing Digital Agency: The Power of Data Intermediaries 13

Advancing Digital Agency: The Power of Data Intermediaries 14

A data collaborative is a data sharing relationship A data commons is a network of relationships

Advancing Digital Agency: The Power of Data Intermediaries 15

Advancing Digital Agency: The Power of Data Intermediaries 16

2.2 The policy environment

Advancing Digital Agency: The Power of Data Intermediaries 17

What might creating safeguards for data intermediaries

Advancing Digital Agency: The Power of Data Intermediaries 18

BOX 2 Liability: A tricky question

By managing collectively massive amounts of be done by creating dedicated global alternative

Advancing towards Digital Agency: The Role of Trusted Data Intermediaries 19

Advancing Digital Agency: The Power of Data Intermediaries 20

Advancing Digital Agency: The Power of Data Intermediaries 21

Telecommunications Food and sustainability

E-government Travel and mobility

1 The challenge: Human–technology interaction 5

4.2 User experience design consequences of using a third- 30