Who owns the data, controls its value!
Potential property models for personal data
In 2010 Eric Schmidt, back then the CEO of Google, stated that “we now create as much data every 2 days as we did from the dawn of man through 2003.” In fact, he elaborated, “we create about 2.5 quintillion bytes of data daily and approximately 90% of all our world’s data has been created in the past 2 years.” ¹ Whether the figures are accurate or not, this much is clear: the use of personal devices, implementation of technology such as Web 2.0, smart homes and the Internet of Things forces users of digital networks to participate in the generation of massive quantities of facts, texts and values. Each of these users produces this valuable data by writing posts, using chat programmes, watching videos, buying goods, driving cars, opening their smart fridges, clicking links and even just carrying a smartphone in the back pocket of their jeans.
The definition of “personal data” ² suggests that it can only be protected if it can be identified with the person who produced it. However, even if unidentifiable with this person when stored, we will argue that the origin of data is tied to its producer — the user. Thus, throughout we use the term “personal data” to mean any data produced by an individual, even though that individual, from 2003 to today, has neither had access to, nor control over it. We understand this existing data to be a commodity. One that is currently owned, controlled and used by organizations, companies and governments.
Data Security: The Third Way
Obviously, society responds to the rapid development of information technology. Data influences, and is discussed, in the cultural and political realms. Concerning the issue of the control exercised over personal data, two main currents can be distinguished in the discourse:
- The ability of IT and telecom corporations to obtain and use personal data gives them great power over individuals, communities and society in general. Such ability and power should be restricted by law. If the law does not protect the rights of users, new legislation is required.
- A consequence of Data monitoring technologies is that governments are granted powerful surveillance techniques. If individuals are obliged to relinquish the rights to their data in exchange for a service, the service provider must have a right to reject unjustifiable requests from institutions to bypass data security protections. In fact, the FBI–Apple encryption dispute³ is one of the most famous cases on this topic.
The third possible way to discuss and solve the ambiguities of personal data’s state of affairs starts from considering the “user” to be a “producer” of personal data. To us this seems a fair and reasonable perspective. Indeed, one that represents actuality. From this perspective, the user of a product and the producer of data cannot be separated as they are in the current nomenclature. There is simply no (established) term to describe the “user-producer” entity. Henceforth, we will refer to this entity with the term “produser” ⁴.
Produsage implies that data is the result of production; something that produsers must be aware of and should be able to seize. This does not contradict any of the above discussions, it only supplements them.
Personal data is an integral part of data-driven business models. Its role can be seen in targeted ads, related and suggested content and pricing optimizations. Produsers, meanwhile, have neither access to the profits derived from data use, nor, as a rule, do they grasp that they actually produce. Is data not comparable with property, skills, experience or ability, the application of which, by an individual, results in remuneration to which they are fully entitled? If it is, are contemporary data-driven business models unregulated exploitation?
We assume that one of the reasons why these questions arise is the fact that data is abstract. One cannot see, utilize or even fully access it — all the qualities, in fact, of the mythical unicorn. Data, however, is not a unicorn, rather a resource. Its nature has yet to be defined or correctly communicated.
- TechCrunch, Eric Schmidt: Every 2 Days We Create As Much Information As We Did Up To 2003
- EU directive 95/46/EC: Article 2a: “personal data’ shall mean any information relating to an identified or identifiable natural person (“data subject”)” Article 4a: “data subject” is one “who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person”
- Apple Inc., official website: Answers to your questions about Apple and security
- Axel Bruns, Wikipedia, Second Life, and Beyond: From Production to Produsage