In the Balance: Q&A with Janis Wong, PhD researcher in computer science, the University of St Andrews
Stephanie Spangler: We’re so happy to speak with you today about data governance! You were a keynote speaker at a McKinsey Digital and data and assets knowledge sprint last fall, where you spoke about data trusts.
You have an informative website on your academic work in data protection, have recently coauthored a research article, “Data protection for the common good: Developing a framework for a data protection-focused data commons,” and recently completed the fall 2021 research sprint called Alternative Data Futures: Cooperative Principles, Data Trusts, and the Digital Economy, which is hosted by the Berkman Klein Center for Internet & Society at Harvard University in collaboration with the Platform Cooperativism Consortium at The New School, with insights to be in a forthcoming publication. You have been very productive in this space, and we are grateful and thrilled to speak with you again to share more insights with our readers.
Your research relates to the legal and technological applications in data protection, privacy, and data ethics, where it aims to create a sociotechnical collaborative commons framework that helps data subjects protect their personal data under existing data protection, privacy, and information regulations.
Let’s unpack this a bit. What is a “collaborative commons framework,” and how can data subjects (individuals) use this more effectively than our current approach to protecting personal data?
Janis Wong: In our work, we refer to a collaborative commons framework as a model for data stewardship that focuses on enabling data subject and stakeholder collaboration. The framework not only encourages transparency on how data is collected, analyzed, and shared, but also enables the cocreation of data protection solutions.
The idea of the commons applied to data protection is based on Elinor Ostrom’s work on the commons as well as existing theories of applications such as knowledge commons, urban commons, and data commons. The main premise is that data subjects don’t have to seek data protection solutions individually. Instead, they can collectively pool their knowledge, information, and data together to come up with a solution that matches their individual data protection preference.
Stephanie Spangler: It’s interesting to think about data protection through a collaborative lens that creates enhanced efficiency and shared responsibility for data protection. Are there any examples or use cases of where this has been applied?
Janis Wong: There have been many ways in which various data stewardship frameworks have been applied. These include cooperatives for ride-hailing services or supporting fisheries data, urban and data commons such as Decidim for participatory democracy, and data trusts applied to city data. However, one thing we found from our research was that sometimes, how these frameworks are defined can be contested, so each approach to a commons or stewardship may be slightly different.
Since this area of work is constantly changing in response to our relationship with data, definitions and applications have also changed. We interviewed a range of experts that created different commons from interdisciplinary perspectives, so creating a collaborative commons for data protection and stewardship is possible, but more needs to be done to make sure that the framework can truly support data subjects and their communities.
Stephanie Spangler: So, this framework can accommodate a variety of use cases and an interdisciplinary approach. More broadly, what are the primary benefits of utilizing data stewardship frameworks (data trusts, data foundations, and data cooperatives) over or in conjunction with the current legal framework (e.g., the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)) and technological tools (e.g., OpenGDPR and Jumbo Privacy)?
Janis Wong: It’s important to note that these frameworks are not a substitute for legal instruments or digital tools. Rather, they are intended to supplement them by being more sensitive to the needs and wants of data subjects while also being less rigid in their implementation. For example, a data trust supported by the application of trust law can provide independent, fiduciary stewardship of data.
This fiduciary responsibility can help address the tensions between data subjects and the data controllers who have a business incentive to gather as much personal data from individuals as they can within the remit of the law. Data cooperatives can support the shared ownership of data and their infrastructures to better utilize the value of data that is collectively generated. Commons frameworks can support collaborative decision making and solutions as implemented through existing legal and digital infrastructures. In general, data stewardship frameworks can help find a better balance between different stakeholder tensions with the help of law and technologies.
Stephanie Spangler: You’ve touched on how data stewardship is a necessary component in these frameworks. Could you talk a bit more about what the different roles are of the parties in this alternative data ecosystem?
Janis Wong: The roles of different stakeholders within data stewardship depend on the context and specific use cases applied. Central to a lot of these frameworks is of course the data subject, particularly for data protection, since the adoption of data stewardship aims to balance the risks of data collection and sharing with the value that such data can generate. Different data stewardship frameworks will have different sets of (legally defined) stakeholders.
For example, there are settlors and beneficiaries within data trusts and beneficiary members in data cooperatives. Within a collaborative commons, there may be other stakeholders such as industry experts or researchers who can support the creation of collective solutions. The commons framework we have in mind also supports data subject recourse, for example, helping data subjects exercise their data protection rights after a data breach, as opposed to only minimizing potential data-related risks and harms.
There are no one-size-fits-all solutions for data stewardship and governance, so it’s very much about who the beneficiaries are, what the purpose of a particular framework is, and why the chosen framework may be better for managing data for a set period compared to other options.
