What could and should be the rules for sharing sensor data, medical data and personal data? AMdEX’ questions at the MozFest 2022 event made for lively discussions. Answers weren’t as plentiful, but that is the point of this festival for and by the open Internet movement.
The AMdEX online session focused on three usecases that deal with different aspects of data sharing and the management and governance of data. All questions during the session stemmed from the great work by Elinor Ostrom on data commons. She dedicated her research on the collective management of scarce resources and how to apply them so we (rather than big tech) gain control of our data.
“Data are a very specific resource with interesting legal, social, technical and philosophical questions”, said Robert Goené, lead at Waag’s Future Internet Lab. At present, there are more questions than answers, making this “such an exciting field to work in.” Not an easy field, though, as different types of data require different approaches. There is not one data commons solution for everything. “Data commons are by definition pluralist in nature and the community sets the rules.” Thomas van Binsbergen, researcher of software languages at AMdEX-partner University of Amsterdam, added: “Transparant rules, that enable human intervention in case of conflict.”
Case 1: Marineterrein
Hayo Schreijer, director of deXes and AMdEX partner, described the Marineterrein in Amsterdam as an area equipped with a range of sensors and camera’s. These collect a variety of data, with sensitivity levels ranging from public to personal. “Those data are of interest to students, journalists, researchers, the city council,” said Schreijer. “But sharing data requires a level of trust. How do we know that our interested user will handle data responsibly?”
The Marineterrein data provided an interesting usecase, which has also been discussed at a previous event. To ensure that the Marineterrein would remain in control of their data, the AMdEX team set up an extra layer in the sharing cycle between data owners and data users. All parties have to agree to a set of rules before they can start a transaction. Only when the user accepts the terms and conditions, they can access the data. For example, in some cases a user can ‘order’ aggregated data from an owner, using micropayments. Additional rules are that the ID of the user is known and they reside at the Marineterrein.
“Data space, data union, data commons. Do we even have a shared language?”
The challenges here are that data are often not ready to be shared, the quality needs to be improved, as well as the metadata and data structure. The data’s various sensitivity levels (high trust, low trust) can be addressed with different terms and conditions, for which templates are available (from the Data Sharing Coalition, for example). These should then be made ‘machine-readable and enforceable’. Note that ‘sensitive’ can also mean ‘commercially sensitive’.
Stefano, one of the attendees in the session, questioned who owned the data. He stated that the Marineterrein are the data users, not the owners. He wondered if the General Data Protection Regulation (GDPR) could answer that prickly problem. A brief discussion followed. It was said the GDPR does not talk of ownership but of data subjects and rights to process.
Attendee Mike was curious about the language used to describe the data commons. “Data space, data union, data commons. Do we even have a shared language?” We do not. Schreijer: “Focus on achievement and we’ll figure out language when things get legal.” Mike, who works with policy makers in the United States, asked for a compendium of cases in the EU and was referred to the Data Sharing Coalition.
Case 2: BioCommons
In 2003, the humane genome was successfully mapped and DNA sequencing became a million dollar business. Citizens enthusiastically submitted their DNA for ancestor research and genetic scans. Quirine van Eeden, concept designer at Waag, claimed in her presentation that valuable insights that arise from such scans, should not be in the hands of the few. “These data should be regarded as commons and shared with universities, healthcare institutes and some commercial parties. We want to start thinking about how to properly organise genetic data. For example, individuals could share only relevant parts of their DNA sequence. However, DNA also contains information about a person’s relatives. How to organise individual and collective informed consent? How can we assess the risk of sharing these data? Should consent be outsourced to parties who can evaluate that risk?
BioCommons, a project by Waag, show the diversity of questions in data commons and the limits of the GDPR. Session attendee Thomas: “The challenge is how to communicate the way the rules are set and made transparent. What are the rules for the rules?” AMdEX researcher Van Binsbergen replied the underlying system needs to be adaptable, because decisions will need to be revised continuously in this new domain. Debate followed on who should set the rules for BioCommons: collectives? Individuals? Individuals with or without the relatives? And how to guarantee the necessary transparency for consent? This entire topic captured the imagination and will be discussed in a separate session.
Case 3: Social housing and energy bills
Speaker Tom Griffioen is co-founder of Clappform. This data analytics platform works with Dutch local and regional government as well as social housing corporations. The company was asked to predict which of 20,000 households in a particular region would have the highest energy bills, so they could be offered a reduction in rent. The data restrictions in this case were steep: energy consumption data were not available at home level, nor were there any data on the tentants’ current financial situations. The challenge was how to share sensitive data in a fair and reliable way. To that purpose, Clappform is exploring the use of synthetic data. There was some confusion amongst the audience as to why the question had to be answered this way in the first place. Tenants would know how high their energy bills are and can apply for rent reduction themselves. Some suggested asking the owners of the data (the tenants) for help, because a possible reduction in rent would benefit them.
Text: Karina Meerman