In our last post, we discussed the importance of having control over our data. Others, meanwhile, have championed the competing model of data ownership. Here, we outline why control, not ownership, provides the surest path towards data empowerment.
Ownership Versus Control
Ownership relates to a full legal claim on property, with the right to exclude others from its use or enjoyment. Control, on the other hand, gives one the capacity to determine the use or management of a property. While interrelated and often conflated, ownership and control are two unique concepts with starkly different implications.
Intuitively, a person who owns something also has the power to control it. However, an owner of an asset may choose to hand control of that asset to another person. For example, a landlord may use a lease agreement to grant control of her property to a lessee, subject to certain time and authority limits. A patient who suffers a traumatic brain injury and is no longer able to make decisions related to his treatment knowingly, or unknowingly, cedes “control” to someone else.
3 Reasons Why We Favour Control Over Ownership
This distinction is helpful as we outline three key reasons why “control” provides a better basis than “ownership” for data empowerment:
1. Data “ownership” is conceptually problematic.
Several authors have argued that although data ownership is a clear and relatable concept, it poses fundamental challenges.
First, data is “non-rivalrous”; meaning you may own your data, but you can also share it with others to benefit, without relinquishing ownership or losing its value.
Second, usually data is not about a single person but relates to a network of relationships. For example, online shopping data is not only about the buyer, but also the trader, the product’s producer and even the payment platforms and shipping companies that fulfil the transaction. In such cases, it is extremely difficult to attribute that data to one single party.
Third, legal frameworks across several countries do not allow for data to be owned, and are therefore incompatible with notions of commercialization and commodification. Existing property laws do not define data as ownable because doing so would hamper the balance between individual and organizational interest in data and access to it. This simply means that the ownership model would overly restrict who can access and use data and undermine data’s wider social value.
2. Treating data as owned property has dangerous implications
We agree with those who reject the data-as-property argument on the basis that it paves the way for people to sell their personal data in a way that could be harmful to themselves. At the same time, this transactional model would constrict the free flow of information and limit wider political, social, and economic benefits.
We also agree with those who have observed that the value of data grows exponentially when aggregated with other data. Therefore a scenario where various data “owners” hold on to their data, not sharing it with others, would limit the potential value of data to individuals and society.
Ultimately, we share the view that data is more a public good than a private one. While this argument needs to be explored in full depth (and maybe in another blog post), this belief is fueled by the simple notion that the kind of insights that we are able to derive from pooled data is the result of many peoples’ contributions. The wider public should be positioned to benefit from the insights of our collective data.
3. Control of data promotes transparency, agency, and accountability — the essential ingredients of data empowerment.
In their summary of pro data “ownership” positions, Hummel et al. (2020) conclude that the most important factor for those who propose and those who oppose the “ownership” concept, is “control” over how data is used. This suggests that “controllability” rather than the notion of ownership should be the primary goal of data governance.
The ability to control data rests on the recognition of data rights. In the EU’s General Data Protection Regulation, people (referred to as subjects) are granted rights to their data — the right of access, rectification, erasure, portability and the right to objection. While there are nuances that a rights-based approach needs to address, particularly in balancing individual and collective rights, a scenario where people have control over their data, guaranteed by data rights, provides the fundamental conditions that make data empowerment feasible.
Control over one’s data requires that data collectors — governments, businesses, non-profits, among others — are transparent about how data is used and processed. We also need collectors to provide people access to data held about them, and to the data that shapes their lives. When people have control over their data, they will be better able to demand privacy protections and seek retribution when their data is misused.
In our next blog post we will discuss the implications of this thinking for data governance. How can effective data control be facilitated in practice? What sorts of governance mechanisms are necessary to ensure that people can enforce their rights and exercise control over their data?
Follow us (or join us in our discussion) as we attempt to answer these questions.
— — — — — — — — — — — — — — — — — — — — — — —