I chatted with legal eagle William A. Tanenbaum at DGIQ about the complexities of contractually managing data obligations. When one organization shares data with another, how does it communicate the consumer preferences associated with #dataprivacy compliance? And how do you incorporate compliance with #dataobligations in a contract in an enforceable way?
There are multiple issues, including:
1) There are different data obligations that come into play based on a variety of variables including location of the data and location of the interactions.
2) Once data records have been shared, the original data controller no longer has any visibility into oversight of how the data is used.
3) The data partner receiving the data may not be motivated to institute methods for observability by the original data controller.
This suggests a need for an independent service for observing and ensuring compliance that is acceptable to both the original data controller and the trading partner. One colleague noted that a blockchain smart contract might provide a workable starting point for defining and enforcing obligations in a data sharing contract.
