Resolutely complementary to top-down regulation, bottom-up data trusts aim to ‘give a voice’ to data subjects whose choices when it comes to data governance are often reduced to binary, ill-informed consent. While the rights granted by instruments like the GDPR can be used as tools in a bit to shape possible data-reliant futures - such as better use of natural resources, medical care etc., their exercise is both demanding and unlikely to be as impactful when leveraged individually. The power that stems from aggregated data should be returned to individuals through the legal mechanism of trusts.
The talk was given unscripted and without slides, but below is a transcript of what I said taken from a personal recording I made.
Youtube video is now included above, transcript below.
It’s a great pleasure to come after Paul.
So my talk’s going to be in three parts where I try and talk about motivation and then end up where Paul also ended up around Data Co-operatives. But I wanted to start by taking the title of this meeting “Global Forum on AI for Humanity”, it sounds great doesn’t it. All positive there. But the first question for me is “So what is Humanity?”. How many Africans are in the audience today? How many Chinese are in the audience today? Humanity is a diversity of opinion. And I was thinking about our hosts and I was thinking liberté, egalité and fraternité. Should probably be solidarité. But diversité. Diversité, my pronounciation isn’t that good. Diversité is the main thing we should be adding, I believe, to those sentiments which are after all 18th century sentiments developed by white men.
We heard earlier about trust. Now, one of the challenges we face is around this term AI. What is intelligence itself? It’s a very emotive term, because as soon as I say intelligence, we assume its something to do with who we are. Now the type of intelligence we can create is not who we are, it’s a combination of computers and statistics. Statistics that are computed on the basis of personal data, which is why legislation such as GDPR is so important in regulation. People in the public, when they hear the term intelligence, I believe they think of something more like anthropomorphic intelligence. But what we have created is nothing like an anthropomorphic intelligence, it would be closer to the type of intelligence you have in your immune system, which is something you are not aware of, but is one of the most important intelligences we have. What we talk about as AI today would therefore be better described as “computers and statistics”.
You cannot put trust in a machine in the way that the human being in the street understands the term trust. The idea that trust is verification or some other form of “I can prove that this computer is going to do this”, is wrong. Trust is naturally a human characteristic, I trust someone, I cannot trust a thing in the same way. Human rights are robust, and they should be the foundation of what we do, but they are robust because they are interpreted by humans.
There is a fundamental difference between the codification a computer scientist makes (I am a computer scientist) and a legal expert such as Paul makes. A computer scientist knows that they have to account for every situation that is going to be encountered when the system is deployed. This relates to some of what Stuart was talking about. But we cannot tolerate that, we cannot build machines that are so specified that they understand every circumstance that they will perceive today. The humans must be kept in the loop.
The reason legislative frameworks can work is because there is an understanding that they will be interpreted [by humans] in the future given the context. The AI we have created has no contextual understanding. That’s another way of saying what Stuart was saying earlier about the AI asking us questions. We have the contextual understanding and that’s the gap that he’s adressing there. But Stuart also talked the challenges of “Which contextual understanding?”. We need a diversity of understandings.
I was in Ghana last week at this meeting “Data Science Africa”, and we had a panel session on “What is Ethics?”. So to my mind I could see three parts to it. I think ethics are about vulnerabilities. People who are not empowered to control their own destinies, because of lack of knowledge, lack of power of some form. And very often those vulnerabilities are to do with power asymmetries. Some people have more power because they have more knowledge and they enact decisions that affect the people that are vulnerable. And, as was mentioned by Sylvie at the beginning, there’s a tension that is not reflected enough in our legal mechanisms of the collective vs the individual. I don’t understand very well Chinese ethical points of view but I believe them to be valid in some way, and my best understanding of them is that they value the collective more than the individual. Certainly, in the United States and in the UK the perspective is that the individual is primary. But I don’t think that we can continue to view it that way, as Sylvie mentioned, in the world of data.
