 We want to start by acknowledging that Harvard is located on the traditional and ancestral land of the Massachusetts, the original inhabitants of what is now known as Boston and Cambridge. We pay respect to the people of the Massachusetts tribe, past and present, and honor the land itself, which remains sacred to the Massachusetts people. Our guests today are two friends and colleagues in bars, Dr. Dora and Dr. Funke. Doc is a law professor and the director of the Digital Law Center at the University of Geneva, and Leah is the assistant dean for learning, experience, and technology, and the Meyer Research Lecturer of Law at Harvard Law School. They're here to illuminate big picture challenges around data governance and altruistic data sharing models. The EU Data Governance Act describes, quote, data altruism, unquote, as when individuals and companies give their consent or permission to make available data that they generate voluntarily and without reward to be used in the public interest. So we will dive deep into the specific realities of this model for children and teenagers, both in everyday and in crisis contexts. Please note that this event is being recorded. There are some cameras in the ceilings. However, audience members will not be shown. For the virtual audience, if you wish to ask any questions or leave any comments, please use the question and answer function on Zoom. And this is also a friendly reminder to ensure that your mics are muted during the event and for folks in the room to quiet your phones please. We strive to create inclusive, accessible events. For any questions, comments, concerns, or ideas for future gatherings, please contact us at events at cyber.harvard.edu. Your feedback is critical to our success. And to stay in the loop about future events at the Berkman Klein Center, head to cyber.harvard.edu slash get involved. And for students, I know there are a lot of students in the room. We have a student Harvard student specific listserv as well that you can sign up for to learn about those kinds of opportunities here at Center as well. Thank you for joining us today. Jacques and Leah, take it away. Thank you so much, Becca. It is wonderful to be here and wonderful to welcome you back to Cambridge. We miss having you here in person last January when you were teaching online to the visiting professor and the lighted you are here now. So warm welcome. And with that, I may actually put you on the hot seat and ask you a question about life across the pond. And I question this, data altruism. Could you tell us a little bit more about how it is defined as a legal term of art over in Europe as well as from a policy perspective? What does it mean as a US based lawyer and legal scholar and US based that subject data altruism sounds delightful? But what does it mean? So first of all, thank you very much. It's an immense pleasure for me to be back in person also with a wonderful weather and to discover the new Brooklyn Klein Center office space. A tech related discussion without a tech related moment. All of it is on. That should work better this time. So as mentioned by Becca introduction, so we are basically exploring and having to discover what this concept of data altruism is supposed to mean. It has been now adopted in the data governance act that will come to force in less than a year from now in September 2023. The regulation has been adopted back in May. So we'll have to see what that means. And what I perhaps want to do from the outset is just describe a bit what that means without going too much into the details, to keep that for the second set of the discussion and also to try to keep it at a high level. So as mentioned, one element is that data altruism relies on the voluntary process. So it's based on consents. And also one important element is to keep in mind that data agreements does not focus only on personal data under the famous GDPR, which I'm sure you're familiar with, but also covers non personal data. I mean, industrial data, that means also you can have potentially companies or individuals sharing their non personal data and that can be part of data altruism. One thing which is important and Becca, you already alluded to that is that if you want to speak about data altruism, there should be no remuneration. So the person and the company is sharing the data in the context of data altruism activities shall not be remunerated for that, except for covering the cost. The question is what does that mean to cover the cost? But anyway, there shall be no basically a financial interest in incentives for sharing. But more importantly, and perhaps most importantly, in order to speak about data altruism, the sharing must be done for a purpose of a general interest. And there are a few examples which are given in the Data Governance Act that can be promotion of mobility, promotion of environmental purpose, also research purposes. There are a few examples which are given, which mean basically that there shall be, of course, not a commercial setting, not a commercial purpose for that data sharing. And one key element that I insist on that is that it is really based on consent, meaning that and perhaps also weakness of the entire system is that the consent can be withdrawn. So there is a dependency on concept on the consent, which is at the core of the data altruism mechanism. And one thing which is, of course, important to keep in mind, too, is that in Europe, but also in other places, no one basically waited for the Data Governance Act to do some data altruism activities. And there are plenty of examples of such activities. For instance, the city of Barcelona where basically they had launched a project called Decode in which people were invited to set sensors for the purpose of collecting data for air pollution measures on this type of activity. So that means we will have a