Personal Data: Who Should Own It and How Much Should It be Worth? (Part 1)
"Data is the issue du jour," writes Jack Marshall, "CEOs are now frequently asked what their 'big data strategies' are, and CMOs are being pressured to turn the volumes of information their companies collect into business insights and cunning marketing strategies. That's prompting many clients to panic and to question where their data lives, who has access to it, and what exactly it's being used for." ["Brands Get Nervous About Data Ownership," Digiday, 22 April 2013] Interestingly, Marshall is talking about data provided by business clients to ad agencies. He continues:
"According to agencies, clients do 'own' their data in the vast majority of instances. But agencies are well aware of its value and have no incentive to give up control of it to the client. It's less an issue of ownership than it is of control and access. Relationships and contracts vary, of course, but typically it's understood that agencies have rights to it on their behalf. But the reality of the situation is that most data-management platforms, DSPs, trading desks and other data platforms sit on the agency side, not with clients. Therefore, even if brands wanted to take control or 'ownership' of their own data, they're simply not in a position to do so at present."
Peeling the data ownership debate back one more layer, we find that within large organizations there are debates about who should "own the data." Tom Casey, Kumar Krishnamurthy, and Boris Abezgauz write, "Unlocking the potential inherent in all this data, structured and unstructured, internal and external, demands that companies set clear goals for how the data will be used — whether for optimizing the supply chain, developing closer relationships with customers and partners, predicting and reacting quickly to market shifts, or identifying areas for operational improvements and better accuracy of reporting. And they must decide on how it is to be collected, analyzed, and acted on." ["Who Should Own Big Data?" Strategy + Business, 12 August 2013] They continue:
"Given the cross-functional challenges, rich potential, and inherent dependency on complex technology, the question of who should own the data has become a hotly contested topic. In an online survey of more than 500 business intelligence professionals, respondents were evenly divided among three possible scenarios — that IT should take the lead, that the business should, or that a matrix organization should be created, bringing together the expertise of both."
If large companies can't get a grasp on how big data is to be used and who owns it, it's no wonder that individuals feel even more helpless. A number of privacy advocates believe that individuals (not companies) should have ownership of their personal data so that they have more say in how their data is used. "Citizens and consumers are becoming increasingly aware of the value of their personal information," writes Robert Hillard, "and hence are looking for more privacy options." ["You should own your own data," Mike 2.0, 25 April 2013] He continues:
"The default position of governments has been to revisit their privacy regulations. This approach, though, is doomed from the start as no regulation can possibly keep up with this rapidly developing information economy. In fact, it is likely to be economic forces that will provide the solution to the privacy risks of Big Data. Both government and businesses are beginning to realise that they can make individuals much more comfortable to share their data if rather than providing an almost infinite (and incomprehensible) set of privacy settings they simply renounce any attempt at taking over ownership of the data and simply borrow or lease it with the permission of the true owner – you. Rather than reducing the value to business and government, this approach actually opens up a huge array of new possibilities and leaves the individual in control. The evidence is growing that when people feel confident that they can withdraw their information at any time and are not at risk of unintended consequences they are much more willing to submit their data for a wide array of purposes. The protection of the individual in a world of Big Data is not through better privacy, but rather through clarifying who actually owns the data and ensuring that their rights are maintained."
I agree with Hillard that technology will always outrace any attempt to regulate it. When it comes to permission-based data usage, however, the devil is in the details. With so much data already available, getting the privacy genie back in the bottle could prove problematic. Mark Veverka rhetorically asks, "Do you know where your personal data is?" His short answer is: "Everywhere." ["Unplugged: Who's got your personal data," USA Today, 24 June 2013] "We need not only be concerned with how the government is gathering and using our data," he writes. "We should be equally cognizant of what businesses such as retailers, banks and medical providers are doing with our personal information and how it affects our relationships with them."
Duncan Jefferies reports that trust, privacy, and data ownership weren't really front-burner issues until recently. "During the early years of Web 2.0," he reports, "everyone seemed only too happy to share a huge amount of information about themselves through tweets, Facebook updates, geo-location data and other sources. But it seems people are beginning to realise that it might not always be a good idea to turn off their internal privacy settings." ["Can we trust organisations with our data?" Green Futures, 24 June 2013] Even though the privacy genie may never be able to be put back in the bottle, Abhishek Mehta, founder of Tresata, believes that "the discussion around the positive applications of Big Data is hollow if user privacy is not being addressed." ["Abhishek Mehta Discusses the Concept of Data Ownership," by Maria Deutscher, Silicon Angle, 18 June 2013] Mehta believes, "Individuals and organizations need to know who owns their data, who has access to it, and what can be done with it." The article continues:
"The way Mehta sees it, big tech firms possess 'pools' of user data. Amazon is the 'purchasing cloud of information,' Facebook is the 'social cloud of information,' and so on. Consumers entrust these companies with their data, but they don't necessarily know who owns it, and more importantly, they can't access all of it from one place because the technology required to do so is not yet available. Much of this also applies to private organizations, which generate large amounts of sensitive information that can easily fall into the hands of third parties. Mehta believes that in time, these isolated pools of user information will collapse into one another. He views this trend positively, but stresses that Big Data can be a source of both good and evil."
When Mehta talks about collapsing data pools into one another, one potential course for that collapse is to place data into what has been called Personal Data Vaults. But even if such vaults are created, individuals may not know what to do with them. Howard Gross asserts that consumers already know that massive amounts of data are being collected about them as they shop, surf the web, and make mobile calls. But, he notes, "Knowing is not always the same as understanding." ["Big Data and the Myth of Consumer Control," SmartData Collective, 25 June 2013] He continues:
"Joseph Turow, a professor at the University of Pennsylvania’s Annenberg School of Communication, has found that most Americans are unfamiliar with concepts like data mining and behavioral targeting. They are also limited in their ability to use technologies that protect their privacy. Moreover, few grasp the fact that by simply 'liking' something on Facebook, they may inadvertently reveal their ethnicity, economic status, political views, religious beliefs, mental health or sexual preferences."
Clearly, the issue of data ownership is only going to heat up in the years ahead rather die down. If privacy doesn't become the driving issue, money will. "'Monetizing privacy' has become something of a holy grail in today's data economy," writes Joseph W. Jerome, a Legal and Policy Fellow at the Future of Privacy Forum. ["Buying and Selling Privacy," Stanford Law Review, 3 September 2013] In the final post of this two-part series, I'll explore whether or not you and I are going to get rich selling our private data to the world.