 is more and more data is collected and exchanged about us to the point where it becomes almost unmanageable. Has the moment come to enlist trusted third parties by default to navigate our data ecosystems? Trust is key to fully realizing benefits of technology, including using technology to meet the SDGs. But use of this technology relies on access to data. And when people or companies share data, they seek assurance that data is not going to be misused to invade privacy or steal proprietary information. So how can we improve trust? Well, one method is to enlist a trusted third party. This idea is not new, but as the scale and complexity of data sharing grows all around the world, the concept's coming into his own. Both as a way of improving regulatory compliance or adding appropriate nuance to different scenarios. So today in this session, we are exploring is using a third party intermediary, the key to unlocking situations where trust is difficult to build where the potential impact of data sharing is immense. And furthermore, can technology itself act in that capacity using AI and machine learning? It's my great pleasure to introduce our esteemed panelists. Dr. Jen King, the director of consumer privacy, the Center for Internet and Society at Stanford University, who specializes in information privacy and online products, the policy implications of emerging technologies. We're also joined by Bob Kane, the CEO and co-founder of LunaPVC. Bob is a biotech executive and venture entrepreneur and LunaPVC focuses on managing LunaDNA, a community-owned platform for health research that leverages genomic data. And last but not least- This meeting is being recorded. We have Fabrice Tocco, the co-CEO of Dawex. Fabrice focuses and is the co-founder and co-CEO of Dawex, which facilitates data exchange between companies and organizations. So Jen, I'm gonna kick it off with you. Can you tell us a bit about the data ecosystem? What has happened in these last few years that has made it unmanageable for individuals to manage consent on their own? Sure, good morning from San Francisco. So really we're at a stage where for consumers, it's become impossible to manage your own data. And if you think about your own perspective, your own experience, for example, all the different companies you have relationships, also not just companies, but even civic sector organizations and such, there's so many ways in which we are on a daily basis asked to make decisions about our data. And it's become the point where it's just, we have too many relationships. And so at this point, we're trying to look for different solutions and different approaches to solving this problem that aren't focused on simply putting more pressures on individuals to have to understand what are all the privacy policies for these different organizations? How are they all using my data? How do I determine these things? How do I keep track of it in the long term? And so from that perspective, I'm looking at solutions that we can bring to consumers that simplify this process and make it so that you don't have to rely solely on your understanding, your data management. Can you speak a little bit as well just about some of the different models that we're seeing around data management specifically that are kind of paving the way for this opportunity to create third party or use third party intermediaries? Sure, so I focused on two and some recent work that I did with the World Economic Forum. And so you can take it from a very individualistic approach where we try to improve on where we are today. And so leveraging software, user agents as we've been calling them as a way of helping to manage those relationships. That's one idea that we think has promise, especially now that we're in a world where more people have access to things like smartphones becomes more realistic to assume that we can manage these relationships using software to simplify who have we given our data to? Much like we think of, for those of you who use password managers today, if you could think of something that'd be similar, but potentially more sophisticated, but coming up a level, not just thinking about solutions that focus kind of double down on this idea, but the individual still having to manage these things on their own and make decisions, we're looking at things like data trusts. So new legal concepts that we can use to create trusted third parties that help us manage our data. And you can think of this as a way too of trying to rebalance the power between the individuals and their data and the companies or other organizations that wanna collect it. So if you, for instance, would like to share data to let's say a public project, for example, our smart city environment, where your data may be part of a larger whole, but you don't necessarily wanna keep track of how your house is sharing data, for example, in a smart city. One thing we could potentially do is create something like a public data trust where a trust basically manages that data on behalf of all the households in a particular area and it enforces rules around how the different companies and others who want access to that data would actually use it. It wouldn't necessarily pass on the rights to it. It may hold those for themselves and the trust and provide a way to still facilitate data sharing, especially for public purposes or areas where we think it contributes to the public good, but doesn't both realign individuals to have to manage it as well as giving up their individual rights per se. Thanks, Jen. So Fabrice, I'll turn to you to help us flush that out a bit more. How exactly does this work and what are some of the advantages? Is it that I provide rules to the data trust around what it can do with my data or how exactly does this work mechanically? I think you're on mute, Fabrice. Sorry. So good evening from Paris. Just