Stephanie Spangler: Where do you see lawyers, especially in-house lawyers, fitting into this new collaborative data ecosystem?
Janis Wong: When it comes to lawyers, it’s important that they work with data subjects to understand what their concerns and considerations may be when it comes to data protection, sharing, and stewardship. Collaborative data ecosystems often touch upon different areas of law such as data protection, intellectual property, and regulations specific to different industries.
Lawyers and in-house lawyers are in a great position where they understand what the wide-reaching legal challenges may be, to demystify the legal jargon as well as provide greater transparency on how data can and cannot be used for what purposes.
This involves engaging with technologists, policy makers, and researchers too, particularly when it comes to making sure that all parties have the same understanding of what terms such as “data” or “sharing” mean. Explicit common agreement can help minimize misunderstandings when creating new data ecosystems. In addition to legal clarity, lawyers can also engage in the ethical dimensions within collaborative data ecosystems and mediate expectations on the use of data between different stakeholders. More ambitiously, lawyers can be more creative and explore how new identities for data stewards, trustees, or alternative legal relationships can be created for generating value with data while also protecting it.
Stephanie Spangler: It sounds like lawyers have an impactful opportunity to participate in this developing area. You mention the ethical dimensions within collaborative data ecosystems and the role lawyers can play there. Could you talk more broadly on why data ethics matters to a collaborative commons framework?
Janis Wong: Data ethics is crucial when it comes to thinking about data stewardship and governance more generally. There are considerations that need to be made when it comes to whether the use of certain data could result in potential harms, such as those related to surveillance or algorithmic discrimination, even if the initial collection and analysis of data was legal.
Beyond thinking about whether certain data models or technologies are accurate or fit for purpose, considering ethics is a good way to identify whether the proposed solution can solve the selected problem. Fortunately, there have been more steps taken to build ethical thinking into the implementation of data infrastructures, such as the ACM Code of Ethics and Professional Conduct. These are small steps but important ones that need to be applied more broadly across different industries.
Stephanie Spangler: There seems to be some momentum in exploring data stewardship frameworks. What could drive adoption of a collaborative commons framework? Legal and regulatory change to adapt to this framework? Implementation of technology? Economic incentives?
Janis Wong: In my view, there are two main parts to driving adoption. The first piece of the puzzle is figuring out how to deploy a commons or other data stewardship frameworks in practice. That’s why our research looked at establishing a policy checklist as well as adapting a development framework to outline how a commons could be implemented. There are also pilot projects of other data stewardship frameworks that are currently being explored.
The second part is demonstrating the economic and societal value of balancing the protection of personal data with sharing and reusing data in common. There has been some early recognition of the value of data stewardship within legal and policy spaces, such as in the proposed European Data Governance Act. This is a trend that will likely continue, so it’s important to keep on top of these developments.
Stephanie Spangler: What are the challenges you see in preventing this adoption?
Janis Wong: I think one of the main challenges is the way we, as individuals and organizations, have settled on what we think data is over the past decade or two. The systems and infrastructures we had in place ten years ago still very much dictates how our data is managed now. When there wasn’t much digital data around, there were fewer considerations on how data should be protected or governed because the information we shared online didn’t necessarily shape our identities or the way we interact with society.
However, as many aspects of our lives become digitized, from transport to education to social events to our workplace, we need to reevaluate how we want individuals and businesses to engage with data. We have seen some of these changes play out with the implementation of the GDPR. Some people would argue that the regulation goes too far and limits innovation, while others would argue that it doesn’t protect personal data enough. These changes, coming to a consensus, and the adoption of data stewardship frameworks all take time, so it’s important that we start having these conversations sooner rather than later.
Stephanie Spangler: Which is why it is so important that we are having this conversation now. This has been an incredibly informative discussion, and we appreciate your insights. We want to ask a few “fun” questions. If you could choose any superpower, what would it be?
Janis Wong: Teleportation! Imagine being able to get anywhere in no time.
Stephanie Spangler: That’s a real time-saving superpower! The Formula One season has just started this year. If you were a world-class athlete, what sport would you compete in?
Janis Wong: Competing in motorsports would be quite cool. I used to do a bit of long jump, but that was many years ago. I really enjoy watching tennis, so I would go with that.
Stephanie Spangler: Cool, indeed. And last but not least, rate the condiments in order of preference: ketchup, mustard, mayonnaise, and peanut butter.
Janis Wong: Ooh, this may be a bit controversial. I’m not sure I would dip my chips or fries into peanut butter, but I do like a good peanut sauce. My preference would be mayonnaise (preferably the Japanese type), then peanut butter, mustard, and finally ketchup. I’ve never particularly liked ketchup.
Comments and opinions expressed by interviewees are their own and do not represent or reflect the opinions, policies, or positions of McKinsey & Company or have its endorsement.