Over the past decade, large scale data leaks, micro-targeting, algorithmic bias and numerous privacy violations have eroded the public’s trust in information collection and sharing by corporations and governments. The sheer volume of material collected today warrants alternative approaches to data governance that go beyond current data protection regulations.
At the moment, most existing legislations focus on data protection, but do not consider data empowerment (enabling individuals and communities to control the ways in which their data is collected, used and shared). Indeed, mainstream approaches to privacy online largely focus on a model of notice-and-consent: Individuals are notified about data collection and its purpose, and are then offered the choice of consenting or refusing. In addition, privacy by design approaches seek to reduce data collection and use to what is absolutely necessary for the task at hand. Together, these form the cornerstones of data protection regulations such as the GDPR in Europe and the CCPA in California.
The shortcomings of data regulations have become increasingly apparent since they first took effect. One common criticism is that they place the burden of education and decision-making squarely on users’ shoulders. However, they can hardly be expected to sift through a plethora of user-unfriendly popup windows asking for consent, or read the lengthy terms and conditions. Even those that do educate themselves and try to understand the future implications of sharing their data online are often faced with impossible dilemmas: either consent to sharing their data, or lose access to a platform, app or service. Often this is not a real choice at all: we may not agree with Zoom’s terms and conditions, but few of us are willing to lose access to such platforms when the consequence is no longer being able to participate in meetings and other events.
Individual decisions can have collective consequences. When millions of people decided to share their data with Facebook, few anticipated that the likes of Cambridge Analytica might use it in the future to influence voting behaviors. This example shows not only the limits of our ability to make sound decisions about our own personal data, but also that such decisions can end up affecting society as a whole.
In other cases, the hazards of data collection and use play out on a group level. Even fully anonymized data may still identify the attributes of different groups of people. For instance, we might be able to infer how members of certain age groups behave, or that members of certain economic classes tend to be less healthy. In essence, data is relational. Privacy researcher Nathaniel Raymond refers to this category of data as Demographic Identifiable Information (DII), which they define as: “either individual or aggregated data points that allow inferences to be drawn that enable the classification, identification and/or tracking of both names and/or unnamed individuals, groups of individuals and/or multiple groups of individuals according to ethnicity, economic class, religion, gender, age, health condition, location, occupation, and/or demographically defining factors.”
As the impacts of DII collection and sharing play out on the group level, it makes sense for decisions about this kind of information to be negotiated on this level, too. The question then becomes: how does the group decide?
Another shortcoming of the current regulations is that they often focus on privacy by design - that is, to only collect and store data that is absolutely necessary for the task at hand. While this approach can help reduce harm, on its own it is ill-suited to promote alternative uses of data that might benefit society in general. These include uses of data that help us coordinate, track common goals, or make our voices heard. The question then becomes how we may safely make more data available to these civil society actors, in a way that the subjects of the data can trust.
Data stewardship can help overcome the challenges addressed above. A data steward is an independent intermediary or agent who acts on behalf of the subjects of the data and/or those affected by its collection and use.
For instance, a diabetes patient might wish to make data available to medical researchers hoping to cure diabetes. Instead of individually deciding about which person or organization should receive access to their data, they could hand that decision-making power to a data steward. Stewards are especially useful in situations where we cannot rely solely on individual consent to decide how data should be collected, accessed and used. This is the case when data is about more than one person, and particularly when the collection, access and use of data comes with risks and benefits not just to the individual subject, but also to society in general – as described above. Data stewards help create consent mechanisms that do not place the entire burden of decision-making on the individual; they also facilitate collective bargaining. We can imagine a data steward taking different roles and responsibilities, depending on the specific purposes and communities they serve.
To ensure that the data steward continually acts for the benefit of those whose interests they serve, they would be required to accept certain fiduciary duties, specifically a duty of care and a duty of loyalty. This means that – just like a doctor vis-a-vis their patients – they are expected to make decisions that are solely in the interest of the beneficiary they represent, and must not be negligent. As a result, there must be no conflict of interest.
As mentioned above, data stewards can take different forms, perform a variety of functions and bear diverse responsibilities. The evidence about different models of stewardship is slowly becoming available. They give us a sense of the possible governance frameworks that data stewards can adopt, and how these might change in assorted circumstances. Some of the more prominent models for data stewardship that demonstrate varying types of governance mechanisms are discussed below.