new framework which basically should facilitate and that's going to be part of the discussion, but which certainly doesn't create data altruism as such from scratch. It has been in the air for some time. But that's basically what is data tourism. If I may just briefly turn to the who. So who shall be doing that? So there are, as you could expect, so-called data altruism organization that are to be governed by this Data Governance Act. They should be and they shall be. This is a mandatory application, non-profit organization. They shall also do business in a manner which is totally separated from all business entities. So if there is a business entity which may want to engage in data altruism activity, they should create some kind of independent foundation or another non-profit institution in order to run that. And the EU framework somehow is based on some kind of incentive system. And we get to see whether that will work and whether the incentives are quite efficient or not in the sense that there is a system by which these data altruism organization may get registered at the national level in registry for data altruism organization. And there is no obligation to do so. But if they do so, there is an incentive, again, with the question whether that would be effective or not, that they will be in a position to use a label and that label will be a data organization which are recognized in the Union, so the kind of certification, meaning that they are trustworthy partners. And that's, I guess, the essence of the discussion. How do we create trust? How will we make sure that the system works in the sense that people and company will do an engage in data altruism activity? So there's labeling system and as you can expect, there is also some kind of a supervision system by state authorities in order to make sure that those companies who wants to deserve that label do comply with the relevant obligation. So that would be the pools or would be data altruism organization and some kind of a supervisory system at the national level. And now as to the how also very briefly. So one thing that somehow transpires, so to say, from the regulation. And again, I couldn't mention that from the outset, of course, observing from the outside of the EU being based in Switzerland. But one thing that transpires from the regulation is that there is a strong intent of the regulator to make sure that the data shall not be misused. So there are a lot of publications which are imposed on these data altruism organization to make sure that they do protect also in terms of cybersecurity and connected to the events today. Make sure that there shall be no leakage and that there is a strong obligation to protect the data that they get access to that are granted to them by these data owners. Now, one important piece also of the regulation is a so-called rulebook. So there shall be a rulebook that shall be established by the EU Commission in the coming times that shall somehow define what are supposed to be the obligation of the data altruism organization, which will be a very important way to implement that in practice. And that rulebook, interestingly, will also have to raise awareness about data altruism. So that's also a question of as we discussed in preparation of the session, how do we incentivize the people basically to share the data? So the rulebook will be an important element of implementation as to how that shall work. Hopefully another very important document will be the so-called European data altruism consent form. As mentioned earlier, the entire system is based on consent. And the idea is to create trust so that people who will be will have the required level of trust in order to untrust the data to third party on an altruistic basis. So there shall be some kind of a uniform format to do so in the way of performing that shall be developed at subsequent stage. Now, in terms of policy action, that's going to be my final report on that. If you look at the regulation, you'll see that there is a mention of the potential development in supplementary, but a potential development of so-called national data policies. So it would be interesting also to see what will come on that front and perhaps in terms of future academic policy work, whether there might be supports to be offered on that basis, perhaps from a transactional perspective to see how these national data altruist policies shall be implemented in practice. Another question, of course, as we've discussed, is to see how this type of evolution, how this type of regulatory approach might have a success even beyond the European Union. As far as Switzerland is concerned, even though I was too early somehow to predict whether that will be implemented in Switzerland, but I'm pretty sure that we are, of course, observing that very closely because as a matter of principle, we're trying to be EU compliance as a matter of principle, not only for data policies, but more generally. So I'm sure that this will have an impact. But the question is perhaps turning to you is to think about how that type of regulatory model might be perceived as a potential model in the same way as the GDPR of course, different but slightly connected, of course, matter. The GDPR has been set to kind of become some kind of a global standard with respect to data protection. So what do you think of the Data Governance Act as to the data altruism function? Thank you so much. Is this working OK? OK, quick touch up before I talk about tech. So here in the United States, since we don't have the same type of national or in the case of GDPR, supranational data privacy protections and data governance framework, we have a long way to go. First, I think to serve as a model in the United States, we would need to get ourselves a comprehensive federal privacy law where regardless of whether you are living in California, which