So what are the challenges? Well we’re lucky because, I would say, that legislators are actually quite far-seeing. So GDPR is very far-seeing legislation in that it originates1 in 1983 when people were worried about what they called significant2 decision-making about whether you should be given insurance, or whether you should be allowed to go to a particular University or a decision about your sentencing in a court case. It gives us rights in those circumstances. But the new world that we face is that we’re getting algorithmic decisions being made about us, based on a series of insignificant decisions that when accumulated together have a significant effect. So the challenge is we will only investiage the decision … Stuart talked about we need to think about our objective funcitons, he’s absolutely right … but the challenge is if you’re building one small subsystem in an AI and the decision making is inconsequentional, not much thought is going into those decisions and what their objectives are. But once you’ve deployed the system it becomes part of a wider vitual environment that we’re all faced with that is changing our lives and that’s the gap we’re looking at.
So the GDPR gives us rights, it gives us rights to portability, erasability and explainability. But what we need to do is come together in the manner that Paul was suggesting and combine those rights. Because we are in a medieval system of legislation as far as data goes. There are two forms, there’s the commons where you put all your data out there for the whole world to see or the the Baron, the company that owns your data and makes decisions on your behalf. And we have no response … we have some legal rights, but those legal rights are ignored until the moment when we discover they’ve failed in their duty of care and we say “What were you doing?”. Equivalent to the Vikings turning up and stealing our children and so on so forth.
Now trust law provides an ecosystem for regulation, I’m aware that trust law is more developed perhaps in common law, in the Anglo Saxon countries, but the important part of trust law is the fiduciary responsibilities. So there are two parts to what I want to say in terms of the proposal that Sylvie and I have written about on data trusts (Delacroix and Lawrence 2019).
First of all, in trust law there is a duty of care which is fiduciary, a duty of undivided loyalty for those that lead the trust to act on behalf of the members3 of the trust. So the idea in a data trust is we pool our data rights within one organisation and we have data trustees who make decisions on our behalf. They are not regulated in the way that current professionals are regulated as directors of companies, they are are regulated in a stronger way they have to stand by those duties and provide undivided loyalty.
The really important thing is that you can have a diversity of trusts. You do not want one trust to rule them all, that would be equivalent to govermental legislation, and the reason for that is because we don’t understand the future decisions that people will want to make about their data. And we should give them an opportunity to express their preferences today. Unfortunately doing that individually, we know doesn’t work. So you place in this intermediary, this form of weak democracy of a data trust, with millions of members perhaps, that is representing a body of people with a particular opinion.
In that way you get over the need to break up platform companies, because the platform companies themselves rely on data to obtain their monopoly. If you remove the data, AI of today is entirely driven by data. The AI of tomorrow we cannot legislate for whatever that might be. The AI of today we can legislate for and it is driven by our personal data, and if we want to take back control of the decisions that are being made about us the place to intervene is on the data. So people who talk about competition law, I think they’re barking up the wrong tree. I think they need to look at data privacy law and data protection law.
I’ll just end by reading out a few corporate missions. You have to guess which companies they are.
“To give people the power to build community and bring the world closer together”
“To organise the world’s information and make it universally accessible and useful”
Also sounds lovely
“To make the world around you universally accessible and useful”
That’s related to the previous one.
“To be the earth’s most customer centric company”
Well these are all very lovely, but these are companies that are claiming they are mission driven but the reality is that [much of] their revenues are driven by advertising. [Much of] their revenues are driven by looking at our personal data and we have no come-back to say “You are not conforming to your mission” now trust law does that, and of course these missions are in some sense meaningless because no one can question the company on what it’s doing against its mission. If you force an organisation to have a mission that they have to stand beside, and you can do that through trust law, then you will find a more equitable approach to use and decisions that are made on the basis of our personal data. And I’ll end there.
Delacroix, Sylvie, and Neil D. Lawrence. 2019. “Bottom-up Data Trusts: Disturbing the ‘One Size Fits All’ Approach to Data Governance.” International Data Privacy Law, October. https://doi.org/10.1093/idpl/ipz014.