Who Owns Your Data? Part I
Digital Identities, Big Data and Emerging Technology
Last week we kicked off the “Digital Identities, Big Data and Emerging Technologies” event series. Over the following weeks and months we will be tackling all topics law, ethics and technology. What better way to start than talking on ubiquitous topic of Data Ethics and Data Ownership?
“Who Owns Your Data?”
Such a question causes you to think of the digital world with a digital footprint is as long as the Wall of China. In the workshop discussion, participants also mentioned the lack of control concerning their personal data, and a lack of trust in the platforms that are supposed to manage and protect their personal data. The sentiments supported by studies that show 92% of consumers surveyed believe that they should be able to control information about them on the internet and only 25% of consumers believe most companies handle their sensitive personal data responsibly. (PwC US Protect.me Survey, 2017)
With the steady movement towards a world where the Internet of Things is a daily reality and society is connected on a very personal level to the technology around them — the topic of Data Sovereignty and Ownership opens many legal and ethical challenges.
Data Ethics and Data Sovereignty
Philipp Kaufold, Legal Counsel of Clark, was invited to open the topic. He began by explaining his research in reviewing principles from various EU and International Data Ethic protocols. They were summarised as:
- Justice
- Accountability
- and fairness
He went on to explain that despite the lack of hard law in every area of the digital economy, that companies should lead with ethics to fill these gaps. Additionally, he added that overall, one principle was predominantly missing from the Data Ethics protocols for our Information Age: data sovereignty.
Data Ownership: the lack of legal framework
Data sovereignty includes the freedom of individuals to fully and wilfully interact with their external assets, ultimate goal of data ethics.
This was the segue to the discussion led by myself who looked at the main legislation that has highlighted the Data Sovereignty and Ownership discussion: the General Data Protection Regulation (GDPR). Under the current legislation, any company that processes personal data of an European citizen is brought under the jurisdiction of the GDPR. This framework increase the controls that are available to the user alongside increasing companies obligations to the user. However, as noted in the workshop — the GDPR does not protect the data itself, but rather the data user’s rights.
This was the opening for the Data Ownership discussion being: there is no legal framework for Data Ownership. From the perspective of privacy enthusiasts, Data Ownership is described as the ability for data users to have ownership over their personal data (in line with Article 4 (1) GDPR). Additionally, the Recital 7 … “Natural persons should have control of their own personal data” … also opens questions whether the legislators also saw the concept of data ownership belonging to the user. Nevertheless, in the context of our ever connected world and the intangible, duplicable nature of data created some strong limitations of this view.
I used this opportunity to present the top-down/bottom-up approach adopted by Václav Janeček in his article Data Ownership in the IT world to display how he categorised the justification for Data Ownership on each side. Please refer to the table below.
We rounded up this section of the workshop summaries the difficulties faced:
- the nature of (personal) data
- the fundamental legal conflict between data protection (human rights law) and the ability to own and monetise one’s data (intellectual property law)
- A suitable legal framework where Data Ownership could be reconciled with technology and business limitations
Conclusions
Commentators have suggested that we should not give the Data User a privileged status over that of the Data controllers and processors, so to say that data controllers and processors could/should also be the owners of personal data. Even though this is an interesting proposal, it’s clear that this is a novel viewpoint and that in fact most others believe that Data Users must be able to have a high level of control over their data (including monetisation) without unnecessarily prohibiting their data from being used. This legal discourse is impacted not only by jurisdiction but also cultures too.
We ended the event by looking at the different trends in Data Ethics and Ownership, including the companies that have already started to implement data ownership capabilities through Digital Identity solutions and the Legal Studies initiated by the European Commision. It is clear that the conversation has not been finalised and the different sectors will continue to search for the balance of conflicting interests. This sets a great backdrop for our following events (details coming soon).
At the end of the day, the GDPR is not perfect, but one thing that it gets right is putting the Data User at the forefront of all things data, protecting their personal data through empowering the rights and increasing company obligations.
I want to say thank you to David Klein for support on understanding the German perspective of Data Ownership from both a data protection and IP law approach. Thank you to Philipp Kaufold for his presentation, and to all the participants for their questions and engagement.
If you’d like access to the presentation, feel free to reach out to Philipp Kaulfold or myself. We’re looking forward to seeing you at the following events.
Sources
[1] Internet of Things (IoT) technologies are becoming increasingly more pervasive. (Within the EU28 alone, the estimated number of connected ‘things’ was 1.8 billion in 2013 and is expected to reach 6 billion by 2020.
S Aguzzi and others, Definition of a Research and Innovation Policy Leveraging Cloud Computing and IoT Combination (European Commission 2014) 10, 26, 61. Globally, the number of connected devices is expected to grow from 9 billion in 2013 up to 50 billion by 2020: OECD, OECD Digital Economy Outlook 2017 (OECD Publishing 2017) 247; GAO, Technology assessment: Internet of Things: Status and implication of an increasingly connected world (GAO-17–75, May 2017) 1; McKinsey Global Institute, The Internet of Things: Mapping the Value Beyond the Hype (McKinsey 2015) 17.
[2] Janeček, Václav, Ownership of Personal Data in the Internet of Things (December 1, 2017). Computer Law & Security Review, 2018, 34(5), 1039–1052. Available at SSRN: https://ssrn.com/abstract=3111047 or http://dx.doi.org/10.2139/ssrn.311104
. . .
Follow our LinkedIn Group to get more information about upcoming events and announcements. Join our LinkedIn community of innovators and creators.
About Us
Blockchain HELIX is a technology startup developing the Digital Identity solution, helix id. With helix id, internet users stay in full control of their data and can decide if and with whom they want to share it. Everything necessary for a trusted and secure digital future.