has really our strongest state level of privacy protections in the country at this point, or whether you are living in a state that doesn't have that, you, no matter what your age is, can rest assured that there are certain rights that you have in your data that are not going to be violated regardless of where you're living. So I think it's it's hard to get to a concept of data altruism yet in the United States because altruism implies that it is yours to share. And while I am very much committed to the principle that all of us as individuals do have more rights in our data than our country's law currently recognizes, the fact remains that on a federal level, actually, those rights are not protected. So it's hard to think about how you find your way to being altruistic, to sharing, to giving something that the law does not yet fully recognize as yours. Second, I think that there is a trust issue in the United States with the idea that baby data can do big good. Certainly, we have many cases in Jackie, when a number of colleagues wrote a wonderful recent paper that was circulated in connection with this talk about all the ways, especially in crisis mode, that data sharing can facilitate absolutely life-saving forms of good. But unfortunately, as a research recent Pew Research study here in the United States found it was almost roughly 80 percent of adults surveyed have some level of concern about their data privacy in this country. And so before we can get comfortable thinking that we could share voluntarily and transparently for greater good, we have to not only have legal confidence that the data is somehow ours or somehow protected, but also we need demonstrated use cases where it is being used in our own good. And last but certainly not least, I think those two issues are particularly important when it comes to youth. And I am defining youth here broadly to include folks in that sort of 21 and under range. There are other ways that one could draw those lines, but I am going a little bit younger with that group to say that youth are born digital as our colleagues or as our John Colfery have been saying for quite a while. And so when you are talking about now generations, not just a generation, but generations that even before they are born in some instances and for some of them, you could argue even before conception, if data from a fertility tracking app or wearable device could be linked back to them, their full coming into existence actually has a digital data trail. And I think that for generations that are born and conceived, maybe even thought of, I don't know, folks who are technologists can jump in and tell me we have the technology that can read our minds that I don't know about yet. And by the way, if you have questions in the audience or out there virtually to jump in at any point, but I think that there needs to be an even greater emphasis plates on that trust building and proof of concept for data altruism to take hold in the United States, especially among you. And I'd be curious to hear a little bit more of your reflection, reflection job on when we look over and think about how the kind of trust may be built up even better right now in the EU and other European, but not EU countries. How do you think about that relationship between privacy protections and trust building such that countries can find their way to data altruism? I think it was a key element that we just discussed is trying to see how we can ingrain somehow trust in the entire ecosystem of data altruism. And one thing that we can note when we look at at this data governance act with respect to the specific chapter on data tourism and have some kind of helicopter view is that there is still basically a system which is anchored on consents as the key element which is supposed to justify the entire system. And you kindly alluded to that recent position paper that we have drafted in an interdisciplinary way on using or improving and maximizing the use of data in crisis situations. In that concept paper, we have somehow move away from consents in order to find other grounds which would make it possible to use data. So to me, the question is, do we want to keep that regulatory model which is based on consents, which is now what is at the core of the Digital Governance Act, which is, of course, the kind of the logical consequence of considering data rights as individual rights, at least with respect to personal data protection, or do we want to move away from that paradigm, also knowing that if we, and that's a general reflection which is also actually mentioned in the Data Governance Act, individual data that we collect from yourself or myself will of course have no impact that might come and might help if we collect all our data in this room and of course way beyond this room, perhaps also with our online colleagues that can have an impact. So my point is that we have to think perhaps in terms of paradigm shift from individual exercise to collective exercise. And that's, and if we want to do that transition somehow, of course, if we consider this is legitimate, we may also have to think about moving from individual consents to perhaps collective consents or no consents but other legitimate basis for processing data. And there are critical voices which have been criticising even quite heavily this Data Governance Act on the ground that precisely it's based on consent and I'll terminate on that. Also, because if you go through that document, you will see that there is pretty strong insistence not only on consents as the justification for processing and for data addressing, but also on that's a logical consequence for withdrawal of consents. Another question is what do you do if people withdraw the consents? That would mean potentially down the road that the use for the public interest might be threatened in the future if