Managing responsible and efficient data sharing is vital for businesses in an increasingly digital age. It is also key to realising the UK Government’s ambitions set out in the recent National Data Strategy of unlocking the vast potential of public - and privately held – data in the UK. However, issues such as current legal and regulatory risks (actual or perceived), a lack of knowledge and the costs involved all hinder data access/sharing. For the past few years people have started to look at ways in which data trusts and data stewardship can help (see our podcast - Can privacy laws enhance digital innovation?). Building on this work, and as part of the National Data Strategy, DCMS tasked the Centre for Data Ethics and Innovation (CDEI) with the role of exploring how data intermediaries could support responsible data sharing as well as how the government can support their adoption. On 22 July the CDEI published a blog and report, looking at the current role data intermediaries play across different sectors as well as the role they could play in the future.
What at are data intermediaries?
The CDEI report uses the following description:
“Each time data is shared, accessed, used or protected, a number of stewardship activities would typically take place at the intersection of the data sharing and access journeys. They can include, for example, finding data that is fit-for-purpose, managing transfers and usage rights, and ensuring that the right protections are in place. Data intermediaries - operating in the public, private or third sectors - could help absorb some of the costs and risks that would be normally associated with performing data processing activities in-house. There is already a vibrant ecosystem of innovative data intermediaries, which act between those sharing and accessing data. Many of these organisations are creating novel, technology-enabled solutions to allow safe and frictionless data sharing. Intermediaries can provide technical infrastructure and expertise to support interoperability between datasets, or act as a mediator negotiating sharing arrangements between parties looking to share, access, or pool data. They can also provide rights-preserving services - for example, by acting as a data custodian allowing remote analysis through privacy-enhancing technologies, or providing independent analytical services in a siloed environment. Data intermediaries could assume the roles and obligations of a data controller and/or processor.” |
While the term is broad, and covers a range of different activities and governance models that facilitate data access and/or data sharing, the report focuses on seven types of data intermediaries:
Type | Definition |
---|---|
Data trusts | Provide fiduciary data stewardship on behalf of data subjects. |
PIMS | Personal information management systems - seek to give data subjects more control over their personal data |
Data exchanges | Operate as online data platforms where datasets can be advertised and accessed - commercially or on a not-for-profit basis |
Industrial data platforms | Provide shared infrastructure to facilitate secure data sharing and analysis between companies |
Data custodians | Enable privacy-protecting analysis or attribute checks of confidential data, for example, via the application of PrivacyEnhancing Technologies (PETs) - see our client briefing for more information on PETs |
Data cooperatives | Enable shared data spaces controlled by data subjects |
Trusted third parties | Provide assurance to those looking to access confidential datasets that the data is fit-for-purpose (e.g. in terms of quality or ethical standards) |
These concepts can be quite abstract and so the report includes visual representations and case studies to demonstrate how they work in practice. For example, Exhibit 1 of the report shows a diagram of a PIMS, where an individual imports personal data from providers such as social media companies, banks, hospitals, the government etc. The individual is then able to manage who has access to their personal data store, granting or revoking access to organisations such as GPs, banks, and online retailers. It also discusses real world examples of data intermediaries, such as the role the Open Banking Implementation Entity played as a trusted third party supporting open banking and facilitating trustworthy and secure data sharing.
Potential future uses
As with many recent data and digital papers, the aims for data intermediaries are ambitious. As well as highlighting where data intermediaries are already playing a part in facilitating increased access to, and sharing of, data, the report looks at potential future uses cases where intermediaries may help solve some pressing social challenges. These include facilitating preventative medicines, enabling the matching of workers to jobs and helping the UK to meet its Net Zero targets.