Some initial thoughts on whether data trusts and co-operative credentials are complimentary.
A data trust is simply legal structure and a database. The legal structure of the data trust is the key bit. A “trust” is a concept from common law jurisdictions (primarily the U.K. and its former colonies). It involves a relationship between a “Trustee”, in this case the entity holding the data, and the “Beneficiaries”, the entities who have a beneficial interest in the data (e.g. the data is about them).
The trustee holds a “fiduciary duty” to the beneficiaries vis-a-vis the subject of the trust (i.e. the data). A fiduciary duty is one of the the most onerous types of duty in common law systems and there are serious penalties for breach of those duties. The content of the duty depends on the structure of the trust, but typically they involve
- Proactively acting in the best interests of the beneficiaries
- Strictly avoiding conflicts of interest
- Acting according to “proper purposes” as determined by the trust
Most legal systems, for example most European countries, use a “Civil law” system. Famously, civil law systems do not recognise the concept of a trust. This is debatable from a legal perspective (there are concepts in civil law similar to a trust), however it does raise the question of how an international data trust would operate from a legal perspective.
If an initiative is set up with the explicit aim of serving a set of international beneficiaries, i.e. co-operatives, does using a common law legal structure disadvantage beneficiaries from non-common law jurisdictions? Perhaps, but not necessarily. Indeed, pairing a data trust with a standard like verifiable credentials (which, incidentally, attract the significant interest in the EU), could ameliorate the problem.
Verifiable credentials are explained at length elsewhere. Prima facie they may seem to be concepts in tension, as a data trust is centralised and verifiable credentials are decentralised. However this superficial distinction breaks down when you see them as complimentary parts of a larger system. I’ll just quickly point out a few ways they can work together.
Simply put, when a credential is issued, the claims required to fill the credential need to come from a datastore. That datastore could be managed by a data trust. In fact for data integrity, particularly when it comes to credential “Refreshing”, would arguably be improved by such a structure.
verifiable data registry
A role a system might perform by mediating the creation and verification of identifiers, keys, and other relevant data, such as verifiable credential schemas, revocation registries, issuer public keys, and so on, which might be required to use verifiable credentials. Some configurations might require correlatable identifiers for subjects. Some registries, such as ones for UUIDs and public keys, might just act as namespaces for identifiers.
Sometimes this role is played by a blockchain, however in the case of co-operatives, a blockchain may not be appropriate as co-operatives need easier access to the data for compliance purposes.
Verifiable credentials serve as a means of communication between the datastore and the beneficiaries.
If you store data from various beneficiaries in one place the question arises how that data is retrieved from, and used by, the various beneficiaries. Especially how you do this in a secure and privacy respecting fashion. Verifiable Credentials are tailor made for this purpose.