people do withdraw the consents. So we have a problem which is a general problem under data protection law but also personal data protection law but also for non-personal data. If it's from an IP perspective, I may just make a very short side note on that. It's as if you have a license agreement and then you terminate the license agreement. Of course, the licensee after the termination doesn't have anyone to use anymore and that would be the consequence here. Is it really what we want in terms of general interest, general public interest that everyone can basically individually withdraw the consents and also in very practical terms, I don't think that would be easy to implement because if we assume, and I'll terminate on that, if we assume that the value of data is basically the collectivization of data, the aggregation of data, what, how do you in practical terms, implement withdrawal knowing that the data will be basically commingled and mixed with all data? That means in practical terms, my perception that in any manner extremely difficult to enforce this withdrawal of consents. So question to me is, is it still the right model? And I've been, of course, very happy to hear you, but perhaps also the audience as to what might be the appropriate model to move away from this consent-based individually exercised rights to a collective exercise of rights which perhaps might be based on collective interest and say, this is legitimate for society. We need more data address. So we need some house to kind of find a legal basis to justify this data processing. I see a hand back there. Go ahead. I have a question. So this is very interesting. So I may need to pass my question first thing is, so our person has a very positive connotation to it, right? And sometimes individual interests and conflict with collective interests. Thank you. So there may be conflict between individual and collective interests and maybe it's not the best for the individual to sign up for that, right? So what are the downsides? And in the second aspect, I wanna talk about, but likely to ask about nudging or like consent. You talk about consent. There's a lot of research in my field which is information systems management about algorithmic nudging which refers to the use of psychological cues to make people behave in a way that may not always be good for them, right? So yes, consent is fine, but maybe they are nudged into something that is not good for them. And is that still then something that is altruistic or good? Thank you. Thanks very much for these points which are of course a key relevance. My perception is that even if we were to move away from individual consent and have some kind of another justification, what should remain is full information. And you see that also transpire in the regulation which is kind of a standards approach which certainly makes sense to make sure that to your point, there's really a full information as to what shall happen with the relevant data also to prevent that the type of general public activities that were supposed to be covered and that were supposed to be undertaken on the basis of the consent that was initially given that these general public interest activities shall not be converted subsequently into perhaps commercial activities. So there's really a need to make sure that you have a fully informed consent or even if we were to move away from individual consent, we would still have some kind of a full disclosure for full disclosure as to what happens. Now in terms of the nudging and not familiar necessarily with what you're doing in terms of research that we're interested by the way to also to learn more, it's certainly something that would also need to be taken to account in the sense that we should again, I guess that could be connected also to this full disclosure full information to be given to make sure there is no kind of misleading. And you see that also, and I'll terminate on that, you see that in the regulation, there are also some kind of protection mechanism in order to avoid that allegedly altruistic activities and organization shall kind of make like misleading statements in order to attract data and to collect them for commercial purposes. So there's this tension somehow to make sure that if it is truly altruistic, the entities which are engaged in this type of activities should truly make sure that there's no misleading of these data providers in any manner. Consent is a really tricky concept. And I see a hand so I'll keep this very brief. I just wanted to surface and I would love questions, reflections, pushback on what I'm about to say. I think consent is so tricky right now, especially in the United States. And here I'm talking specifically about consent when it comes to digital data that we should, and I use should from both an ethical and also legal basis, we should get consent from a data subject, from a person before using their data. Practically speaking in the United States, the vast, vast, vast majority of the time that we are theoretically giving our consent, it's really not consent in a practical sense. So think about all the times you are clicking, I agree, or swiping next or hitting submit. You probably aren't reading everything that you are theoretically consenting to. And I'm not faulting you for that. I will fully confess, if it is in my professional capacity or it involves my kids, I am reading it. If it is just in my personal capacity and just about me, and I'm trying to get my Uber app updated, I am definitely not reading it because I've got a million other things to do. And so the whole framework we have going on right now around consent in the United States, there's a lot of legal fiction to it in a way that I really struggle with in terms of thinking about how to build a fair and inclusive and just common sense, honest digital data governance system