Data sharing coalition helps flag victims of human trafficking

Out-Law News | 08 Dec 2021 | 2:32 pm | 3 min. read

Law enforcement in the Netherlands have been able to get a deeper understanding of human trafficking after studying insights from data shared by non-governmental organisations (NGOs).

The breakthrough was achieved after law enforcement and NGOs teamed up with Pinsent Masons, Roseman Labs and Sustainable Rescue Foundation in the Data Sharing Coalition.

It is pioneering to see that through adequate cooperation between key players in the field, we are now able to tackle certain social problems in a new but safe way,” said Nienke Kingma of Pinsent Masons in Amsterdam.

The coalition used multi party computation (MPC) technology, which allowed information on human trafficking in the sex industry to be shared by the NGOs with law enforcement without a law enforcement agency ever having access to the source data. Use of the technology to enable responsible data sharing helped to bring new victims of sexual exploitation and human trafficking to the attention of law enforcement, according to Andre Walter of Pinsent Masons.

On the use of MPC technology, the coalition said: “Instead of sharing the data, authorities allow a transparent algorithm to query their data sources for specific entries shared through innovative cryptography. This mitigates the risks because no personal data is exposed and legal rights are protected. Only the insights are shared, not the underlying data.”

Walter said that data sharing and data sovereignty will become more important. He said that the fact that the EU Data Governance Act has moved closer to being finalised will only serve to further underpin developments in this regard in the years ahead.

The Data Governance Act (DGA) was proposed by the European Commission last year and is central to its broader data and digital strategies.

Among other things, the DGA sets a governance framework to promote confidence in data sharing between organisations and incentivise the development of EU data spaces where natural and legal persons are in control of data they generate. At the heart of those proposals is the idea that access to data be facilitated by third-party 'data sharing service providers'. These data intermediaries will be required to maintain neutrality and comply with strict requirements, including not being permitted to use the data for their own interest.

For the DGA to become law, both the European Parliament and Council of Ministers – the body that brings together the governments of all 27 EU member states – have to agree on the final wording of the text.

Recently, the Council and Parliament announced that they had reached a provisional agreement in relation to the DGA. The legislation is still to be formally approved by the law making bodies. The rules will take effect 15 months after the Act enters into force.

In addition to establishing a new framework for data intermediaries, the DGA also provides for greater rights to re-use data held by public sector bodies. The Commission would have powers to support the international transfer of non-personal data through the adoption of ‘adequacy decisions’, akin to under the General Data Protection Regulation, and to develop model clauses to support the transfer of public-sector data to countries outside of the European Economic Area too.

The DGA further encourages the voluntary sharing of data for the common good, while a new European Data Innovation Board is also to be established under the Act to help ensure data interoperability and advise on the development of EU data spaces. This includes in the area of health where barriers to data sharing have traditionally existed but where the liberation of data is considered possible for delivering efficiencies to existing ways of working, potentially ground-breaking innovations, and boosting economic growth.

Nils Rauer of Pinsent Masons in Frankfurt said data is an increasingly important economic asset, but that it is vital that there is legal certainty over how data can be used so as not to undermine potential new business models.

Rauer said: “The Data Governance Act is effectively an extension of existing EU laws that concern the use of data, such as the Directive on Open Data and the Re-use of Public Sector Information which came into force in July 2019. At that time, the focus was on data from the areas of the environment, geodata, companies and mobility. This circle is now being expanded. In particular, the Data Governance Act establishes a framework to promote a new business model – that of data brokering services – that will provide a secure environment in which companies or individuals can exchange data. Said services must be registered in a registry. The issue of transparency is seen as very important.”