Open Data is not a model of data stewardship per se, but it focuses on making siloed, unused or underused data universally accessible for both public and private purposes. It ensures that data is easily accessible in a convenient, modifiable, interoperable form and can be reused and/or redistributed efficiently. Because open data is aggregated and anonymized – that is, it contains no personally identifiable information – it can be used without permission.
Over the years, open data has been successfully deployed to address questions of mobility, disease surveillance, government service accountability and more. This allows innovators, researchers and startups to access data and build on it, as they require. While there is a clear need for open data, the role of individuals and communities in its governance is limited, due to the nature of the material shared. Further, open data formats cannot be used to share information that may be sensitive in any way. In this context, the steward’s role may be slightly different: to ensure that data is representative, reliable and consistent. The steward plays a more technical role here, advocating for greater inclusion and representation in the datasets. While this may differ from the more commonly understood image of a data steward’s function, this is critical, and has significant societal implications.
Cooperatives are structures in which members band together to make collective decisions on shared assets. Examples include housing cooperatives for managing assets, or firms in which employees co-own and run the enterprise. Cooperatives are defined by a few key characteristics: They are voluntary, with open membership; their members make democratic decisions through the one member one vote system, and all economic surplus generated by the cooperative is shared equally among its members.
The cooperative structure of collective decision-making is increasingly being applied to data, where individuals can pool their data and co-govern its use to further their collective aspirations; they also negotiate with technology companies and platforms, and share the value drawn from their data. Cooperatives provide individuals with a shared community regarding data issues, allowing them to safeguard their rights, seek collective representation and hold technology companies accountable. These cooperatives are used for multiple purposes, such as helping platform workers understand how their data is being used better, and enabling patients to pool and direct their medical data for more patient-led research.
Data Commons are a mechanism for pooling data and governing it as a common resource. This idea comes from Elinor Ostrom’s work on public goods, which points to flexible structures that allow communities to manage resources in accordance with their own distinctive rules and values. Governance of commons in technology is widely evident in efforts such as Wikipedia and Open Street Maps, where a broader community invested in its upkeep manages open access objects.
Data Commons and Data Cooperatives are similar regarding the co-governance of shared resources; but membership and governance mechanisms are much more informal in the former. Commons may be governed through different systems that communities may develop together. These can take the form of a cooperative or foundation, or other institutional mechanisms. Communities may also develop systems for collective governance, dispute resolution and redress in case of harm. Data Commons represent a fluidity in decision-making and initiative on behalf of the community, and not the application of an “off the shelf” model of data stewardship. They may be seen as a starting point for launching defined models like cooperatives, trusts and so on.
Data Trusts are perhaps the most formal, legally recognized form of data stewardship, in which a trustee of data rights has a fiduciary responsibility towards a group of beneficiaries. Trustees are bound by a duty of care and loyalty towards the beneficiaries – just like a doctor or a lawyer -- and are certified to negotiate on behalf of the collective they represent. Data trusts must maintain a clear purpose that is communicated to all the beneficiaries. Trusts law, which data trusts draw from, exists in some parts of the world – e.g., UK, US and Canada – in civil law jurisdictions. Fiduciary responsibility must be codified through contracts. Data Trusts allow for collective stewardship through the delegation of decisions, and differ from cooperatives, in which the community makes decisions collectively.
A source of some excitement in the data stewardship landscape, Data Trusts provide a clear, accountable pathway for pooling data rights, and collectively negotiating on questions of harm and value with regard to data. Hard evidence on formally certified data trusts is still trickling in, but there are some examples from medical research that have used “data trust”-like arrangements to promote patient participation in research. The most well-known – and perhaps the most problematic – example of a data trust is Sidewalk Labs in Toronto, which used the nomenclature of the data trust without its essential accountability mechanisms. The Data Trusts Initiative is actively seeking data trusts to discover, mentor and perform different functions. Their intention is to create evidence and templates for organizations interested in responsible, bottom-up data stewardship.
Data advocates promote rights for certain communities or groups of people, enabling them to negotiate more effectively on data related questions. These advocates inform and organize people around data rights, with the aim of finding redress through legal and other means. These may be understood in terms of traditional labor unions that advocate for better conditions and rights on behalf of a particular group of people.
Data advocates could exist within organizations, promoting data security, compliance and the ethical collection, use and sharing of data. Perhaps more effectively, they could be independent entities that engage with specific groups, engaging in questions of data rights. Although not traditionally understood as data stewards, data advocates are a critical lever for creating a demand for responsible stewardship: They can demonstrate the need for and value of other models of data governance that may not be directly accessible.