in this country when we keep talking about consent and it's ultimately pretty empty in terms of building upon it. There's a great recent law review article by a law professor named Mary Fan that talks about, and I believe it's the first of its kind in the United States to affirmatively talk about building a public or collective right to pool data in a data altruistic way in order to have shared public benefits. So thinking a little bit about some of the rights that might exist in terms of public access maybe a way here in the United States as well as across the pond to make our way through a little bit of I would say legal fiction in our country at least that it's possible to have actual consent. And I saw your hand. I don't want to cut it. Did I see it correctly? Please. Mine is a very basic question. In Wikipedia, we find biographical information of many scientists and artists. So I'm a plant biologist and I do provide data both of living and even the past. About three or four years ago, I heard that what we provide may not agree maybe in violation of the privacy of European Union. And so can you elaborate anything about it? I'm not sure I got the question right. Perhaps could you reference it? I think the question and please jump in if I misheard. I think the question has to do with, I think the question has to do with the ways in which GDPR over in the EU may be impacting the ability for a scientist to share information on Wikipedia or other platforms. Is that correct? Yeah, I mean, I would not be in a position to speak specifically with respect to Wikipedia, but as a matter of principle, I think, and I just had a doctor's written for PhD thesis on that topic and if I put it in general terms, the challenge is to make sure that GDPR doesn't prevent academic research and research activity in general. And you see that also coming back to the topic of today's session. You see that emerging to with respect to data address because research and scientific activities are one of the activities which are supposed to be covered by this general public interest that could justify data address activities. So there's a tension which still exists and on which I think we still should work collectively in order to make sure that GDPR doesn't act somehow as a barrier and as a hurdle for scientific activities in the broader sense. So that's certainly a very relevant concern on a very important issue. Yeah, thank you for your talk. And I agree with this idea that we need more collective measures for consent to data processing. And I'm interested in if you thought about concrete measures how to effectively democratize data processing. And if you also thought about specific use cases or something that you could share with us. Yeah, thanks very much. It's a very important point. And I think I was thinking also in terms of incentives in order to try to promote data algorithm. I think what we need is precisely case studies and I'm thinking perhaps also a comment or question to you Lea as to what should the next gens do? How can incentivize them to share the data? This not necessarily with this type of relatively, let's say regulated approach where we define what data alteration mobilization are supposed to do or what not supposed to do. We have to find ways to incentivize the sources of the data. And as mentioned, there are a few examples of the paper that we've discussed in preparation of the session. There was for instance this decode project which was conducted as I was mentioning earlier by the city of Barcelona. And I guess you can look it up online. That's an interesting example. And you'll see also that's one of the tricky question at your level is how do you distinguish between personal data on the one hand and non-personal data which is frequently quite tricky which is why I think it's good that this new data governance act in terms of data alteration adopts a transversal approach saying that this data alteration rules are supposed and can apply to any kind of data basically. I think now as to the first part of your point in terms of collectivization, if you look here again at another chapter of the data governance acts, what they are contemplating and what will have to be implemented in the near future is the creation of so-called data intermediaries. So data intermediaries as the name indicates are supposed to act as entities between data holders on the one hand and data user on the other hand. So it's one step in the direction of trying to move away from the individual exercise of data rights to a more collective exercise but here again and that's a different chapter of a different discussion. We have to see how that can be implemented. I think one point that will have to be taken into account in this discussion of fostering this data intermediation services is to make sure that we find the right balance in terms of risk of liability of these data intermediaries. So they will be basically getting a lot of data and then they will kind of sub-license them out using again an IP licensing terminology to third parties. We just have to make sure that they don't risk too much because they will not be at the source of the data. So they will help in the process but to me it might be kind of unfair to have a strict standard liability because otherwise ultimately you have no one providing data intermediary services. And the reason why I'm mentioning is that is that you may have the same type of concern or policy risk if you think about data alteration mobilization which may also in certain circumstances act as data intermediaries by which they would collect these data for interesting purposes and then sub-license them out. Here again we just have to make sure that the system finds an appropriate balance of rights and interests to make sure that the system works to move away from individual exercise to collective exercise if that answers your question. Do we have any questions? I'd like to see one in the back and then also if we have folks joining us from home we'd love to hear from you as well. Thanks so much. I wonder if you might just spend a brief moment expanding on the intermediary concept you just introduced specifically with respect to some of the work done by people here among others regarding data fiduciaries and borrowing specifically the obligations both legal and normative surrounding fiduciaries for example financial data, medical data, et cetera. It sounds like you're proposing something a little broader but I wonder if you might go into a little more detail please. I may return the question. I'd be interested to hear your thoughts on perhaps your definition of data fiduciaries with which I'm not as familiar. To be frank I'm looking at, I have taken a copy of the Data Governance Act because there's a full chapter on data intermediaries and which defines all the rights and obligation of these platforms. To me, if I may give also perhaps knowing or thinking that I know I'm not sure this is the case balance activities here at the Berkman-Klein Center in terms of intermediary liability for in the digital environment. My perception is that as I was perhaps mentioning earlier is that this new emerging concept of data intermediaries doesn't necessarily fit in what we've discussed so far in terms of risk of liability. It's not something which is somehow associated for instance with the intermediary liability with respect to copyright infringement for which as you know there's been a lot going on in all parts of the world including in Europe. Here we have to deal with something which is new which is somehow, and I'm well aware that I don't fully answer your question but I think this somehow one evidence among others of perhaps the fragmented approach that you can find in various, let's say activities of regulators and specifically also at the EU level. I don't think these are the same people basically who have drafted this data governance act by comparison to other well identified and well established issues that we may face with respect for instance to copyright infringement in the digital environment. But again, I'd be also very interested now later to have a sense of this data fiduciary intermediary that you mentioned earlier. Yeah, I've got this one and then I know that there's at least one in the Zoom. Hi, thanks a lot for this. I'm wondering whether you think that the digital governance acts chapter on data intermediaries might facilitate the emergence of data markets. And if so, what effect do you think that would have on data governance in general? Again, I'm not reading the crystal ball but this is the ambition I guess, precisely to foster on that as one of the many facets of European data strategy. But the question is to see also how we would reduce transaction costs to some extent to make sure that there are sufficient incentives from the source of the data to make this data available to the data intermediaries and in terms from the data intermediaries so that they can make the data available to interested end users. And to me, that also requires like for any market that the transaction costs can be reduced. So that means also in practical terms that there should be some kind of template agreement on the basis of which you can rely on the system which works and it is easy to implement to make sure you can get access to data or respectively you can grant access to your own data. And one final element in that respect on which I think it's important also to focus in this general framework of creating, as you say and this is a key element, creating data markets is to make sure that if there is a dispute these disputes are solved efficiently and to make sure that you have a system by which and I'm not to show in that respect that a strong state in for intervention is necessarily relevant. Perhaps we should think about alternative dispute position mechanism to make sure that there is like a speedy accessible also in terms of cost process by which you would manage potential disputes that may arise between the stakeholders. I may offer two very quick observations. I think I'm good for a moment and then I'd love to hear from the question coming in at home. These are maybe tied at last to wonderful reflections and questions together. The first is in my understanding and I will of course defer to our colleague across the pond if I'm missing something but I would read the data intermediary chapter in the new data governance act as well as the recitals ahead of it that support it as being less directed and requiring less of a duty toward a data subject than the data fiduciary model would. I would broadly understand data intermediaries as being required to engage in a somewhat enhanced level of responsibility with much more oversight than we currently have for the data broker model in the United States which is just completely the wildest but not nearly as much of the truth fiduciary would somebody who really has a directive to act in your best interest to be loyal to you and to not interject their own interests into their decision making. Last quick reflection on the effectively the data market model we have in the United States which has a number of different stakeholders but is powered disproportionately by either data brokers that are quite in some way they shadow market even though they are big business and I'd say they are a shadow market because they are very loosely regulated at best more probably it would be fair to say they're largely unregulated there has been some movement at state and federal levels to rein that in that data brokers in the United States engage in a robust data market business where they are aggregating, analyzing, resharing and repurposing data that very often all of us don't even realize