In 2009, Elinor Ostrom won the Nobel Prize in Economics for her work on informal governance systems for the commons. She published “8 Principles for Managing a Commons,” describing the characteristics of governance to avoid the tragedy of the commons — a term used to describe a situation in which individuals extract value from shared resources at the cost of others’ enjoyment of those same resources.

Ostrom’s work feels relevant today, as governments at all levels grapple with questions around the use of and benefit from public and private data. One of Ostrom’s principles — that those affected by the rules should be able to participate in modifying the rules — is particularly challenging at the moment. Although data governance is ever-rising on the global policy agenda, the necessary mechanisms for public participation have yet to be developed.

Policy makers aren’t new to such challenges — societies have been building governance systems that support public and private benefit from shared resources for a very, very long time. Commons resource governance predates Bretton Woods, modern human rights and most sovereign states — and its early structures may provide a good starting point when considering the sharing of data.

What is perhaps new is the degree to which public governance and market institutions have developed, globalized and acquired interests of their own. The globalization of data markets has outpaced the evolution and jurisdiction of most consumer protections, which are typically designed and enforced by sovereigns. As with most self-regulation, it’s unlikely that markets alone will enforce good practice when it comes to data. Similarly, sovereign attempts to govern the global internet are often overreaching. Since a plurality of interests will be affected by data governance, a similarly plural governance tool is necessary.

Enter the data trust.

Fiduciary trusts are already used to govern and maintain shared resources such as public lands, pension funds and, increasingly, data. Fiduciary data trusts aren’t organizations; they’re contracts that give a trustee, or a group of trustees, authority to make decisions about how an asset — say, data — can be used on behalf of a group of people. Fiduciary trusts are almost 1,000 years old, dating back to the Norman invasion of the United Kingdom — and they have been used to manage resources ever since.

Like powers of attorney, data trusts are flexible and de facto global, meaning that they can be written in ways that create legally accountable governance structures. It’s helpful to think about a data trust as a container — one that can hold assets, define governance and manage liabilities.

When used for governance, data trusts can steward, maintain and manage how data is used and shared — from who is allowed access to it, and under what terms, to who gets to define the terms, and how. They can involve a number of approaches to solving a range of problems, creating different structures to experiment with governance models and solutions in an agile way.