Figure 1. Data Stewardship decision-mapper
As discussed briefly in earlier sections, data stewards basically focus on rebalancing power in the data economy. They do this – among other things – by making data available for user led research, advocating for data rights, enabling collective bargaining and negotiation, and providing people with greater transparency on algorithmic decisions. It is impossible to recommend one particular model over another, given the diversity of purposes being addressed: community preference, purpose, data type, and levels of participation all determine the data steward’s form and function.
As we have seen in the analysis of different data stewardship models, it is clear that both purpose and community needs determine the governance structure of a model. For instance, while homogenous communities with shared experiences and the ability to decide collectively may opt for data cooperatives, they may feel more comfortable delegating complex decisions about data use to a trusted intermediary in the form of a trust that is legally bound to decide in the best interest of the whole community, and can be held accountable in case of misuse or harm. If making data accessible is the explicit purpose, and the data is in a shareable, interoperable form, using open data formats without added complexities of stewardship may be the most efficient procedure.
This also links to the level of participation the community would like to engage in: Some communities may choose to remain informed, while others may wish to be consulted; still others may favour engaging actively, so as to draw empowerment from the steward. Data stewardship models must provide flexibility and a range of options from which communities can choose their preferred form of engagement. These decisions may need to be dynamic, so that people can change their participation style, if necessary. Basically, each community must be able to choose the degree and type of participation that is most comfortable and best suits its needs.
Similarly, the purpose of the steward is critical in determining the form such participation takes. If the objective is to oversee the unlocking of a collective’s mobility data, a loosely defined model like data commons is likely to be most appropriate, as levels of accountability and participation can be both low and flexible. However, if the objective of the data steward is to ensure that worker data is not being collected once they have logged off the application, a more formalized option such as a cooperative or trust may be required, to ensure that these objectives are fulfilled.
Other factors such as data type (personal or non-personal) also determine the form of a steward, as does the sector in question (e.g., mobility data is different from health data). The basic lesson from analyzing different models of data stewardship is that one size does not fit all: Every community must develop its own model of stewardship, based on its own needs. The flexibility of this approach will ensure that the landscape remains need based, bottom-up and community-centric.
Irrespective of the models of data stewardship, a few core principles need to be applied across sectors, data types, functions, and levels of participation. These distinguish data stewardship from other models of data governance that are not oriented towards individual and community rights. They also outline the highest ideals of what data stewards should pursue. Of course, not all stewards embody them in equal measure; but we believe these principles are critical for any steward to know and aspire to.
One of the most critical principles for a good steward is enhancing the agency of individuals and communities over their data and empowering them to make better choices in this regard,, deploying the data for personal and societal benefit.
Enhancement of agency can occur in several ways; at the core, however, there is a need to recognize the role of individuals and communities as those that both generate data and are most affected by it. It should offer them varied choice and better discretion by ensuring greater awareness, consultation, and participation. Data stewards must work with individuals and communities to understand the ways in which agency is currently being stifled; they need to discover methods to empower people meaningfully.
As we may see in the examples above, Driver’s Seat empowers its members by sharing insights and increasing intelligibility regarding otherwise opaque processes. On the other hand, Worker Info Exchange actively exploits legal frameworks to advocate for greater transparency and choice for workers. Both are meaningful mechanisms for enhancing different kinds of agency for individuals and communities, and are roles a steward can opt to fulfill.
The ability of individuals and communities to actively contribute to decisions pertaining to their data rights is a fundamental tenet of data stewardship, and critical for enhancing both agency and accountability. At its core, such participation means individuals and communities can help decide about the collection, use and sharing of their data. In addition, stewardship can enhance this process by informing beneficiaries about the different aspects of data governance and practices, consulting with them on the pathways to data governance, collaborating on the design and innovation of decisions and finally, empowering them to make meaningful decisions. It is imperative to highlight that, without meaningful participation, data stewardship would be indistinguishable from other methods of data governance.
That said, it is important to note that merely creating mechanisms for participation is often insufficient. Not every stakeholder may have the time or information to participate fully; nor may their voices be heard equally. Additional mechanisms for addressing structural disempowerment and safeguarding balance and fairness are vital.
The commitment to enhancing agency is insufficient without mechanisms holding the steward accountable. Essentially, this is the obligation to accept responsibility for activities, disclosing them in a transparent manner; it also includes responsibility for decisions made. Likewise, data stewards need to ensure that individuals and communities can hold platforms and technology companies accountable for their actions and decisions.
It is possible to enable accountability in multiple ways:
- Transparency: to ensure people can see how data is being used, what consent is being given and for what purpose, and allowing individuals and communities to withdraw consent as and when required. This transparency must be both formalized at the level of the steward, but also demanded from platforms as part of the steward’s role and function.
- Procedural regularity: this includes audits, and disclosures by the data stewards to the communities they serve.
- Supervision and codified responsibilities such as fiduciary obligations, discussed in more detail in the next section.
- Mechanisms for grievance redress and enforcement that could take different forms, but essentially provide individuals and communities with a forum for escalating issues, as required. They can also hold the steward accountable for any breach of trust.
Another principle that we have seen throughout the above discussion is transparency – of both decisions and processes. Partners are key to a data steward’s ability to function. It is not highlighted separately here, because it is interwoven with accountability, agency and participation: These are not meaningful without aspiring to a robust framework for transparency. We can see this in the form of information dashboards, audit reports, active “town houses” with data stewards and so on. Whatever they may be, without mechanisms of real time transparency, a data steward will not be able to fulfill their commitments.
It is worth noting that principles are often considered remote, and complex to implement. Therefore, in the next section, we discuss how to instantiate some of the ideals fundamental to data stewardship.
Having discussed the core principles underlying good data stewardship, this section specifically tries to understand how we might go about implementing them. For instance, if we think it important to be able to hold the data steward accountable, what tools and infrastructures are available to us to help ensure accountability? Similarly, what types of governance and decision-making models might we employ to ensure participation? And finally, what mechanisms might we employ to ensure transparency and compliance in relation to data related rules?
What infrastructures and tools could help beneficiaries of the data stewardship arrangement hold the steward accountable? Regardless of whether stewards are democratically elected or appointed for life, we need to ensure that they continue to act in the interest of those they represent. Here we discuss the role fiduciary duties can play.
Fiduciary duties would accord beneficiaries confidence that data stewards will continue to act on their behalf. What is needed in this case is the fiduciary duties of loyalty and care. The former is the obligation to act in the sole interest of another. For instance, doctors have such a duty, in that they must act only in the interest of their patients. It follows that data stewards should always be independent, without an interest in the data they oversee. Duty of care means that data stewards cannot be negligent. For example, when a steward allows a third party to access data, the steward must ensure that the third party will secure the data properly, and use it in accordance with the rules which the data steward has set out. Fiduciary duties are protected by law; so that, if the steward fails to uphold their duty, their decisions can be challenged in a court of law.
In common law jurisdictions such fiduciary duties can be created through the creation of a trust.
In civil law jurisdiction, fiduciary duties tend to be created through contracts. One person can authorize another to do something on their behalf. These types of contracts are governed by duties of loyalty and care. Contracts between lawyers and their clients are one example of such mandates. Moreover, any organizational form (e.g. companies, cooperatives, and associations) can be endowed with such duties. For instance, a data holder may hand over their data to a non-profit company, on the strict condition that they can use it only in the sole interest of a specified group of people (which is likely to include the data holder).
While we have assumed that data stewards will be responsible for executing data collection and sharing decisions on behalf of the subjects of the information, we have said very little about how these decisions come about. Here we briefly discuss several decision-making models.
The relevance of any particular decision-making model depends on a number of factors and values:
- Relative importance of education
The collection and use of data is often obfuscated, and not all the beneficiaries find it readily understandable. In such cases education should be a core component of any decision-making model.
- Relative importance of deliberation
The beneficiaries’ ability to deliberate with one another before reaching a decision on a policy issue is a core component of any meaningful decision-making effort. Individuals do not exist in a vacuum; they are part of communities. One person’s opinion on a policy issue will therefore be informed by the opinions and concerns of those in their community. Through deliberation individuals receive an opportunity to exchange viewpoints about the ways in which a particular policy affects other members of society.
- Group size
For instance, in a large group it makes less sense for everyone to engage actively in debates about the use of their data.
- Relative sensitivity of the data
If the data is not considered either very sensitive or important, the beneficiaries may feel less motivated to engage actively in decision-making processes. If it is either sensitive or important – or both – the opposite may be true.
Instead of the beneficiaries reaching decisions, a data steward might be charged with doing so. Of course, they still need to know what their beneficiaries want. To this end, they could employ a survey, which is the least time-consuming, most cost-effective format available. This is an appropriate tool for revealing opinions and current behaviors. However, without room for deliberation between members of the public or much opportunity for education, a survey is unlikely to provide a deep understanding of future behavior, or deeper, more thoughtful responses. In addition, people may not trust that their opinion matters, filling out the survey haphazardly. We therefore recommend that surveys are used to complement other modes of engagement, rather than as a lone solution.
In this model, everyone makes decisions about the data that identifies them. It will only become available to third parties when an individual allows that piece of information to be shared. In this scenario the steward is responsible for setting the conditions that enable beneficiaries to decide which data they wish or do not wish to share, and for executing their decisions. The disadvantage of this model is that it requires individuals to make many decisions. Additionally, as we mentioned above, it is likely that decisions a person makes about personal data could negatively affect the rights and affordances of someone else.
In this model, the beneficiaries vote directly on data collection and use requests, and the steward acts upon this decision. Depending on the importance of the decision and whether it can be reversed, the steward could, for instance, implement a majority rule, a ⅔ majority rule, full consensus, or some other criterion. The disadvantage of direct voting is that it requires all the community members to participate especially actively, but does not necessarily lead to a better transfer of knowledge between the steward and the beneficiaries.
By this we mean efforts to uncover the beneficiaries’ concerns and interests regarding a particular policy option. Instead of asking specific, closed answer questions, this type of engagement aims to crowdsource ideas based on a simple prompt. It avoids framing the issue too narrowly, and helps identify which segments of a population may or may not feel strongly about an issue.
Together, the group of people that have pooled their data or who are affected by the collection and sharing of that information elect representatives to make decisions on their behalf. These representatives would become the data stewards and would serve for a predetermined term. This model reflects our representative democracy. It would allow those who care deeply about the issues and who have sufficient expertise to make decisions for others. However, there is always a risk that the representatives are ensnared by niche interests and may stop reflecting the needs of the wider community.
Instead of everyone deciding through direct voting, a data steward would randomly select a group of people (typically 10-40) to serve on a panel. During their term they would decide on requests for data collection and use, and set the rules governing such decisions. We would expect such councils to have access to all the information needed to make their decisions, and to meet frequently. The Ada Lovelace Foundation recently explored this model, and considers it a productive form of community participation that does not require the entire community to be continually involved in decision-making processes. One caveat is that the quality of decisions depends on panel members’ access to relevant information: If that information is biased, so are the decisions likely to be.
We can also imagine a hybrid form that, e.g., combines the creation of a panel to focus on the creation of new rules or more sensitive decisions with a representative board of data stewards to govern daily operations.
Once the data steward and the community of beneficiaries have set the rules for data collection, access and use, it is crucial that both parties can monitor compliance. As we stated above, transparency is key. Luckily, the technological tools to achieve this transparency and compliance are steadily maturing. We discuss a few key ones below.
Trusted research environments are safe, secure spaces where researchers and other users can access data. It is the modern-day equivalent of allowing a researcher access to a specific database on a computer in a private space, for a fixed duration. If implemented correctly, such environments would allow researchers to bring their algorithms to the data - rather than transferring data to a local machine – in order to perform specific computations, and take only the results of those computations with them. This model allows the steward full transparency over which computations are made and by whom.
Software tools, such as the ones Immuta has developed, allow data stewards to add a layer of policy grammar to a database. This allows the stewards to set access rules that are automatically enforced. Such rules include who has access (either which role has access, or specific individuals), and how much they are allowed to see. For instance, a steward could decide to allow certain roles to see only aggregated data or data that already exists, while others might be permitted to view the underlying data points.
Data stewards could publish immutable, permanent logs that detail the times of granted access, and new data collection and/or use. Such a log could be quite detailed, giving information about specific actors, timestamps, purpose of use, types of access, and more. By creating such logs, the beneficiaries are able to verify that their interests and needs are indeed being served; they can also detect any unwarranted data access or use by third parties.
As the levels of digitization and datafication of our lives and communities increase, the need to rethink how we govern data is crucial. Data stewardship offers an alternative to the current status quo: Anchored in the ideas of the social value of data, collective decision-making and participation, it aims to reconsider our engagement both with data, and those who control it.
Data stewardship is a powerful idea, and the source of its influence is that it is community led, is bottom-up and reflects the needs of the people it aims to serve rather than the technology companies or governments who seek to collect and use it. This adds to the complexity of implementing data stewardship, as no two communities or their needs are alike. Furthermore, the pathways to outcomes of justice and equity are different. The diversity of models, governance and accountability frameworks, infrastructure, and legal instruments are all critical for supporting and ensuring that we are not pushing one type of stewardship over another, but are creating a space for communities to explore design choices that work for them.
To do this, more evidence from the field is required so that community decisions on questions of data are better understood and chronicled, and can serve as lessons as this space grows. We also need to invest in capacity, organizing and mobilizing people on the ground to understand the value of data stewardship. Finally, regulatory innovations are needed to allow more far-reaching developments in this space. These include the rights of citizens to delegate their data rights to trusted intermediaries, as well as the legal safeguards to ensure that the chosen intermediary (a data steward) continually acts in their best interest.
Ada Lovelace Institute Participatory Data Stewardship (2021); retrieved from https://www.adalovelaceinstitute.org/report/participatory-data-stewardship/
Ada Lovelace Institute Exploring Legal Mechanisms for Data Stewardship (2020); retrieved from https://www.adalovelaceinstitute.org/report/legal-mechanisms-data-stewardship/
Frankel, T The Rise of Fiduciary Law (2018), Boston University School of Law.
Immuta, Automated Data Governance 101 (2020); retrieved from
Kapoor, A & Whitt, R Nudging Towards Data Equity: The Role of Stewardship and Fiduciaries in the Digital Economy (2021); retrieved from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3791845
Kapoor, A Collective Bargaining on Digital Platforms and Data Stewardship (2020), Freidrich Ebert Stiftung; retrieved from https://asia.fes.de/news/fow-collective-bargaining
Manohar, Kapoor & Ramesh Understanding Data Stewardship: Taxonomy and Use Cases (2019), Aapti Institute Data Economy Lab; retrieved from https://thedataeconomylab.com/wp-content/uploads/2020/06/Understanding-Data-Stewardship-Aapti-Institute.pdf
MIT Technology Review Rebalancing the data economy: Startups for a Restart (2021); retrieved from https://www.technologyreview.com/2021/07/01/1027803/rebalancing-the-data-economy-startups-for-a-restart/
NHS, Trusted Research Environment Service for England (2021); retrieved from
Patel, R. The foundations of fairness for NHS health data sharing, 2020-12-08; retrieved from https://adastaging.sbx.so/the-foundations-of-fairness-for-nhs-health-data-sharing/
Raymond, N Beyond do no harm and individual consent: Reckoning with emerging ethical challenges in civil society’s use of data (2016), in: Group Privacy: New Challenges of Data Technologies, Springer
Ruhaak, A Data Trusts: Why, What and How (2019); retrieved from https://medium.com/@anoukruhaak/data-trusts-why-what-and-how-a8b53b53d34
Ruhaak, A How Data Trusts can Protect Privacy (2021), MIT Technology Review; retrieved from https://www.technologyreview.com/2021/02/24/1017801/data-trust-cybersecurity-big-tech-privacy/
Sundarajan, P Developing standards for accountability in data stewardship (2020), Aapti Institute Data Economy Lab; retrieved from https://thedataeconomylab.com/2020/09/18/developing-standards-for-accountability-in-data-stewardship/
Tait, J A case for data cooperatives (2021), Aapti Institute Data Economy Lab; retrieved from https://thedataeconomylab.com/2021/09/06/the-case-for-data-cooperatives/
Van Guens, Brandusescu & Mozilla Insights What Does it Mean? Shifting Power through Data Governance (2020), Mozilla Data Futures Lab; retrieved from https://foundation.mozilla.org/en/data-futures-lab/data-for-empowerment/shifting-power-through-data-governance/
 Raymond, N Beyond do no harm and individual consent: Reckoning with emerging ethical challenges in civil society’s use of data (2016), in: Group Privacy: New Challenges of Data Technologies, Springer (2017)
 See also: Ada Lovelace Institute Participatory Data Stewardship (2021)
 For more about the importance of agency, see: Kapoor, A & Whitt, R Nudging Towards Data Equity: The Role of Stewardship and Fiduciaries in the Digital Economy (2021)
 See also: Sundarajan, P Developing standards for accountability in data stewardship (2020)