they have in ways and with organizations that we don't know they are contracting with and unfortunately we do see that organizations in the United States that we would consider altruistic and are altruistic also do engage with data brokers one quick example that I will welcome our original participant there was a great study by the Center for Law and Information Policy clip at Fordham Law School back in I think roughly 2018 that looked specifically at how data brokers were getting information about youth they thought largely through school settings and they featured a piece of data in that report that the American Red Cross had gotten information about potential blood donors using data broker available lists or selects which are subsets of lists I am not critiquing the American Red Cross or their desire to find blood donors I am just flagging that already in the United States we do have these very unregulated very shadowy data markets that exist with data brokers so with that our virtual front great thank you so good transition to there's a couple questions in here but I'll start with this will youth have the legal agency to assert authority over their data management might that sovereignty extend to even govern their parents ability to control it? I love that question and whoever asked it I promise it wasn't a plant so we are in a unless it was I can't see who it was but I didn't consciously plant it so we are in a very exciting and also very open time with this new governance act in the EU because it has been passed it is not yet effective and there is much to be seen and much to be created about filling in the details and implementation I think that it is an open question just what relationship youth will have if they have not attained the relevant late age of legal majority for that purpose and especially if there were to be a some sort of conflict to use the term that was used by the question who would be the sovereign? Who would truck? Would it be the youth or would it be their parent or guardian? We are in an open space around that my guess unfortunately is that it's likely to default to parent or guardian laws typically do when it comes to youth and data and I really do question whether that is only as desirable but I would be curious to hear your take on this particular set of questions as we move from the passage to the effective date in 2023 of the Data Governance Act how do you see this and maybe some of the related questions unfolding and then I know we have folks waiting in our virtual queue? I think that's also quite intriguing area of policy attention and that would depend if I try to make a reasoning at least based on Swiss law and subject to more detail and indefinitely than the EU law my perception is that that may depend on local laws because it's basically an issue of civil law to what extent minors can consent or not if yes to what extent to something which is relevant to their own let's say intangible assets or which is where other court now was focusing on personal data so I don't think there is necessarily a EU wide solution at least there is as far as I can tell no international solution which is like unanimous but if we were to think about a way to kind of promote data altruism also for the future and also to empower minors to engage in these type of activities we may think about alleviating perhaps the conditions and to give them more power perhaps by standard by comparison to other classical issues for which as we're saying parents may have more power to decide but to me that would also of course imply that there is an even more detailed perhaps information if not consent to make sure that they get a very clear picture perhaps in simplified manner but of course truthful and adequate manner as to what shall happen but also perhaps more importantly to motivate them to engage in these type of activities and coming back to the question earlier as to the case studies to show impact to say look speaking to teenagers you may have the possibility to share data for mobility for in terms of energetic consumption but that should be based and perhaps there are technological solutions to that perhaps connected to an app which could show look by what you shared today you have contributed perhaps even the very minor points even not a percentage but still this is what's this is the output of what you're doing of your contributing to do so if we were in a position of ensuring that there is transparency sufficient level of information I would personally kind of speak for regulators I would personally be quite interested to see is there's a bit more freedom to make it possible for miners to engage in a non-commercial and to promote a non-commercial use of their data and specifically to engage into data altruism activities and I think would be interesting to see in this interesting period that we have my perhaps concern is that it may depend again on like quite fundamental principles of private law civil law family law potentially to see to what extent miners do have that level of freedom or not and that's of course open for discussions Well that leads into these are nice little ping-pong back and forth a question here where it notes that altruism feels more individual instead of doing something for the social good or in the name of the public interest getting to the incentives what are the limitations to the concept of altruism and is it possible to think about data sharing as part of a duty so that bigger problems can be solved of course the duty to share would not be without safeguards for example privacy Good things Thank you So there is this concept in the Data Governance Act about how altruistic purposes need to serve the objective or an objective of general interest and so there is a way in which already at least on its face the Data Governance Act is saying that altruism ultimately