It seems like every week a new story about mishandling of personal data is making the headlines. This week it was the turn of a group of professional footballers to complain about how organizations are sharing and, more importantly, monetizing their performance data without their consent.
At the heart of the complaint a group of 850 footballers are initially considering taking legal action against 17 organizations alleging misuse of their data, ranging from the average number of goals scored in a game through to their physical attributes such as height and weight, which as well as being highly concerning also contravenes the General Data Protection (GDPR) regulations that apply to all organizations that store and process personal data.
If the action is successful the players are looking to receive financial compensation as well as more control over what happens to their data in the future. Advisors working with the group believe it could also have far reaching implications for the whole of the data collection industry. This particularly applies to the huge online betting companies whose business models are heavily based on having easy access to information on the players across all professional sport to help them in setting the odds of a particular outcome occurring.
Businesses that are found to fail to meet the GDPR regulations, particularly in terms of protecting individuals’ privacy rights, can face fines of up to 4% of their global turnover and other operationally restrictive sanctions, which means they need to take the responsibility very seriously.
More widely the action is also being seen as a test case that could have a much more far reaching impact on the way that all personal data is handled in the future, including the financial compensation that individuals can expect to receive for its commercial use.
In addition to drawing wider public attention to the whole issue of personal privacy rights and the essentially unregulated use of data in all aspects of our daily lives, this story serves as a good argument for the adoption of Data Trusts as a model for data governance going forward. As discussed in a previous blog, Data Trusts operate as 3rd party entities legally responsible for representing and protecting the interests of groups of data subjects and ensuring that data access and sharing is based on collective as well as individual consent. This would mean the footballers would pool their rights they have over their personal data within a legal framework of a Trust which would negotiate its use on their behalf.
In practice this could mean that rather than needing to take private retrospective legal action to retake control of their data any organisation that wanted to have access to the footballers’ performance data would have to apply to a formal Data Trust representing all professional footballers for permission and to agree to a range of terms and conditions governing how and when it can be used and how much individuals can expect to receive in payment for the rights. Something that has been compared to acting like a trade union but with fiduciary oversight.
Data Trusts are a relatively new concept and exactly how they would operate is still being worked out by organisations such as the UK’s Open Data Institute (ODI) who are working on pilot projects in collaboration with major partners representing a wide range of legal and industry sectors.
The ODI see data trusts as a way of “increasing access to data to maximise its societal and economic value, while limiting and mitigating potential harms” and “advocate for and support practices that demonstrate trustworthiness by factoring ethical considerations into how data is collected, managed and used; ensuring equity around who accesses, uses and benefits from data; and engaging widely with affected stakeholders”.
While they also acknowledge that there will be cases where a data trust is not the most appropriate solution it is clear that data trusts are likely to play a significant part in the future of data governance that governments and industry will need to factor into their operational planning to keep them on the right side of the law.