What happens when you sell your personal data on eBay: a first-hand account from a data enthusiast

Startup Garage is designed to empower independent startups in France by providing access to expertise and mentoring, internal and external to Facebook. We’ve hosted a diverse set of speakers, from the head of HR at Facebook to members of the French CNIL (Commission Nationale de l’Informatique et des Libertés), to bring together thought leaders and startups to facilitate rich discussions around the topics that matter to them. We’re starting a blog series with the same goals in mind, exploring the questions and challenges that startups in France are facing as they look to innovate and create new ways of doing things.

We’re kicking things off with Chris Downs, the CEO of Normally, and a service design pioneer and data enthusiast. Facebook partners with Chris to run collaborative workshops that explore and develop new design patterns and templates that give people trust, transparency and control around data. The idea for these workshops sprouted from a series of global roundtables Facebook ran two years ago, that revealed the need for more leaders to explore how privacy and innovation powerfully reinforce each other. We’ll host one of these workshops at Startup Garage in the coming months.

We asked Chris what his motivation was for working on data innovation. The following is Chris’ response, written in his own words:


My experiment

In 2000, four years before the launch of Facebook and seven years before the first iPhone, I sold all my personal data on eBay.

What that actually meant in practice

I wrote to every company I had a relationship with and requested they send me every single piece of personal data they held on me. I wrote to my bank, my credit card provider, my gas and electricity utilities, a credit reference agency, my mobile phone network, and the supermarket that held my loyalty cards. I received approximately 800 pages of material printed, where possible, directly from databases. I say, ‘where possible’ because approximately 50 pages from my bank were hand written. (An attached note explained, “This data cannot be printed so the sheets are hand-written.”)

My bank data, hand written

I sent the same ‘subject access request’ letter to each company but received a diverse response. One organisation returned a full copy of my data within a week of my request. One company wrote back after a month to tell me I had addressed my original request to the wrong department. They neglected, however, to provide me with the details of the correct department. The rest requested the permissible fee (up to £10) before taking varying lengths of time before returning me a full set of my data.

Having read through the ‘highlights’ of my data, I gathered it all into a single pile. This is an important step and I’ll explain why later.

I then wrote a factual description of the data — its size, format and samples of its content and put it up for auction on eBay.

It sold, eventually, for £150. The fact that it sold was not as important to me as the fact that I was able to put it up for sale. I don’t believe the price gave any real insight into a true ‘market value’. In fact, I believe we’re only beginning to discover all the ways our data can have value for us, and cash is the least of them.

Why did I embark on this experiment?

There were two motivations behind my decision to sell my personal data. The first was a curiosity to explore data as a material. The second was a desire to illustrate that our data has value that we, the creators of this data, are only beginning to realise.

As a young industrial designer finding his way into the world of digital products, I had seen the transformative shift in the material I was designing with and for — from plastics and metals to code and servers. However, I suspected these were not the true materials of a digital product or service. These felt, to me, like the tools, the presses, the formers, the moulds. I had a hunch that the material I was designing with was the data that the code shaped and the servers handled. But as a material, data was elusive and intangible. ‘Material exploration’ had been an integral part of my Art School education. I was trained to learn about material properties so that I could design within their parameters and experiment with their boundaries. This crucial component of a designer’s craft is only possible if one is able to hold, shape and manipulate the material. That’s what I wanted to do with data — I wanted to look at it, feel it, understand what how it was made and what it was capable of.

And then, to illustrate the value of our data, I could have made a poster. But I hoped that the process of requesting, collecting, merging and selling my data would make for a more engaging and thought-provoking experience. There were four key ideas I wanted to explore:

  • Data is being created constantly — every time we interact to with technology, from using public transport to making a transaction. And that trend is only set to continue.
  • Inferences are made from our data, which in turn drive decisions made on our behalf. Our data can inform and improve our own decisions too.
  • Our data has value — especially to us.
  • People are starting to realise that we too can participate in the creation and use of our data. We don’t have to wait for an invitation.

