We don’t need statistics to tell us that most people have a trade-off between convenience and privacy. Despite concerns over data use, Facebook revenues continue to soar, and Google’s search engine market share has consistently held at around 90% over the past decade.
But the “privacy paradox,” the inconsistency between privacy concerns and actual behaviour, is far more nuanced than some make it out to be – people are still concerned about privacy. Here are a couple of infographics published last year by the Pew Research Center that illustrate what much of the research out there shows.
And we know that concerns about personal data misuse aren’t just about unsolicited online advertisements. In 2013, Cambridge Analytica, which has become synonymous with personal data misuse, developed a micro-targeting programme in Trinidad and Tobago to encourage black voters not to turn out to vote in order to sway an election. This shocking interference with democratic processes is just one of the more than 200 elections that executives of the company boasted they had worked on.
The “prize” for Cambridge Analytica’s political work in Trinidad was to conduct security work in the country. The company proposed they could capture citizens’ browsing history en masse, recording phone conversations and applying natural language processing to build a national police database, complete with criminality scores for each citizen.
The truth is, it’s not just internet companies sweeping up data to sell to advertisers or the odd political campaign; we are living in a systematic intrusion of our data. In his autobiography Permanent Record published last year, former CIA and NSA contractor Edward Snowden reflects on a range of surveillance tools developed to conduct mass surveillance worldwide which he helped expose. These include a search engine for all of your online data and even a program which can take screenshots of private video conversations.
It’s fair to say that we do care about our privacy, we just feel severely dislocated and disempowered from the issue. We constantly have to agree to terms to use services which are integral to everyday modern life – and for government surveillance, we do not even know what methods are deployed nor can we do much to change them.
The three great data reforms
So what are data protection proponents doing about it? We can summarise the three reforms being driven as:
- Open data: A push to share more data for use by all;
- Privacy first: Minimising data collected on users and ensuring a high degree of privacy for personal data collected, including encrypting personal data and giving users the option to remove it if they wish to do so;
- Data ownership: Building systems so that people can truly take control of their data and have the right to decide who uses their data, and at what cost.
The first two reforms have made significant headway. For open data, there are organisations such as the Open Data Institute, a British non-profit that operates a global network of individuals, businesses, and governments. The Institute runs a range of ongoing projects working towards their mission.
For privacy, groundbreaking legislation such as the GDPR in the EU and the California Consumer Privacy Act have improved business practices, and privacy products such as Signal, ProtonMail, and DuckDuckGo allow people to navigate online with high degrees of privacy. Open data and privacy first still have a long way to go, but it’s the third reform, data ownership, which is severely lagging.
Why we’re still at stage one with data ownership
From celebrities to NGOs, people are calling for the right to manage access to our data and have the option to monetise it, but we’re still missing effective systems to make this viable. Facebook tells us that we “own” our data, but it doesn’t give us the option to use their services while not sharing data with them. Instead, Facebook equates owning our data with having the option to delete our posts and accounts.
Unfortunately, we cannot force an overhaul of the internet. Still, we can work with others to reach data ownership compromises, which to begin with require straightforward and machine-readable data extraction. To address this, the Data Transfer Project is looking to create an open-source, service-to-service data portability platforms. It has Apple, Facebook, Google, Microsoft, and Twitter listed as contributors, but as of yet little seems to have come of the project.
Another project comes from Tim Berners-Lee, the creator of the world wide web, who launched the startup Inrupt in 2018 to “restore rightful ownership of data back to every web user.” Instead of having your personal data stored on company servers, you save it on your own server set up by Inrupt’s project Solid, where you then give individual apps permission to read and write to your server. The project has few participants as of yet, though.
Other projects like the Chrome plug-in Swash, which can collect your data, sell it on your behalf, and pay you back in a cryptocurrency, do not solve the problem that companies like Facebook still have your data, and are making a hell of a lot more money from it than you can.
This conundrum makes some doubt whether data ownership is the right choice. Writing for the Brookings Institute, governance experts Cameron F. Kerry and John B. Morris argued that more robust privacy is a better choice. They say treating personal data as property to be sold could induce some people to trade away their privacy rights for little (after all, it’s only aggregated data that makes millions).
Kerry and Morris also see a data ownership model as too structurally complex and an unnecessary hindrance to the free flow of information. Pushing for privacy, they point out that where necessary, data could be governed to the degree that, for example, ethnicity data is handled in the US, where those who handle it must swear an oath to observe the limit on its use and violations can result in a criminal offence.
The next stages of data ownership
Nonetheless, the privacy proposals do not address the concerns that internet giants do not allow us to own our data, nor do we get a stake in the value of our data. Pro-privacy fundamentalists also do not give us the option to turn privacy off and do what we like with our data. Data ownership is ultimately the democratic approach.
But how are we going to make meaningful change for all? In addition to schemes like Swash that are building systems to collect and aggregate data from the user’s end, we need to take on the internet giants.
Many have argued for data to be treated as “labour” and thus have mechanisms such as “data labour unions” to bargain with tech companies on behalf of users. Successful lobbying could result in fairer arrangements which could change over time as public opinion shifts. Similar concepts include data cooperatives or public data banks, which could be mandated to manage data on behalf of companies and be regulated by elected governments.
Others are pushing for stronger rights in the law, namely a reclassification to see data become “property” of an individual. Among them is former US presidential candidate Andrew Yang, who recently set up the new Data Dividend Project to mobilise people around the issue.
But data is nowhere near as straightforward as other forms of personal property. Bhaskar Chakravorti in Harvard Business Review laid out a 10-point list of problems that need solving before we can consider data as property:
- Define what constitutes the personal data to which a user has exclusive rights;
- Establish criteria to demarcate personal data, anonymised data, and third-party data;
- Create a transparent, market-based, and universally accepted system of valuing data and compensating users accordingly for trading data;
- Define standards for how the data is stored, moved, or accessed interoperably across different digital platforms;
- Establish criteria to evaluate the trade-offs between many needs: interoperability, privacy, cybersecurity;
- Establish criteria to evaluate the trade-offs between personal data and the use of aggregated data as a “public good”;
- Mitigate the transactions costs of negotiating with multiple parties whenever a platform needs multiple data sources;
- Mitigate the risks of bots or malicious actors from taking advantage of compensation for access to data;
- Make it easy to move data across platforms, without expecting the user to be a technology expert;
- Anticipate unintended consequences of changes as fundamental as transferring the control and management of data from big tech “professionals” to the “regular” users.
Once we make tough decisions to resolve these issues, reclassifying data as property will no longer be an outlandish proposal. With it, data protection can move from being solely a legal right to an actionable right which can be used as grounds for a lawsuit. And privacy does not need to die with the democratisation of data; with coordinated resources and efforts, the three data reforms will empower each other and together lobby for meaningful change.
What can I do to help?
Unravelling the problems around data ownership needs long-term support from all advocates. If you believe in data ownership and other data reforms, you can:
- Join an organisation: If you’re a US resident you can join Andrew Yang’s campaign, or you can support different data reform organisations such as the Open Data Institute from as little as £1 ($1.25);
- Use data ownership products: Try out Swash, Solid, and blockchain-based data ownership products such as Civic and ONTO. If you’re interested in privacy-focused applications, you can also check out this list. Tell friends, family, and colleagues who may be interested.
- Follow the political discussion in your country: Sign petitions, contact your local representatives, and join in on discussions!