The collection of personal data is not a new practice, with the first government census going as far back as 3800 BCE in the Babylonian empire. The commodification of data, however, has been amplified by the increasing digitization of the modern era. For the average person, we often do not consider what is happening to our data — how often and when it is being collected, shared, and sold. Discussions around ‘our data’ often only occur as the result of a violation, such as Cambridge Analytica, Equifax or the more recent data breach at the Finnish psychotherapy center Vastaamo.
In these discussions, we think about data in terms of ‘data ownership’, but is this concept useful? Does it help consumers and citizens understand what they are able to do with data, or what might be done with their data? Gianfranco Cecconi refers to this as the data ownership delusion, and the misalignment of data with property may be preventing citizens from understanding the reality of personal data.
In the following paragraphs, we will present alternative metaphors (both strong and weak) for what happens to data, in the hopes this will build a clearer view of how and why data is used. Our understanding of data is significant as it impacts the interactions between citizens and the data they create, as well as how policy is written to govern data usage.
Data as oil
In 2014, Wired referred to data as “the new oil”, calling it “an immensely, untapped valuable asset.” While data as a resource may not be fully accurate, with Wired later publishing a piecearticulating the issues with this understanding of data, the message remains clear: data has economic value.
Profit goes from users to the companies with little benefit to the consumer, leading some to refer to this as data feudalism. Data as oil takes the personal out of personal data and treats it as property. In this approach, even when citizens do have a say in what happens to their data, it results in a belief that we can and should trade it away. Focus on the monetary value of data, on a micro or macro level, does not encourage the consideration of the human being behind the data. Rather, it risks data colonialism: exploitation through data usage. While the economic value of data cannot be denied, it must not be the central pillar in discussions about data.
Data as intellectual property
An older framing of data equates it to intellectual property. In this perspective, users have responsibility over their data and must consider the consequences of data they create. This responsibility, or stewardship, puts the creator of data in the driver’s seat, giving them control over the access, modification and ability to benefit from their data, as well as “the right to assign these access privileges to others”.
Although this metaphor may seem ideal, where the producers of data hold the power, it is outdated and infeasible. Intellectual property is intentionally created to be consumed, enjoyed or protected, whereas most of the data that corporations are interested in are the result of everyday interactions, requiring different forms of governance.
Data control or data management
Approaching data from the perspective of ‘control’ or ‘management’ may provide more power to consumers and citizens, while affording protections as it requires consent for the use of data. This view puts data producers at the center, rather than the monetary gains to be made from data.
However, as with the previous metaphor, this perspective would be far too time-consuming for citizens, putting more pressure on people rather than on corporations and governments, creating “an unreasonable burden on individuals.” Few possess the time, knowledge and capabilities to respond to every data usage request that occurs in a day.
Data as an inalienable right
As the creation of data is practically unavoidable, it is perhaps more appropriate to approach it from the standpoint that protections should be guaranteed. Rather than something we can own, data is an “expression (or extension) of individual selfhood”. By taking this perspective, data about oneself simply cannot be used without consent. It puts the onus on corporations and governments to ensure that rights are not violated through the improper use of data. While a person may allow their data to be traded, transferred or sold, it remains, in essence, theirs.
Labelling data as a right gives citizens more power over the data about them, and also makes it easier for citizens to recognize that power. This approach still requires further definition of what the rights entail and what protections are guaranteed, as well as who is responsible for the monitoring of it.
> “Personal data needs to be regarded as a human right, just as access to water is a human right.” – will.i.am
So what next?
Data as a right calls for two necessary changes. First, data governance must evolve to appropriately match this interpretation of data. Protections and entitlements should be legally codified, with clear repercussions for firms that infringe on these. Additionally, it must be forward thinking–both in terms of privacy and innovation. New technology (and therefore new ways to collect and use data) are continuously emerging, meaning that governance must be prepared, making data rights the default, rather than the response. Additionally, this data perspective is not intended to block the sharing of data, as there are many significant and positive gains to be made from it:
> “Instead, what is needed is to enable the sharing personal information that is useful for our social, economic, and governmental systems while protecting the vital interests that each of us has in our personal information” – Cameron F. Kerry and John B. Morris, Jr
The path forward is not necessarily obvious or clear, but by altering our approach to how we view data, we can make more ethical choices with data.
Photo from Tim Evans, Unsplash