What was in the data I collected?

In total, there were approximately 800 pages of data — some of it handwritten, much of it inaccurate, a great deal of it based on understandable but flawed assumptions. All of it fascinating; to me at least.

There were a number of data types — from data that identified me, to data that described my relationship with the company, to data about every transaction I’d made and how much of a risk the company thought I might be.

Scanning my supermarket loyalty card data, I can see every visit I made to the supermarket and every single item I bought between September 1998 and June 2001. I can see that on April 3rd, 2001, over 16 years ago, that I bought turkey steaks in my local supermarket in Dalston, London. While that might not mean much to anyone else, it triggers a distinct and vivid memory of baking a turkey pie on the day my cousin Steven came to visit. This is a memory I had otherwise entirely lost and — had it not been for my shopping data — would have disputed! And this data is not just mine. My wife, Sarah, and I shared the same loyalty scheme — and so both our shopping habits are laid bare. There is a gap in the data between 1st July 1999 and 4th October 1999 — we spent that summer in San Francisco. Sarah can spot the patterns in her menstrual cycle from the habitual pain relief purchases. Similarly, we can see the onset of winter colds. Returning again to the data after all these years, we can talk endlessly (our lives are not so interesting) about the changes in our cooking and eating habits. We can even spot who was cooking what and when. The data has confirmed that we’ve been loyal purchasers of ‘Ecover’, the ecological cleaning product brand, for over 16 years. Maybe we should tell them.

My supermarket loyalty card data

These are trivial, everyday stories, but they are stories nonetheless. Most importantly, they are our stories and they’re valuable to us. In the past, they would have been locked inside data vaults that most of us couldn’t access. While, as I learned, the process of accessing it is still nowhere near as straightforward as it should be, information is more widely accessible now than it has ever been.

There is data that professes to describe who I am. According to my local supermarket I was a “Better-Off Inner-City Executive” living in a “Partially gentrified Multi-Ethnic Area”, I was a “Foodie Cook”, and was in a household with “No children 2+ adults aged <40 not retired not students.” At the time, we were recent graduates, struggling to buy our first apartment in an ‘affordable’ part of London. Our work lives were precarious as artists and freelancers and although we made our meals out of fresh ingredients, our menu was limited. Evidently, I only ever cooked leek and bacon pasta.

From my bank, there are a whole 92 pages of “Daily risk management entries” spanning (16/07/1996 to 11/01/2000).

According to the cover page from my bank, they thought they had a pretty good idea of what I might be interested in buying.

Three things struck me about this table. Firstly, they had it entirely wrong. At this stage in my life I was most interested in life insurance and a pension — although ‘interested’ is probably too strong a term. Secondly, this data was coming from a database which, I suspect, was rendered into a screen, and something tells me it was the screen that a member of the call centre team would see each time I made contact. In my mind, when I called, my bank was always thinking ‘How can we help Chris?’, but my data leads me to believe they were really thinking ‘What can we sell Chris?’ Finally, in all of this, I couldn’t help

I had scrutinised the 1995 Data Protection Act and was curious about a couple of its principles.

The data protection act was designed, primarily, to protect us; the ‘data subjects’ from the misuse of our data. The principles I was most interested in are summarised here:

  • We have a right to a full and complete copy of our data collected and held by companies and to exercise this right all we have to do is write a ‘subject access request’ letter.
  • Organizations who hold databases with our personal data in them, must keep these databases separate.

From next May, new data protection rules for Europe will apply in the form of the General Data Protection Regulation (GDPR). Both these principles are included in it too.

What did I learn from my experiment?

The list of organisations that held data about me was not very long back then. Hard to imagine now, and a recent re-run of the experiment by Gemma Lord, a colleague of mine, confirmed this when she stopped listing them once the list ran into the hundreds. She also learned that the format of the data has changed. Some of it is available as machine readable data — and sometimes it’s even available in an accessible and usable format. Other than that, disappointingly, nothing much else has changed. The experience is just as clumsy, frustrating and disorganised as it was 17 years ago.

