We’re challenging the language of data ownership
Data is not like property – ownership language encourages faulty intuitions about how data should be governed
Data is not
be used up
Data is easily
Data is never
about just one thing
Data cannot be
separated from people
On 3 October the British Academy, techUK and the Royal Society convened a seminar, which provided an opportunity to explore and understand the concept, value and limitations of the idea of ‘data ownership’. It considered the sound bases from which to consider and probe the concept of data ownership and discussed issues relating to the ability to exert rights and control over data use.
Based on the discussion during the seminar the following key points have been identified as warranting further consideration and discussion moving forward:
- Use of the term “data ownership” raises significant challenges and may be unsuitable because data is not like property and other goods that can be owned or exchanged
- Instead discussion should explore the rights and controls individuals, groups and organisations have over data, and should encompass a societal as well as individual point of view
- Broader debate could help to better describe the data rights and controls that are often associated with the concept of ‘data ownership’.
This paper summarises the rich and diverse discussion at the seminar, and is followed by a set of papers, which provide further explorations of data ownership, rights and controls.
The report also includes short papers exploring the concepts discussed at the seminar by a range of stakeholders.
We’re highlighting how, why and when individual consent fails us
Individual consent sometimes disempowers people – we’re talking about its limits to avoid its misapplication
When is consent
When do people
have real choices?
How do choice architectures
Is managing consent
When does individual
How does consent apply
to wider harms?
Jacob Leon Kröger, Otto Hans-Martin Lutz and Stefan Ullrich
Despite years of heavy criticism, privacy self-management (i.e., the principle that people individually manage their privacy via notice and choice) remains the standard of privacy protection throughout the Western world. Building on previous research, this article provides an overview and classification of the manifold obstacles that render privacy self-management largely useless in practice. People’s privacy choices are typically irrational, involuntary and/or circumventable due to human limitations, corporate tricks, legal loopholes and the complexities of modern data processing. Moreover, the self-management approach ignores the consequences that individual privacy choices have on other people and society at large. Regarding future research, we argue that the focus should not be on whether privacy self-management can be fixed by making it more user-friendly or efficient – it cannot. The concept is based on fundamentally wrong assumptions. To meaningfully address the potentials and dangers of personal data processing in the 21st century, a shift away from relying purely on individual control is inevitable. We discuss potential ways forward, stressing the need for government intervention to regulate the social impact of personal data processing.
We’re showing how we are connected by data
Pointing out how our data affects others (and their data affects us) reflects reality and promotes collective action
Data governance law—the legal regime that regulates how data about people is collected, processed, and used—is a subject of lively theorizing and several proposed legislative reforms. Different theories advance different legal interests in information. Some seek to reassert individual control for data subjects over the terms of their datafication, while others aim to maximize data subject financial gain. But these proposals share a common conceptual flaw. Put simply, they miss the point of data production in a digital economy: to put people into population-based relations with one another. This relational aspect of data production drives much of the social value as well as the social harm of data production and use in a digital economy.
In response, this Article advances a theoretical account of data as social relations, constituted by both legal and technical systems. It shows how data relations result in supra-individual legal interests, and properly representing and adjudicating among these interests necessitates far more public and collective (i.e., democratic) forms of governing data production. This theoretical account offers two notable insights for data governance law. First, this account better reflects the realities of how and why data production produces economic value as well as social harm in a digital economy. The data collection practices of the most powerful technology companies are primarily aimed at deriving population-level insights from data subjects for population-level applicability, not individual-level insights specific to a data subject. The value derived from this activity drives data collection in the digital economy and results in some of the most pressing forms of social informational harm. Individualist data subject rights cannot represent, let alone address, these population-level effects. Second, this account offers an alternative (and it argues, more precise) normative argument for what makes datafication—the transformation of information about people into a commodity—wrongful. What makes datafication wrong is not (only) that it erodes the capacity for subject self-formation, but also that it materializes unjust social relations: data relations that enact or amplify social inequality. This egalitarian normative account indexes many of the most pressing forms of social informational harm that animate criticism of data extraction yet fall outside typical accounts of informational harm. This account also offers a positive theory for socially beneficial data production. To address the inegalitarian harms of datafication—and develop socially beneficial alternatives—will require democratizing data social relations: moving from individual data subject rights, to more democratic institutions of data governance.
Part One describes the stakes and the status quo of data governance. It documents the significance of data processing for the digital economy. It then evaluates how the predominant legal regimes that govern data collection and use — contract and privacy law — code data as an individual medium. This conceptualization is referred to throughout the Article as “data as individual medium” (DIM). DIM regimes apprehend data’s capacity to cause individual harm as the legally relevant feature of datafication; from this theory of harm follows the tendency of DIM regimes to subject data to private individual ordering. Part Two presents the core argument of the Article regarding the incentives and implications of data social relations within the data political economy. Data’s capacity to transmit social and relational meaning renders data production especially capable of benefitting and harming others beyond the data subject from whom data is collected. It also results in population-level interests in data production that are not reducible to the individual interests that generally feature in data governance. Part Three evaluates two prominent legal reform proposals that have emerged in response to concerns over datafication. Propertarian proposals respond to growing wealth inequality in the data economy by formalizing individual propertarian rights over data as a personal asset. Dignitarian reforms respond to how excessive data extraction can erode individual autonomy by granting fundamental rights protections to data as an extension of personal selfhood. While propertarian and dignitarian proposals differ on the theories of injustice underlying datafication (and therefore provide different solutions), both resolve to individualist claims and remedies that do not represent, let alone address, the relational nature of data collection and use. Part Four proposes an alternative approach: data as a democratic medium (DDM). This alternative conceptual approach apprehends data’s capacity to cause social harm as a fundamentally relevant feature of datafication; from this follows a commitment to collective institutional forms of governing data. Conceiving of data as a collective or public resource subject to democratic ordering accounts for the importance of population-based relationality in the digital economy. This recognizes a greater number of relevant interests in data production and recasts the subject of legal concern from interpersonal violation to the condition of population-level data relations under which data is produced and used. DDM therefore responds not only to salient forms of injustice identified by other data governance reforms, but also to significant forms of injustice missed by individualist accounts. In doing so, DDM also provides a theory of data governance from which to defend forms of socially beneficial data production that individualist accounts may foreclose. Part Four concludes by outlining some examples of what regimes that conceive of data as democratic could look like in practice.
We’re finding the metaphors that resonate with people
Data is hard to grasp – analogies can prompt different ways of thinking about it and challenge invalid intuitions
We have choices about the food we eat, but we don’t have to carry around chemical analysis units with us when we go food shopping to make sure it’s not harmful. That’s because there are regulations, and regulators, that limit what food providers do. When there is harm, it is dealt with quickly, and regulation is adjusted to keep up with changes to food manufacturing practices.
In the same way, we shouldn’t have to be the ones scrutinising the organisations that collect and use data about us. Effective regulation and regulators are a better way of being protected from harm.
We can do a lot to our homes to make them our own, but there are limits. When we want to extend them, we have to go through a process that checks whether those changes will affect others in our neighbourhood. Elected representatives, supported by officials, carry out their deliberations in public and with transparency.
In the same way, we may have extensive rights over what we do with data that is about us, but there may also be times when others can make decisions about it for the common good.