The Constitutional Argument
Five propositions, a diagnosis, and a legal architecture
The Fiduciary Commons is not a policy proposal. It is a constitutional argument: that the relationship between government and citizens with respect to personal information is already governed by fiduciary obligations as a matter of constitutional structure, that those obligations are currently being violated on a systematic basis, and that the remedy is architectural rather than administrative. What follows is the argument in five propositions, each of which is a necessary premise for the ones that follow.
The framing of government as a fiduciary to its citizens is not a novel legal theory. It is a foundational commitment that appears explicitly in multiple state constitutions ratified at the founding and is implicit in the structure of the federal Constitution itself. The framers understood the relationship between a sovereign and its people through the lens of trust: government holds delegated authority, exercises it on behalf of the people from whom it derives legitimacy, and is accountable to them for how that authority is used. This is the defining structure of a fiduciary relationship.
That understanding did not disappear. It was crowded out, over time, by administrative law frameworks that substituted agency discretion for enforceable duty and by a legal culture that treated government's obligations to citizens as political rather than legal commitments. The crowding out does not extinguish the obligations. Constitutional structure is not amended by disuse. The fiduciary relationship between government and citizens remains in force, and the question the Fiduciary Commons addresses is what legal obligations that relationship generates in the context of digital data governance. It is precisely there that the power imbalance between government and citizens is most acute and the existing legal frameworks are most plainly inadequate.
The Supreme Court has been clear on this point for over a century: facts cannot be owned. Copyright does not protect facts. No legal theory recognizes a property right in the existence of a true statement about the world. This proposition, settled in intellectual property law, has never been applied to its obvious corollary in data governance: if facts cannot be owned, then the personal data that government collects about you belongs to no one as property. That data is simply a set of facts about your identity, your finances, your family, your movements, and your history.
Resources that cannot be privately owned but are too important to be left unmanaged are governed as commons. The classic examples are navigable waters and the atmosphere: things no one can own, available to all, and requiring collective stewardship to prevent their destruction through unconstrained exploitation. Personal data constitutes a commons of the same structural kind. The facts of your life were not created by government; government collected them, usually because you had no practical alternative to providing them. The government's collection of those facts gives it no ownership interest. It gives it a stewardship obligation.
The legal framework for governing a commons is trusteeship, not ownership. A trustee manages a commons for the benefit of its beneficiaries. The trustee has duties, not rights. And the appropriate trustee is the one with the greatest interest in the accuracy, security, and appropriate use of the resource being managed.
If personal data is a commons governed by trusteeship, the question of who should serve as primary trustee has a clear answer. No one has a greater interest in the accuracy of facts about themselves than the person those facts describe. No one bears more directly the consequences of those facts being inaccurate, misused, or disclosed without authorization. No one is better positioned to know when a fact is wrong, when its use exceeds the purpose for which it was shared, or when its disclosure causes harm.
The data subject is therefore the natural primary trustee of their own personal data commons. This is not an argument from sentiment or from an abstract notion of individual autonomy, though those arguments also have force. It is an argument from the logic of trusteeship itself: the trustee should be the party whose interests are most directly aligned with good stewardship of the resource.
This designation has practical legal consequences. As primary trustee, the data subject has overriding authority to manage, access, correct, and control the use of facts about themselves. That authority is inalienable: it cannot be waived by consent obtained under conditions of structural coercion, and it cannot be extinguished by government collection. The person from whom facts were taken retains the trusteeship, regardless of who holds the facts.
Government is not outside the framework; it occupies a defined and limited role within it. When government collects personal data in the exercise of its public functions, it acquires the obligations of a secondary fiduciary: authorized to hold and use that data only for the specific purposes that justified its collection, prohibited from repurposing it without fresh authorization from the primary trustee, and subject to the full range of fiduciary duties that courts have long applied to other relationships of entrusted power.
Those duties are specific. The duty of loyalty prohibits government from using personal data for purposes that serve institutional or political interests at the expense of the data subject: a tax database cannot quietly feed a law enforcement watchlist, and a benefits database cannot be used to build a profile for purposes no one authorized. The duty of care requires competent management: security failures that expose citizen records are not merely embarrassing, they are breaches of a legal obligation. The duty of confidentiality means that information shared in one context for one purpose does not migrate to other contexts for other purposes without authorization. The duty of transparency means that government cannot operate its data systems in secret: citizens have a right to know what is held, by whom, for what purpose, and on what basis decisions affecting them were made.
These are not new obligations being imposed on government by a novel theory. They are the obligations that the fiduciary nature of government has always entailed. The Fiduciary Commons framework applies them to the domain of digital data governance, where they have never been systematically enforced.