So, what of this? Why am I telling this story now and why does it matter? Well, this feels like a crucial time in the evolution of our data relationships. We are becoming more reliant on data driven services. We’re becoming increasingly aware of the huge value our data has for us. No longer passive ‘data subjects,’ we’re increasingly taking control of our data and using it to improve our lives. At the same time, many of us have concerns about how our data is handled, protected and used to make decisions that have material impact on our lives. People’s trust in the data economy is not guaranteed. And ultimately, if that trust isn’t fostered and earned, we’ll all lose out. Data-driven services and innovation will fail or be choked. Potential to use data for social good — in areas from education, to humanitarian aid, to fighting climate change — won’t be unleashed. Businesses won’t be able to build and tailor their products and services to meet people’s needs and wants. And we won’t be able to reap the benefits of driven- services, from the fitness trackers on our smartphones, to game-changing advances in healthcare.

From that Quixotic dataquest 17 years ago, and from my subsequent career devoted to gaining a better understanding of data’s material properties I have come to understand three principles, that I hope can reprogram our data relationships and rebuild trust.

The fear we face around our personal data is really a fear of the unknown.

I was entirely comfortable selling my data because I had seen it. It was that simple. Prior to having scrutinised the full and complete set of my data, I had fears for what it was companies might know about me and about what might happen if it was in the wrong hands. But now I’m not so worried about someone discovering my turkey steak purchase or that my bank thought (wrongly) I was in the market for a loan. So, if our fears are predicated on the fact that we can’t see our data, then, why can’t we access our data more easily? Why aren’t we in regular, open contact with the data we create — possibly, even, at the point at which it is created? Step one to a trusted data relationship, surely, has to be a step towards data transparency.

It should be easy for people to be curators of their own data.

I said earlier that I’d return to the idea of why gathering all my data into a single pile was an important one. Well, it’s important because I have the sole right to do it — to merge my data. I’m not technically gifted, but what I think I did, by piling up those pages of information, was to merge databases. The data protection act is very clear about forbidding organisations to do exactly that. Through my experiment it occurred to me that there might be benefit from me allowing the merging of certain datasets across these organisations. If only there was a mechanism for the control of my personal data. Providing access to our data, encouraging us to tend to it, to clean it, correct it, connect it — inviting us to participate in the modelling of our data past the point of collection — these feel like wholly sensible things to do. Granting us access to and control of our personal data can only add to its value and build the trust we so desperately need.

Data is not oil. It is a unique material that requires a unique approach to solving its problems and uncovering its opportunities.

The personal data issues that might lead to a breakdown in trust are complex and cannot be characterised in traditional terms. These are problems that occur at the intersection of commerce, technology, legislation and people. It is clear to me that we need to move to a more positive, trustworthy relationship built on transparency and control — but we can only achieve this through new models of collaboration. We’re in this together. We’re going to have to start with a conversation between organisations, legislators and users to understand where our needs and motivations align. And then we’re going to have to find a way to work together to imagine and build better, more informative, fairer and more positive interactions. I’m working on it.


Chris is one of the true pioneers of Service Design. He founded live|work, the world’s first service design agency in 2001. Chris is internationally recognized for his perspective on building brands and products that live through every touchpoint of the user experience, and that the ‘servicization’ of many products leads to a more financially, socially and environmentally sustainable future. He has brought this thinking to the design of iconic and disruptive services for clients including Barclays, Streetcar (now Zipcar), Orange, Vodafone, Fiat, Aviva and Experian. He is now Managing Director of Normally.com.

Startup Garage Paris from Facebook

Facebook’s program designed to empower independent startups in France, with expertise, mentoring and dedicated working space within Station F, the world’s largest start-up campus.

Startup Garage at Station F

Written by

Facebook’s program to innovate with startups in France | Program Manager: CarolineMatte

Startup Garage Paris from Facebook

Facebook’s program designed to empower independent startups in France, with expertise, mentoring and dedicated working space within Station F, the world’s largest start-up campus.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade