At the Ada Lovelace Institute we believe that people should enjoy full agency and control over personal data, in a digital environment that produces both individual and societal benefits. As part of our Rethinking Data programme, we’re exploring the future of data governance to produce new paradigms for empowering both people and societies.
Two weeks ago, we hosted a session at RightsCon 2020 to discuss positive visions for data governance with an expert panel. Bringing perspectives from different global contexts, Martin Tisné, Managing Director at Luminate; Elizabeth Renieris, Fellow at the Berkman Klein Center; Brittany Kaiser, Co-founder Own Your Data Foundation; Daniel Mwesigwa, ICT policy analyst and researcher at CIPESA; and Chris Lee, General Manager at MyData Korea helped us shed light on concepts including data ownership and data monetisation, and unveil some of the myths.
Our provocation was to understand what new ways and narratives we can put forward for advancing towards an ecosystem that works for people instead of governments and powerful corporate players and see what’s the path to achieving true agency over data.
Before we delve into some of the myths and themes that came out of the panel discussion, we’ll open with some reflections that introduce and further nuance this complex discussion.
Why are we asking this question?
In the academic sphere, the discussion about data ownership is not new, but it keeps coming back periodically. In the public arena, in the last two-to-three years, proposals around attaching property rights to data or being paid for data as ways to reclaim control over (personal) information have intensified.
Initiatives such as Own Your Own Data Act, Move Humanity Forward, My31, Data Dividend Project claim property rights over data, and Data marketplaces and Data as Labour advocate for financial remuneration in exchange of data. Recently, ideas have been put forward that commodification of personal data could play a part in developing COVID-19 solutions.
Current conversations about data ownership are mostly US and EU-focused, but there is no shared understanding around what it means and what form it would take in practice.
What does data ownership mean?
Martin Tisné presented different understandings of the concept of ownership, imagining a spectrum: ‘On one extreme you have the pure private ownership approach. In other words, you should own your data, have the ability to sell it with minimal constraints and be the master of your own domain.’ Next, we would have the cooperative approach where the focus is on pooling data together with like-minded people. At the other end of the spectrum sits the data as common public good.
Brittany Kaiser positions ownership rights next to data rights, so that we can retain the right to keep our data private, and to have some financial benefit if our data is monetised. She believes that desirable components of data rights, such as transparency, can be achieved through data ownership, and compares managing data assets like you would manage a rental property, with an agreement before rental, remuneration and recourse to damages if the agreement is abused.
Elizabeth Renieris highlighted a quote from Shoshana Zuboff: ‘If we begin with the data, we’ve already lost.’ In other words, when we start the conversation by asking ‘What to do about data, how to characterise data, what to call data, who should own data,’ we lose sight of a fundamental question: What are the rights that adhere and attach to us as people in this human experience, both individually, collectively and on a societal level, separate and apart from what happens to our data? If we don’t take this step back, we lose sight of the human dignity dimension.
Daniel Mwesigwa highlighted a clash of visions: ‘We’re moving towards frontier technologies that basically “platformise” reality’. That means we’re moving from a digital enclosure model where you have sensors and platforms capturing behaviour data, psychosocial data, to an operational enclosure model. With operational enclosure, things move from ‘just data’ to being operationalised in real-time decisions based on data, with facial recognition and biometric technologies being prime examples. This structure helps us understand the distinction between ownership of personal data and operational data.
Chris Lee emphasised that ‘Before talking about rights, before talking about data, before talking about technology, we should think about what should be the principles for handling personal data.’
Top themes from the data ownership panel
1. The human dignity dimension
We are at a time when we have to come up with solutions and a positive vision for our data future. When we’re in problem-solving mode, it’s easy to lose sight of the big picture. However, what Elizabeth Renieris urged us to see is that when we’re dealing with personal data, we’re dealing with fundamental parts of who we are. She points out that personal data cannot be separated from the individual, ‘It’s such a deep aspect of oneself, of one’s human dignity, of one’s identity, and this deep indicator of who we are and our own autonomous presence in the world… when we are dealing with something so physically and conceptually inseparable from ourselves, it’s really not even capable of being transferred to others, nor is it a tangible commodifiable thing.’
2. Data ownership as a divide and conquer strategy
If we are to explore framings and strategies around data ownership, Elizabeth Renieris points out that we may be falling into yet another trap. In her view, promoting data ownership for individuals is fundamentally a divide-and-conquer strategy. She explains that by focusing on individual gains, we lose sight of bargaining power in relation to powerful companies.
As Martin Tisné highlighted, the less valuable your data is, the more you’re likely to suffer. Would data monetisation models deepen the gap between the rich and the poor? And would privacy become a luxury? The lesson learned from automation and AI is the fact that it impacts most on marginalised and vulnerable people in society.
Data ownership leads to monetisation and Martin Tisné believes that ‘The financial motive will create powerful interest groups that change the data infrastructure and skew it towards profits, when we need it to skew towards the public good.’
If we get caught up with the question of ‘how much?’, we let the big companies decide the game. With a system of rights, we have more opportunities (and established tools we can rely on) for playing the data game to our advantage.
3. There are different traditions in the US, EU and around the world
In the US, the application of property rights to personal data seems to be a natural extension of a long tradition focusing on property. In Europe, the emphasis has historically been on self-determination, as a fundamental element of human dignity and private autonomy, which is translated through agency and control over data.
As Martin Tisné underlines, most of the debate around ownership originates in the US: ‘In the US, property rights have traditionally been seen as key to economic freedom, while in Europe the focus is on a larger set of values.’
Chris Lee explains Korea’s different standpoint, where ‘large corporations are seen as a way to enhance or strengthen the country’s power in the global stage’. People have increased levels of trust in the government and know the government is keeping a heavy hand on the private sector. At the same time, there seems to be more emphasis on centralisation, and a human-centric approach where the individual has a single point of integration for their data, under their control.
Daniel Mwesigwa explains that in sub-Saharan Africa, big companies such as Google and Facebook dictate the market. They have tight connections to the government and dictate the infrastructure that’s implemented and all the conditions around it. Presence in this market is seen as a strategic move, conquering developing markets and acquiring new data.
This discussion on data ownership might seem culturally specific to one legal political and social background, however, we should not put this aside ‘as a US problem’. For example, in a conversation with Shoshana Zuboff from June 2020, Margaret Vestager, the Executive Vice President of the European Commission, seems to believe that ‘in order to be able to establish yourself as a (digital) citizen, you need property rights over data and to be able to decide what happens to your data’.
Are we noticing a shift in the longstanding data rights approach that we have in Europe? The European system of data rights was designed to empower people with more transparency and control over data. It could be argued that data rights offer a much more comprehensive system of protection than ownership because these rights continue to exist even after you share your data with others.
4. Data ownership as a political argument
Perhaps this change in discourse relies on a point that Martin Tisné highlighted: ‘the arguments around data ownership are politically very appealing, because they can be explained in simple terms. Data ownership can be reduced to the question of personal control.’ To illustrate how politically effective the notion of personal control is on both sides of the political spectrum, he gave the example of a tweet that Alexandria Ocasio-Cortez put out: ‘they track you without your knowledge, amass your personal data & sell it without your express consent. You don’t own your data & you should’.
Data ownership seems to be very appealing in political terms, but isn’t it just a myth? If I own my data, will harvesting of data and exploitation practices stop? How would property rights put an end to tracking?
Top three myths about data ownership
1. Property rights are easier to enforce than data rights
In one view, property rights are easier to enforce than data rights and recourse is more readily available. However, enforcement challenges are present across all fields of law, and property law is no exception. Data ownership is often compared to intellectual property, but as Elizabeth Renieris highlighted, if we take a closer look at the intellectual property field, we see things are not that simple. Copyright enforcement in the digital realm comes with significant difficulties and with substantial costs. Applying an intellectual property lens to personal data will increase the level of complexity to unworkable levels.
2. Property rights improve control over data
Data can be easily copied at almost zero cost, and it is hard to imagine how property rights will help put a fence around data and offer more or better controls over personal information. Because it can be copied and transmitted very fast, this makes it extremely difficult to exercise exclusive rights over it. Given the nature of data, there are limited barriers you can exercise with property rights and exclusivity. What’s more, property usually comes from an approach of non-disclosure, not one where you want to disclose by default.
At the same time, as Martin Tisné underlines, we’re impacted to a greater extent by other people’s data than we are by data about us. Data is relational and interlinked, so if somebody’s data is exposed, it’s likely that others will also be exposed to potential consequences.
What is it exactly that you own, when you own data? To put it in Daniel Mwesigwa’s terms, if an entity has access to surveillance cameras, do you own your face? Or in the case of genetic data, that information says something about your parents, siblings and your offsprings. Who will own this data? And how can we own data that’s intertwined in the fabric of all our interactions? Remembering Elizabeth Renieris’s words, if we start with the question of data and focus on practicalities, we’re losing sight of the fundamentals.
3. If we attribute property rights to data and start selling it, I’ll be rich
In this view, data ownership will democratise rights and open up markets to people and act as an equaliser. Brittany Kaiser believes that ‘If we can all start earning money from our data, we have a very tangible possibility of everybody in the world or everyone with a device, being able to feed themselves and their family every single day. Mark Zuckerberg says that every quarter, each of our data is worth $17 to try to make us uninterested in it. Well, for the 2 billion people around the world that live on less than $2 a day, $17 a quarter is a pretty significant amount of value to be able to retain. And that’s just the data that you are creating on Facebook.’
However, if we take the Cambridge Analytica example, according to records of the transaction, the company paid about 0.75 US Dollar per US voter profile. Daniel Mwesigwa shared his experience in sub-Saharan Africa, where it seems like there is a ‘seller’s market’, and platforms such as Facebook and Google set the price and the average revenue per user, in Uganda for example, is $7.
As Elizabeth Renieris pointed out, there’s a distinction between recognising that something has value and commodifying it. She gave the example of clean water and clean air, where we have no non-market valuation. We can attach an economic judgment to data, while not taking the step of allowing commodification of personal data.
Bonus myth: Property rights and monetisation of personal data will kill monopolies
It is important to highlight that selling data as property is a one-off transaction, and it is not possible to control what happens after you sell your data. Companies can find multiple ways of using data they acquire, and there are multiple business models focusing on maximising data as profitable assets.
If monopolies are what we are concerned about, data ownership will not stop exploitative practices and it is not going to fundamentally change the way companies do business. On the contrary, it reinforces the same toxic patterns of authority and power.
An important question that was raised in the RightsCon panel is what types of technology do we need to build in order to secure data rights? We’re at a stage where we lack a technical infrastructure that would allow us to meaningfully exercise existing data rights. Chris Lee rightly raised the importance of interoperability and data portability, which are fundamental elements for choice and empowerment. Articulating a future vision based on these foundational blocks and working out the practical details around the technical backbone and the data rights enforcement pipeline seem to be the next important big steps forward.
If you have specific questions around the RightsCon panel or this article or would like to share your vision around the future of data governance, please contact us at firstname.lastname@example.org
What's the path to achieving true agency over data?
An interdisciplinary and international group of experts to advise on the development of data governance and regulations
Report with recommendations and findings of a public deliberation on biometrics technology, policy and governance
A tracker collating developments in policy and practices around vaccine certification and COVID status apps as they emerge around the world