Imagining Municipalities as Data Fiduciaries

Abstract

City governments in the United States require a data governance framework that simplifies the current patchwork of domain-specific privacy rules, while preserving their ability to use data in service of the public good. This paper investigates the utility and feasibility of designating municipal governments "data fiduciaries" that are required to act in their residents' best interests when processing their data. I draw on information privacy and fiduciary law literature and consider several real and hypothetical examples of data processing decisions in cities to illustrate how establishing municipal data fiduciary requirements would improve on existing data protection standards. Fiduciary duties square with the image of the city a "data steward" and offer a coherent cognitive schema for residents, city employees, and judges to hold cities accountable for responsible data processing. I argue that a process-oriented fiduciary duty of care would require cities to engage the public in high impact data processing decisions, and a fiduciary duty of loyalty would require officials to act in the exclusive interest of the data provider.