to explain a little bit how we bring trust. So DirectX is a data exchange technology that enabled companies, organizations, public and private to exchange data securely. So all the question is really to build the trust between the parties that are involved in the data exchange. So there are many ways to build the trust. Data providers and data users, they have pains and fears. And one of the main pain and fear for a data provider is to be sure that the data will not go to, for instance, to a competitor. So the data provider has to keep full control over the data and they have to be able to decide who can access to the data for what purpose and possibly at what price. So the data provider has also to be able to manage what is going to be done with the data and using, for instance, customized license. And this sophisticated feature that we put together will build trust between the two parties that they don't know each other, basically. Because data exchange, it's one thing when the two parties they know each other, but the more we go in this economy of the data exchange, the more the parties that don't know each other. So they have to build this trust. So the trust comes also from the transparency and the fair information that the two participants of the marketplace, they will share, they will have together. So basically, when we talk about trust, it means different things. It's, of course, the trust in the data, in the currency of the data that the users will get. It's also the trust of the source of the data. And it's also the trust of the way the data will go in the flow, in the way the circulation of the data will have. So a trusted third party has to solve the fears and the pain of a data provider and a data acquirer that they don't know each other. It's the main job of a trusted third party intermediary. So it sounds like what you're saying is I, as a data subject, can provide data to the exchange, essentially. And then the exchange would manage the rules around what I am willing to have done with that data, regardless of whether or not I know the party on the other side. So the data exchange kind of takes over the necessity for me to provide specific consent to each individual party that might seek to use my data. And I guess the question to follow up there is, does that mean that my consent can be more flexible? Could I change my mind? And what would happen in that circumstance? So depending on the territory where you are and the rules that applies on this territory, consent is more or less involved in the data that I exchange. And when we talk about data exchange, you have, of course, everybody think about individual data, but you have all these non-personal data that are also involved. And the consent is not that necessary from non-personal data. And for personal data, we know that there are strong rules that are now in Europe, for instance, but these rules are also appearing in California, for instance, in Japan. So the consent, yes, it has to be followed if the data wants to be exchanged. Thank you, Fabrice. So Bob, with that framework and foundation, I want to turn to you to talk specifically about sensitive data, highly sensitive data, genomic data. So how can a concept like that, data trust, data exchange, even an AI agent, how can that work in the health space to help us access some of this data in a way that could really help us in times like this particular crisis that we're facing with the pandemic as an example? Hi, good morning from San Diego, and thank you for inviting me to speak. Yeah, so I mean, it's a question that we think about a lot, of course. I'm speaking on behalf of LUNA DNA, and we have tried to operationalize what might be considered a data trust through the creation of the LUNA DNA community. And so what we have in terms of consent for genomic and health data in this case, both very private and sensitive data types is a two-tiered consent model. And so when people join the community, they consent to allowing any ethics board reviewed researcher and research study to query the data. And so we can then scale those studies. But when they query the data, only the answers come back to the researchers, not data. And so privacy is maintained. And so in a sense, the first-tier scale study based on third-party review board approvals in a way that protects privacy. The second tier is when a company such as a pharmaceutical company would like to have somebody participate directly, for instance, in a clinical trial, there's a way to anonymously put out a message to a cohort that they might be interested in, ask individuals in that cohort if they would be interested in learning more and then specifically consent to participating in a trial because with that participation, there is a compromise of privacy. So the first tier enables broad use of the data. This is important because this data really is required in order to unlock personalized medicine. We talk a lot about personalized medicine, but we know little about how our genome, our diet and exercise and other health habits and even our zip code affect our health. And these studies are required to enable that. Thank you for that. One thing I find really interesting is that it seems that governments would have an awful lot of interest in unlocking some of this data, particularly in pursuit of various SDGs, whether that's reduction of corruption, improved health outcomes, more equity, et cetera. So what can governments do to support, this is the entire panel, to support the rise of data intermediaries and I think as importantly, encourage their developed in a responsible manner. What's the role of the government here? I can start with that one. One I think is to legally clear the path to make sure you can make things like data trusts exist. And I raise that because I've talked to colleagues in the EU who are experts on the GDPR who told me that they thought under the existing framework of the GDPR that creating data trusts may actually be a real challenge for example in the EU. In the US we may not have that barrier right now but we also have no federal level privacy laws at least that affect consumers directly. And so I think one thing we can also look at is when we think about data and creating data trusts it's not to necessarily create data as property because I think that is potential pitfall in the US for example right now with the way our laws around trusts exist. And so I think that's an important point is we can't necessarily just use the tools that exist right now. We may have to actually think creatively about how to improve what we have or pass new legislation to enable or to facilitate these new types of relationships. Fabrice or Bob, other thoughts? Yeah, what we can see it's in any kind of the economy when the game is clear then you can apply clear rules and then bodies and parties are doing a thing that they know they can do or not do. So what the government is doing and global Europe is doing in other countries is to clarify the game how data can be exchanged not only the personal data but any kind of data. Things that maybe we will see in the coming future is to have kind of certification of intermediaries that some intermediaries will be certified that they are applying the rules that they are bringing the trust between the different parties and that the parties will do the data exchange in a trusted way. I think it's the future also of this intermediaries it's to have rules that help them to define the level of quality they have to provide on the market in terms of way to work. And Bob, anything blared in in the health or genomic data context? Well, yeah, I think that in order to earn trust and maintain trust we think about three different areas contractual, technical and reputational. And you can apply that to governments too. And so when we talk about contractual or legal then we can talk about regulatory laws, privacy laws things like that. And when we talk about technical I think it's a requirement that people use the appropriate technical tools to protect the data. But the last is reputational and I think that's where governments need to do a bit more work. There's a certain distrust there that keeps under served populations from participating in studies even in the US and some of these studies. And that really prevents the data from being as rich and deep as it needs to be. And so by providing the right regulatory laws and by encouraging government funded programs to follow those laws and allow people to have a little bit more control over their data and transparency on how their data is used then they can earn that reputational trust. It's really interesting. And it pivots me into what I wanna chat about next a bit which is the rise of AI and the use of AI machine learning in data intermediaries in this concept. There's a lot of concerns in the world about algorithmic bias, about rogue AI, all kinds of questions. And to what extent do we have to be worried about that in the data intermediary space? To what extent are those things on the horizon? And specifically I'm curious Bob to the last point you raised how do we ensure that there is a fair and equitable access to data exchanges from parts of the population that are traditionally left out because of things like algorithm bias or restrictions or access to things like that. But I'm curious to hear about the involved part. So the way I think about it is the community for instance, the LUNA DNA community or any other data community should reflect the population. And so when we think about diversity I really think about reflecting our population and who we are across different dimensions of our population because if we're not reflecting our population then we are adding a systematic bias. The other aspect of it is human beings all have biases, researchers have biases. We couldn't proceed without our biases. But when you're doing good research what you need to do is check your biases as you move forward. Know what they are, don't eliminate them but continue to check them and try to figure out how are they affecting my algorithms? How are they affecting my subjective analysis of data? Jennifer, please, Bob. Okay. I'll just, AI, we see the data as a chain. So it's a circle chain. So when you have data, you have data exchange. When you have data exchange, the purpose is for AI. So the one of the key element of the value chain of the data is clearly the exchange. Now the way it has been done, the way the parties are exchanging the data make the quality at the end of the AI. So we see data exchange as a beginning and a circle way to do AI. So I would just add from a consumer context that having AI make decisions on consumers' behalves will require transparency that you can't just somehow put these solutions in front of individuals and not give them any insight into how AI is arriving at what it's actually doing. And so, and of course, part of that will always rely on what data is being used to train, what's coming in. But ultimately, a lot of the concerns I hear on the privacy consumer front around AI really about trying to provide transparency so that people truly understand how these decisions are being made on their behalf and also providing a way to potentially correct or contest them so that we don't see them as infallible or inflexible. So what are some of the ways this can actually go awry to get really granular about this? I think that there is, I hear different concerns from people who have varying degree of information and knowledge about this. Am I really outsourcing the approval of use of my data to an algorithm or to some other party that is going to then kind of run around with it and all this? And I think we're hearing some of this, I heard some of this from the panel in terms of, well, we have to be transparent about the algorithm and kind of what decisions are being made. But I'd love to just go a one level deeper on that and really understand like, what are the horrible things or how could this go awry? And how do we know as data subjects which exchanges or which intermediaries are trustworthy and which aren't? What can we learn from what's come so far in terms of the elements that make a data intermediary a trusted place for us to share our data versus not? Well, I can start. We think about that also pretty commonly. So one thing is governments can come in and subpoena data. We've seen that based on national emergencies or other reasons that they bring forth. And so that is something to be considered. Another is that the people who manage the data change over time. So boards of directors changes, officers of companies changes, investors change. And so those are things you have to think about when you create a system that manages data and you have to design the system to protect against that. And so for example, one of the things we've done is we have blinded ourselves even to the data in our system. And the data can only access through, get access through complex algorithms that connect four databases that are encrypted with special keys. And so that way we don't have an ability to look at the data. If we were subpoenaed, we can hand over encrypted data, but the encrypted data is separated. So personal identifiers are not linked, things like that. And so none of these are complete panaceas and foolproof solutions, but I think that entities that are responsible for securing data really need to be continuously vigilant in thinking about the future and thinking about these worst case scenarios that might be brought up. For our side, I think there is a question of auditability of the process that has been placed. The process of that at the end, we'll do whatever on the data AI or machine learning. The process has to be clear the way that the data flow has to be very clear and each step has to be, one day we'll have to be certified and it will have to have auditability to be sure that everything is done in the proper way, that there is no particular issue of missing data or new data or data that should not be used for this purpose. So auditability is key in the process of this data flow and data chain. And I would add to that, one of the words we've heard talked about several times this morning is trust. Trust underlies this entire system and how do you create trust in these different relationships? You have to provide assurances, whether that's a legal assurance or that's a contractual insurance, but basically the rules need to be clear and you have to make sure that whatever exchanges we create are actually working to benefit the individuals involved and that it doesn't become just another way of kind of absconding with people's data and profiting off it without getting something back to them. So looking for assurances I think is a really key part. Another piece to this whole puzzle I think that we should probably concern this all is that I think it will require a level of both professionalism in terms of kind of creating a new profession around new assurances and training and a whole like sphere around who third party intermediaries are, but also it requires a certain level of expertise in governments. And that's one of the things I'm the most concerned about in this scenario today is because I feel like we are talking about 21st century infrastructure, yet I don't think most of our governments are at the point where they've really adopted thinking in those terms and having the types of experts who work for government who can really understand these issues and think about how thoughtfully to regulate around them as well as potentially engage in enforcement. And so I think that's an important piece of this entire discussion too is who will be the entities responsible for providing the assurances and actually policing them to some extent? And certainly we've seen governments and also courts that have strong views about this. I mean, the Shrems 2 decision and we don't have to go into detail about that decision specifically except to note that it did raise concerns about data sharing and security in this space and kind of change the rules around data sharing between the EU and the US. And so I wonder if you think that a third party trusted intermediary can be a solution to situations like this to some of the concerns raised in, well, either not specific case, but also just as a general matter. Is that to me Sheila? To anyone. Okay. Well, I'll jump in, but potentially, Shrems obviously though, speaks to the state of data surveillance in the US. So that's one of the underlying concerns in that case, but certainly there's just, but it's not just the data surveillance in the US, it's our lack of federal level consumer facing privacy laws and any way to kind of guarantee what happens to people's data. And so that's obviously a huge piece of this puzzle. And while I think that third party exchanges can absolutely at least try to do some of the power rebalancing that we are concerned with right now, especially in the US, we know we have potential antitrust cases pending against both Google and I believe Facebook as well. So data exchanges could help level that playing field, but at the same time, I would say they aren't a solution for in the US for a lack of a federal level consumer privacy law. And I would say that, I would add that regarding data exchange intermediaries, it's if you compare that with the financial business, you have NASDAQ or NASDAQ, they are private companies, but they have a public authority that are setting the rules, but operating by private companies. I think it's gonna be more or less the same for data. We'll have private companies that will do AI or data exchange, but we'll have public authority that will check that the job has been done properly. As data is becoming one of the pillar of the economy, the level of rules and regulation will rise and you will have more and more data authority locally in each country that will set up the rules either at the global zone level like in Europe or for each state in the United States. But we see the market that is doing this way, private companies operating under public authorities. And I think it's inevitable. There's compelling value in this data, especially health data. And they say that the health data is much more valuable than any other type of data being collected today, whether that's to the individual or to commercial institutions trying to design drugs or other devices. And so because of that value, we have to find a solution. Solutions will come and society will demand it. It's a case of making sure that we steer towards the best solutions as we do this. And I think trust are one of the better solutions if we think about all of the options, but they need to be set up with protections as we've talked about. And I think it is possible. We have uniquely actually applied to the SEC for qualification as we provide shares in return for the data in order to provide people dividends when commercial proceeds are made. And what that means is there's another level of contractual trust because besides the regulatory bodies related to privacy, there's now a security body that's making sure all of the things that were guaranteed to individuals when they provided their data are being followed through on. And so again, you have another pillar that's being put in place to try to protect that person and that person's data. Thank you all. And so that paves the way to my final question. I think we've learned here today that trusted third-party data intermediaries can help bridge some of the gaps that we see, can help navigate the increasingly complex consent that we wanna be providing data subjects to various parties and can really substitute for some of the complexity and can help alleviate some of the complexity in the entire data geeks. And I'm curious if you get out your crystal balls. It sounds like this is on the rise. It still remains a frontier edge, I think of how we think about and how we engage with data. What do you think the future is moving to a world in which really this is the data management system of the future where all data is kind of put through a theory? Or do you think that we're gonna see a fragmented world where it's just one option among many and where kind of a more of a direct model still exists? What we think and what we see, it's that 500 years ago, there was the commodities exchange as arrived a long time ago. Then it arrived the financial exchange. And what we see that the circular of the economy will be the data exchange. So we'll have a data exchange like we have today a commodity exchange and a financial exchange. And then with a lot of jobs that we don't know yet that will be invented, rules that are not yet implemented and also perception for the population that will also evolve with more protection but also more openness on the possibility that we can do with the data as soon as it will be more protected. That's we, it's not a crystal ball but we see that we need to play. Yeah. Bob. Well, I think actually we're at a place today where some of this could be real. All of our data including internet of medical things and all these devices that are gonna monitor us daily, our genome data, our microbiome data, EHR data could go to one place. And this data could be used not just to unlock more information about our health but to monitor our health and provide early diagnosis for disease and give us feedback on our decisions we're making and how that might impact our life. And so I think that is realizable today. In 10 years it'll happen somewhat automatically and we won't even realize it's happening and hopefully people's behaviors will be steered based on the goals they have in their life and how this data can help them achieve them. Jen. So yeah, so I kind of see two paths in the US. I see entrepreneurs like Bob working within existing frameworks and taking these cases where obviously it makes a lot of sense to try to pool data for both a public benefit and a private benefit. I think one of the challenges we face in the US are the power of the platforms we have here at least from a consumer perspective as well as kind of the lack of expertise we have in government as well as kind of commitment to funding regulatory entities like the Federal Trade Commission. But ultimately I think one of the things that may drive this question in the short term are questions of data ownership and data dividends. We've already seen that on the agenda of our governor here in California that they're looking to figure out how we can bring value back to consumers for the use of their data. And I can see kind of two branches of people arguing for the data as property models which I think has very substantial pitfalls or we start to see kind of the jump start of more things like data exchanges and data trusts in states like California. And whether we see that bubble up to the federal level I think is an open question. Thank you for that, Jen. I wanna thank all of our panelists for this fascinating conversation that really explored the possibility of potential here. I think it's clear how enhanced ability to access data can help support the SDGs. We talked a bit about how that can help fill out the round out data sets that are lacking data particularly in the health space Bob noted from certain settings population. We talked about how these intermediaries can help provide trust in systems where that is a critical component to willingness to share data that can then be accessed for this good.