Data Fiduciary


ˈdeɪtə fəˈduʃiˌɛri

A person or a business that manages individual data in a trustworthy manner. Also ‘information fiduciary’, ‘data trust’, or ‘data steward’.

‘Fiduciary’ is an old concept in the legal world. Its latin origin is fidere, which means to trust. In the legal context, a fiduciary is usually a person that is trusted to make a decision on how to manage an asset or information, within constraints given by another person who owns such asset or information. Examples of a fiduciary relationship include homeowner and property manager, patient and doctor, or client and attorney. The latter having the ability to make decisions about the trusted asset that fall within the conditions agreed by the former.

Jack M. Balkin and Jonathan Zittrain wrote a case for “information fiduciary”, in which they pointed out the urgency of adopting the practice of fiduciary in the data space. In the Atlantic, they wrote:

“The information age has created new kinds of entities that have many of the trappings of fiduciaries—huge online businesses, like Facebook, Google, and Uber, that collect, analyze, and use our personal information—sometimes in our interests and sometimes not. Like older fiduciaries, these businesses have become virtually indispensable. Like older fiduciaries, these companies collect a lot of personal information that could be used to our detriment. And like older fiduciaries, these businesses enjoy a much greater ability to monitor our activities than we have to monitor theirs. As a result, many people who need these services often shrug their shoulders and decide to trust them. But the important question is whether these businesses, like older fiduciaries, have legal obligations to be trustworthy. The answer is that they should.”

Recent controversy involving Facebook data and Cambridge Analytica provides another reason for why companies collecting data from users need to act as a fiduciary. Within this framework, individuals would have a say over how and where their data can be used.

Another call for a form of data fiduciary comes from Google’s Sidewalk Labs project in Canada. After collecting data to inform urban planning in Quayside area in Toronto, Sidewalk Labs announced that they won’t be claiming ownership over the data that they collected and that the data should be “under the control of an independent Civic Data Trust.”

In a blog post, Sidewalk Labs wrote that:

“Sidewalk Labs believes an independent Civic Data Trust should become the steward of urban data collected in the physical environment. This Trust would approve and control the collection of, and manage access to, urban data originating in Quayside. The Civic Data Trust would be guided by a charter ensuring that urban data is collected and used in a way that is beneficial to the community, protects privacy, and spurs innovation and investment.”

Realizing the potential of creating new public value through an exchange of data, or data collaboratives, the GovLab “ is advancing the concept and practice of Data Stewardship to promote responsible data leadership that can address the challenges of the 21st century.” A Data Steward mirrors some of the responsibilities of a data fiduciary, in that she/he is “responsible for determining what, when, how and with whom to share private data for public good.”

Balkin and Zittrain suggest that there is an asymmetrical power between companies that collect user generated data and the users themselves, in that these companies are becoming indispensable and having more control over individuals data. However, these companies are currently not legally obligated to be trustworthy, meaning that there is no legal consequence for when they use this data in a way that breach privacy or in the least interest of the customers.

Under a data fiduciary framework, individuals who are trusted with data are attached with legal rights and responsibilities regarding the use of the data. In a case where a breach of trust happens, the trustee will have to face legal consequences.

More information: