Frequently Asked Questions

All of the above. The goal of the Better Deal is to have a simple set of commitments which work well wherever, and whenever, personal and sensitive data are being collected, analyzed, used, or shared. This includes the developers and vendors of technology that enables and hosts these data activities.

Adopting the BD4D Standard is a self-guided process, and we have detailed the steps for adoption in the BD4D Playbook. We recommend reviewing the Readiness Questions, then following the steps in the Implementation Guide once you’re ready to do so. Once you’ve completed the process, we encourage you to link or post the Commitments from your website. We would also love to hear from you! You can tell us about how your organization has implemented BD4D in practice, and share any feedback you might have on how it can be improved, via this short form.

When an organization represents that it complies with the Better Deal for Data, it should reassure data subjects that their data will be stewarded ethically, responsibly, and transparently. There should be no surprises in the way their data is used!

That is definitely a long range goal. We envision a time when any funder supporting projects that collect or use data from individuals and communities will require their grantees to adopt the Commitments or an equivalent data governance mechanism. Today, no organization working with children can be funded without an adequate child safeguarding plan: it is a prerequisite for donor funding in this field. Shared standards such as the Better Deal for Data will ensure that the data uses being funded are ethical ones, in all social service fields.

No, although we do think that data trusts are probably the best way to implement the Better Deal standard, trusts are not generally a practical option for most nonprofits and businesses to establish. Instead, those organizations which are setting up a data commons or a data trust should consider adopting the standard as foundational to their governing terms.

It’s exciting to see the advance of open approaches to data, software, and science! Much data, however, should not be open, for a wide variety of practical, ethical and legal reasons, and it is this data that inspires our approach to data governance. We are exploring, and plan to encourage, downstream and open uses of datasets collected under the Better Deal as long as the raw data have been appropriately anonymized without the risk of re-identification. If there is a presumption that all data in a project will be made open, however, then it’s likely not a good fit for the Better Deal.

No. While we hope that a commitment to the Better Deal for Data would make an application for IRB approval stronger for projects requiring an IRB review, the IRB review process considers a much broader scope of issues than the data governance addressed by the Better Deal. Note: IRBs are typically established at major universities or research institutions to govern the conduct of research on human subjects.

Monetization is a complex subject, and we’ve published an issue paper exploring the question of good monetization and bad monetization. After all, most organizations which handle data do still need to find the money to pay for their staff and technology. Accepting donations or selling memberships would generally be compliant with the Better Deal, as long as personal data is not sold or exchanged with third parties beyond the minimum required for payment processing. On the other hand, trading or selling donor lists to a data broker would generally not comply.

It depends. If an AI company trains their models on data submitted in a prompt or the information its tools are summarizing, using those tools to process confidential or sensitive data would not be compliant with the Better Deal. However, if the companies behind the tools offer products that do not retain that data, and the data is processed in a privacy-preserving way, it is likely to be compliant.

The Better Deal is a set of binding promises between organizations that hold nonpublic data, and the people and organizations that data is about. As a result, the primary enforcement of the BD4D Standard is based on legally binding terms in an organization’s agreements with those constituents. We also expect that there will be other sources of pressure on organizations that publicly commit to the Better Deal principles but don’t actually comply with them.

While we are not setting up a certification program at this early stage, let us know if you think that there should be one.

If you feel that an organization is failing to meet its responsibility as a BD4D Adopter, your first step should be to raise your concerns to that organization, clearly explaining how the BD4D Commitments are being breached. An important pillar of the Better Deal is community engagement, and an organization that adopts it should be prepared to respond and rectify the situation, either correcting its practice, or removing your data upon request. As the BD4D author and maintainer, we do not intervene in the relationship between an organization and its data stakeholders. However, if you’ve requested removal of Your Data from a BD4D Adopter, and they refuse to do so, we would like to know.

BD4D is a voluntary standard, and we expect that all organizations adopting Better Deal do so in good faith. Given its newness, we realize that there may be areas for improvement in how the Standard is written, and how it is put into practice, and invite your feedback on both.

Not at this time. There is such a wide variety of laws and regulations across regions, countries, and sectors that it would be impractical to propose a single, standardized data sharing agreement, license, privacy policy, or terms of service. That said, we have successfully implemented the Commitments in the Terraso Terms of Service, and the Tech Matters Privacy Policy. And, we do believe that it should be possible to implement the Commitments in the great majority of jurisdictions.

The short answer is yes. The BD4D Standard offers a foundation for broad data governance that these laws do not provide. It requires certain practices not addressed by these laws, for example prohibiting monetization of nonpublic data, or making research reports available to the people whose data contributed to the research.

At the same time, these laws often have other stringent requirements that are not addressed by the Better Deal. And we think that’s a good thing: there should be no problem with doing more than what BD4D requires when it comes to protecting your stakeholder data.