has to move toward this objective or an objective of general interest I think that does open up ways to think about and perhaps to design implementing regulations and structures that do point more in the direction of having some sort of obligation or civic duty or collective action that would move us toward this being less of an individual decision which then would add up as you were pointing out earlier Jacques to some real problems of individual consent more withdrawn to some sort of obligation I will say that I think in the United States at least that would require a lot of trust building and proof of concept because not always but there's a lot of sentiment I think justified that all of us in the United States have become at times and often unwittingly participants in a system where we are giving up large amounts of personal data all the time in exchange for free or lower cost digital services or devices so we sort of feel like we've already been entered into that model in this country and that we don't necessarily have a lot to show for it and again I do understand that the vision across the pond is specifically to make sure that if data is being given in this altruistic way that it is going to these non-commercial purposes of general interest but just flagging in the United States that figuring out how to design some sort of duty or obligation or perhaps you could also look at it as Professor Phan does which is a public right to have access to this information once it's generated we have a little bit of a ways to go So I think quick reaction on that I think as we discussed altruism may be perceived so far as kind of an individual behavior and decision but data altruism must be collective for the reason that we've discussed if just only single person doing that there's no way that will lead to any impactful outcome now if we just perhaps take a step back an even bigger picture this is not very far as far as I can see from other let's say sociable engagements of citizens in promoting, let's say scientific interests so like citizen science and these type of movements or perhaps crowdfunding or crowd contribution to the advancements of science to me this is also connected to what we're discussing here most specifically in terms of data altruism and I think there's obviously as we discussed a very important need to try to identify what shall be and the ways how you can leverage that and can promote that including more thinking when I was listening to what you just said also in term of education what if schools were to promote actively this type of data altruism activities of course with the limits that we've defined or what if other institution would try to do that again with the system which would preserve and protect transparency make sure there's full disclosure as to what is done but also which shows the outcome of the potential impact of the potential data training activities OK, we've got one more question so what about people whose data is linked with other folks data how do we deal with sort of the ways in which it becomes heterogeneous and how does somebody altruistically give rights to that or not I think, yeah to me one aspect of this tricky question relates to as I was mentioning earlier to the consequences of a withdrawal so given that the fate of the data that is supposed to be shared based on altruist data sharing is that it shall be combined with other data I think it will be very difficult to come back so ultimately even if theoretically there might be a right of withdrawal it's quite uncertain how that would work which is why again if we look at what has been contemplated and what will have to be implemented at your level it will be interesting to see how this will be drafted including in the standard constant form that is supposed to be drafted in the future I suspect there will be a very big gap as there often is between what is on paper and what is done in practice on paper under the Data Governance Act data is any digital representation of acts facts or information including a compilation of those types of facts and information so on paper sure I can revoke my consent but if the data that I have supplied in that digital representation includes acts and facts and information that also has data about folks who actually not only did not withdraw their consent but affirmatively wish to be part of this data altruism experience that is going to have to get sorted out in this year long space and beyond and my guess is in practice no matter what the on paper resolution is we are going to have a situation where either too much data is being withdrawn because it is intermingled and someone revokes consent and you sort of cut with a shovel rather than a scalpel or we are going to wind up under removing and the person whose data is requested to be withdrawn it won't get withdrawn because it will say well actually it's part of somebody else's compilation of digital information and for folks who want further reading Alicia Solo-Niederman who used to be at HLS and is now at Iowa is doing wonderful legal scholarship here in the United States about exactly these types of group life realities and the ways in which our current approach to data governance and privacy law does not fit the realities of group data sets and how all of our lives at this point are very much networked and that the ability to give a revoked consent individually does have implications for the folks around you and with that are we at time or okay thank you all so so much this has been delightful shock always a pleasure we hope you will come back and see us again soon and for everybody here at BKC to our wonderful events team to our wonderful attendees and our wonderful folks on the other side of the screen it is always a delight to engage on these tricky and exciting topics with you thank you so much Merci Merci beaucoup