Data trustees – Secure administrative staff and data sharing

A data fiduciary is a neutral trusted party that enables data to be exchanged between different actors. Data fiduciaries act as an independent third party and ensure that data is exchanged in accordance with contractually agreed or legally prescribed regulations.

“A data fiduciary is a natural or legal person or a partnership that brokers access to data provided or held by data owners in accordance with contractually agreed or legally prescribed data governance regulations, (also) in the interest of third parties.” (Specht-Riemenschneider, 2021)

As a subgroup of data intermediaries, which, according to the Data Governance Act (DGA), are intended to promote access to and use of data in the EU, data trustees can create great added value. They can comply with data protection and compliance guidelines, which are very important, for example, in relation to personal data. As an independent entity, they can ensure neutrality in the data exchange process when parties cannot interact directly with each other for technical or trust-based reasons. In addition to pure data brokerage, new data products can be created by aggregating, anonymizing or enriching data with other data sets. They can also enforce the lawful use of data, which in the modern data economy includes the sharing of terms of use.

Data trustees address key challenges in the section of data management and offer a trustworthy solution for data-driven collaborations.

Basic functions for data trustees

• Data storage: The classic use case is the digital escrow function. For example, critical data can be stored with a custodian. This data can then be passed on or simply archived, depending on the data usage conditions.
  
• Data brokerage: The trustee acts as an intermediary between data providers and users if they are unable or unwilling to exchange data directly. This functionality is already being implemented in data spaces.
• Data aggregation and enrichment: New insights can be gained by combining data from different sources. In particular, the aggregation of different data sources can provide data users in data ecosystems with valuable data.
  
• Access control and authorization management: Ensuring that only authorized actors may access certain data. This is a frequently used application in the context of particularly sensitive data.
  
• Anonymization and pseudonymization: Provision of data for analysis or research in compliance with data protection requirements. The data can be passed on either in anonymized or pseudonymized form, so that later assignment remains possible under certain conditions.

Services of Fraunhofer ISST in the area of data trustees
 

Holistic business modeling

We develop innovative data trust models that enable secure, transparent, and fair data management. The focus is on creating transparent and scalable solutions that guarantee data owners sovereign control over their data. We evaluate the technical, organizational, and legal framework for data trustees and develop strategies for successful implementation in data-driven ecosystems.

Technical development and integration
With our research expertise, we support the development and integration of data trust solutions – from the design of secure interfaces to the infrastructure for data exchange. The integration of such systems improves the efficiency of data processing, reduces costs and enables companies to realize data-driven innovations faster.

Implementation strategies
We analyze the technical, organizational and legal framework for data trustees and develop customized strategies for successful implementation in data-driven ecosystems. This shortens innovation cycles and allows companies to take advantage of new market opportunities more effectively.

Compliance and data governance
We provide support for compliance issues and design governance concepts for data trustees that enable legally compliant, trustworthy and efficient data administration. Organizations benefit from secure and standardized data administration that minimizes risks and meets regulatory requirements.

Training and knowledge transfer
We offer training on the technical, legal and organizational principles of data trustees to optimally prepare companies and institutions for use. We support the integration and creation of the internal conditions for participating in data exchange processes via data trustees.