James Otis argued in 1761 that general warrants were the most dangerous instrument of arbitrary power a government could wield: authorizations not limited to specific persons, places, or things, granting officials perpetual authority to search wherever and whenever they chose, delegable to subordinates and contractors without restriction. The founders considered this so fundamental that they ratified the Fourth Amendment specifically to prohibit it.
Modern integrated government data architecture possesses every one of the characteristics Otis identified. It creates perpetual records without time-limited authorization. It operates at universal scope, aggregating data from every interaction a citizen has with any government function over a lifetime. It provides for discretionary access by officials and contractors who were never specifically authorized to see any particular record. And it is fully delegable: contractors, fusion centers, and interagency partners can access the aggregate without specific authorization tied to any individual investigation or purpose.
This architecture was not built through malice. It was built through procurement processes that evaluate functionality, cost, and compliance with existing statutory requirements, and that do not ask whether the architecture being purchased is constitutionally defensible. The constitutional question was never asked, so the constitutional answer was never required. The result is a digital general warrant, assembled incrementally and invisibly, with no court having authorized it and no law having constrained it.
The Fiduciary Commons argues that this is not a problem that can be solved by better policy, stronger privacy officers, or more rigorous agency compliance programs. The architecture itself creates the surveillance capability. The remedy must be architectural: systems must be designed so that the surveillance capability cannot be built in, rather than designed in ways that merely promise it will not be used.
The five propositions above establish that enforceable fiduciary obligations already govern the government-citizen data relationship as a matter of constitutional structure. The three companion statutes translate those obligations into enforceable legislation that can be introduced in a state legislature.
VIDA addresses the architectural layer: it mandates decentralized, citizen-controlled digital identity systems and prohibits the centralized repositories that make the digital general warrant possible. PDTA addresses the legal superstructure: it establishes the data subject as primary trustee, imposes binding fiduciary duties on all government actors as secondary fiduciaries, and provides a private right of action that citizens enforce directly. GAAFA addresses the AI layer: it extends fiduciary obligations to automated decision systems, requiring transparency, explanation, and accountability for algorithmic determinations that affect citizens' rights.
Each statute is necessary. Each depends on the others. The argument for why all three are required, and what fails when any one is absent, is made on the statutes pages.
The May 2026 current drafts of VIDA and PDTA incorporate substantive revisions developed in direct response to discussions at the April 2026 SEDI Summit. In VIDA, the principal revision is Section 7(a)(12), an entirely new provision establishing the constitutional premise that individual identity is inherent in the person and precedes state recognition, that government’s role in digital identity is therefore bounded to endorsement and verification rather than definition or creation, and that direct government issuance of credentials is a limited exception to that constitutional baseline rather than a default. In PDTA, the principal revision is Section 4B, a new section that replaces the prior general best-interests formulation of the duty of loyalty with seven specific, binary, objectively verifiable obligations derived from the Fair Information Practice Principles: purpose specification, data minimization, purpose sequestration, use limitation, prohibition on unauthorized disclosure, retention limitation, and transparency. Section 4B also establishes a binary enforcement standard requiring no showing of harm or intent, places the burden of proof on the government entity in all proceedings, and designates four categories of conduct as per se breach. Both revisions appear in blue in the current draft downloads.
The following documents develop the constitutional argument and the legislative drafts in full. All are works of the author.
| Framework Overview | The argument in summary, with a roadmap for engagement. 3 pages. | Read on Google Drive → |
| Government as Information Trustee: A Fiduciary Framework for Surveillance-Age Privacy | Leahy, Michael G. (March 15, 2026). Available at SSRN. | Read at SSRN → |
| Digital General Warrants: Why Government Databases Violate the Fourth Amendment | Leahy, Michael G. (March 15, 2026). Available at SSRN. | Read at SSRN → |
| Completing the Mosaic: How a Fiduciary Framework Grounds Aggregate Surveillance Theory in Constitutional Structure | Leahy, Michael G. (2026). Available at SSRN. | SSRN link forthcoming |
| VIDA: Current Draft | Verifiable Identity and Digital Autonomy Act — Initial Draft March 2023, Current Draft May 2026 | Read summary → Download DOCX → |
| PDTA: Current Draft | Personal Data Trusteeship Act — Initial Draft March 2023, Current Draft May 2026 | Read summary → Download DOCX → |
| GAAFA: Initial Draft | Government Algorithmic Accountability and AI Fiduciary Act — Initial Draft March 2026 | Read summary → Download DOCX → |
All materials are available for download or by request. Critique is actively sought. Direct substantive engagement to scholarship@fiduciarycommons.com.