You probably do not know what data you own, and you probably have no idea where most of your personal data is. If you want to know, read on—although as with most questions like this the answer is not always simple.
The Possibilities of Data Ownership
Let’s begin by discussing whether you should care about your personal data.
Right now, at the time that I’m writing this, there are only a few ways for individuals to control their data and use it productively. That’s right now, but as time marches forward, that will change.
Think of it like this:
Skilled hackers make a handsome living from stealing and selling personal data. Credit score companies run their businesses off it. eCommerce and social media sites make billions by harvesting it to sell ads.
We at Permission.io are on the side of the angels. We enable permission.io members to earn from their data. They earn ASK coins by watching promotional videos and ads, playing games, and pursuing various other activities in exchange for allowing advertisers to use their personal profile data.
Digital IDs will make a key contribution to Web 3.0, the next generation of the Internet. They will engender a global business opportunity for people and organizations everywhere.
There are two sides to this opportunity:
On the one hand, cybercrime will become less and less prevalent because individuals and businesses will be able to operate in a trusted way, authenticating one another whenever they interact.
On the other hand, the ability of individuals to control and share their data will allow businesses and consumers to interact directly, on an equal basis, eliminating middlemen and thus reducing the cost of establishing and maintaining commercial relationships.
The Personal Data World
Given that your data clearly has value, you may be wondering what the full extent of your personal data is. Here’s a way to think about it. There are four categories of personal data:
Credential data. This is your identity and all the documents associated with it that act as credentials: birth certificate, social security number, passport, driving license, credit and debit cards, memberships and subscriptions, and so on.
Title data. This refers to data that proves ownership of something, whether it be land, a property, a car, or mobile phone. When you sell something you own you transfer its title to another owner. So this is data whose ownership can change.
Digital Possessions. This comprises photographs and videos you have taken and saved, plus ebooks, music, and videos you have bought. You can think of these as self-defining titles, as you could sell them if you felt inclined.
Your historical record. The fourth kind of data is your historical record, including such things as your educational record, your health record, your employment record, the history of everything you ever bought or sold, and even the web links that record which web pages you have visited. This data is valuable. In fact, it is your historical data, which both big tech exploits, that is responsible for their advertising income.
You probably realize that this personal data of yours is not all in one place.
Some of it is on your mobile phone, your tablet, and your PC. Some of it is held by government organizations, educational and health care organizations. Some is held by banks, insurance companies, and stores like Walmart and Target. Some is held by social network sites like Facebook and Linked In, or by e-commerce sites like Amazon. Most websites that you visit are storing some of your personal data.
Many of these organizations, particularly social networks and search engine businesses will claim that you are trading the use of your data for the services they provide, although they rarely provide any detail of what they are doing with your data.
For example, if you send a specimen of your saliva to a genetic analysis company that traces your ancestry, they won’t tell you that they may sell your data to pharmaceutical companies.
Worse than that, there are data brokers who gather your personal data from publicly available sources: court cases, marriage records, property records, etc. and combine it with other personal data they buy: browsing history, social media data, and anything else they can get their hands on, including data from retail stores and even the Department of Motor Vehicles.
The Legal Situation
You might wonder then, whether the businesses that exploit your data have a legal right to do so. Ultimately, the ownership of anything is determined by the law. When it comes to physical things, like condos, computers, or cars, the law was settled long ago and the details do not vary much, country to country.
However, the idea of data ownership is fairly new, and the legislators of the world have only taken an interest in recent years. Consequently, the situation varies, country to country and it’s far too early to think of the law as settled.
The first countries to frame data ownership laws were the countries of the EU, with the enactment of General Data Protection Regulation (GDPR). It’s likely that laws in many other countries will be based on these regulations, for two reasons:
The EU framed these laws to apply to businesses everywhere that have any customers who are EU citizens.
The fines for violating these laws can be very heavy—as high as 4% of the annual revenue of the offending business.
A consequence of this is that many large businesses outside the EU have put procedures in place for conforming with GDPR. It will thus make life easy from an implementation perspective for other countries to create similar legislation.
Because your data is fragmented and stored in many different places, at the moment, it is difficult for anyone to assemble their data all in one place. In theory, it would be possible for European citizens to do so because, by virtue of GDPR, they can demand copies of their data from organizations that hold it. However, even if someone did that there is currently no easy way for them to assemble all their personal data in a single place. This will become easier when digital IDs become more common.
Anyway, if you are wondering whether you own your personal data, if you are an EU citizen, the answer is “Yes, it’s the law”.
Elsewhere, if you live in a democratic country, the answer may be “not yet, officially”. But if EU citizens own their data, then surely you will soon enough.
Think of it this way: If you ask people to vote on whether they own their data, who would ever vote “no”?
Nevertheless, there will no doubt be some local variations in such law—and in less democratic countries, it’s impossible to predict how it will develop.
In the US, there are a variety of initiatives in favor of data ownership. It has become a political issue, but luckily both parties seem to be in favor of people owning their data. For example, Sen. John Kennedy (R-La.) introduced Social Media Data Privacy Legislation in 2019. At the same time, Democratic presidential hopeful Andrew Yang included data ownership as part of his presidential campaign.
In late 2019, California enacted the California Consumer Privacy Act (CCPA). This regulates the use of Californians’ personal data and is similar to GDPR. Other states will no doubt follow suit as time marches forward.
And if you look towards the developing world, where data ownership is rarely thought about, governments of countries large and small are rapidly issuing their citizens with Digital IDs, based on biometrics. The populations of these countries may not have accumulated much personal digital data, but with a Digital ID and a mobile phone, they possess the foundation for doing so.
Data Ownership: The Bottom Line
In summary, while we do not yet inhabit a world where people have command of their personal data, the wind is blowing very strongly in that direction.
The exploitation of personal data by big tech has become increasingly visible. Social media is alive with negative reactions to every excess that is reported.
At a governmental level, data ownership has become law in the EU and other countries including the US have started to follow suit.
Data ownership has become a political issue in the US, as it has become clear that personal data has value.
Almost all developing countries are providing biometric Digital IDs for their citizens, helping to provide the foundation for Web 3.0.
The blockchain provides the secure technology required for Digital IDs and data ownership.
At Permission.io, we are developing Digital ID capability for our members and helping them to earn from their personal data.