Over the past few years, they have been popping up everywhere in major cities: shared scooters that you can hire and then leave wherever suits you best. Handy for the user, but where are these scooters parked? Are they left in public spaces where they get in the way, and did the municipality, while giving the companies a permit, create enough space for scooter users to park them?

It is one of many examples of issues that local authorities would like to tackle using data from companies. ‘In the case of shared scooters, information about journeys and parking movements, provided by the companies that rent out these scooters, is very useful for the municipality,’ explains researcher Heleen Janssen. ‘This helps to identify where the scooters are being ridden and parked, in the already scarce public space, and whether better parking facilities could be created.’

Personal data and trade secrets risk being exposed

But companies are generally not very keen on sharing data, says Janssen, even if it is for the public good. ‘Often, this involves data containing personal information or, for example, trade secrets. Companies are wary of this, partly for fear that they might be breaching privacy legislation, or that trade secrets might be exposed. The municipality therefore needs to carefully consider the context and provide robust safeguards regarding, for example, the handling of personal data.’

Companies want to know exactly what their data will be used for, explains the researcher, ‘and that is a very valid question. Governments often request data but fail to sufficiently clarify exactly what problem they aim to solve and what data is specifically needed to tackle the problem.’

A data intermediary might then offer a solution, the researchers suggest. Data intermediaries serve as a mediator between those who wish to make their data available and those that seek to leverage that data. The intermediary works to govern the data in specific ways and provides some confidence regarding how the data will be used. Janssen: ‘An intermediary offers legal, organisational and technical expertise, helping local governments to access and use company data in a more reliable manner.’

Fear of reputational damage

The research project is a collaboration between UvA researchers in the fields of law and computer science, together with the City of Amsterdam. Together, they investigated from legal, technological and organizational perspectives what may be needed to establish a data governance enabling data sharing between businesses and public authorities in a proper and secure manner, and how a data intermediary could assist in this process. Among other things, they mapped out the relevant legislation, investigated the technological possibilities and, through discussions with government bodies and businesses, identified the obstacles to data exchange.

‘One of our conclusions is that the legislation is not comprehensive anywhere, and that this creates uncertainty on both sides,’ says Janssen. ‘Companies fear reputational damage if their data is misused, whilst governments fear losing trust of citizens. A data intermediary with an appropriate data governance can help identifying interests of both parties, by asking the right questions and making clear agreements on access to and use of data. Simply put, a data governance entails a set of rules, or agreements, to which all parties – that is, the party making the data available, the party using the data and the data intermediary itself – adhere. Only based on these agreements the intermediary can potentially act as a trustworthy party capable of removing obstacles to data sharing.’

Building trust takes time

But none of this happens overnight, explains Janssen. ‘We saw that the technological side of things can be sorted out quickly, but that there is still a great deal of uncertainty surrounding legal admissibility, and that it often takes a long time to build trust needed to make that exchange happen. Based on our research, we established a number of rules an intermediary should consider: how do you secure that trust, and what kind of rules should you bear in mind? The problem that needs to be solved must also be identified much more precisely. The recipient cannot simply say: “Just give us access to as much data as possible, and we’ll sort out what’s useful ourselves”. Granting access carries too many risks for that. Moreover, businesses may ask a financial or other form of compensation in return for sharing their data: what’s in it for them?’