As Sherlock Holmes would say, “Data, data, data.” That’s what it’s all about today. The world is absolutely swimming in data and everyone and their mother is trying to figure out how to monetize. Most of the scheming currently revolves around advertising, and the big players like Facebook, Google, and Amazon are leading the way in terms of selling stuff to people. But big data is also fueling powerful algorithms that are being utilized by companies to do everything from programming self-driving cars to winning close political elections.
But why do these companies own this data outright? Why are there so few controls for users to get their data back or to remove their data? And do we want this much access to this much data? We’re at the forefront of a sea change in the way the world is perceived and interacted with, so these questions haven’t come close to being answered. Many of them aren’t really being asked yet. But before the data economy gets out of control, we need to determine as a global society what role data should play in our lives.
The first question concerns who owns the data that is being utilized so widely in the world today. Do the companies who procure it own it? Do individuals own it? Do they both own it? As people craft their own online identities, the question of ownership enters an even thornier area. If digital identities are akin to digital people, does ownership of a digital identity equate to digital slavery?
That might be a bit hyperbolic. But then again, it might not. In a very real way, a user’s data belongs to that user. The data about that user is highly personal and a company arguably has no right to keep or use that data beyond that user’s consent. That line of reasoning is at the heart of Europe’s General Data Protection Regulation, also known as GDPR. That legislation does a lot of good for user control of data. It mandates that companies must implement requisite safeguards to protect a user’s data. It also requires that the most private privacy setting must be set by default (instead of the standard practice of making absolutely everything public, which again allows for vastly more data transfer via scraping and other similar mechanisms). Any data processing utilizing a user’s data must be disclosed, as well as any data collection involving a user’s data. Perhaps most importantly, a user (under certain circumstances) can request to have their data removed from a service.
Everything about GDPR points to a shift in data ownership from a purely corporate-centric view of data ownership to a more user-centric one. It empowers users to take control of their data, which is in many ways a direct representation of themselves. It’s a definite step in the right direction and will hopefully expand beyond the EU. (A lot of companies are already implementing it for non-EU regions since it’s just easier from a programming perspective to have everything work the same way. That’s a huge win for users, their privacy, and the control they have over their data.)
Another question regarding data is the value that users provide via their data and whether they are being compensated fairly. Considering the tremendous amount of revenue being generated just from data-powered advertising, it’s not unreasonable for users to want a piece of the action. Google made a tidy $116 billion from advertising in 2019 and Facebook didn’t do too badly themselves with nearly $55 billion. (And Amazon is hot on their tails with its expanding advertising product.) These services depend on user data for their advertising algorithms, but are users being compensated enough for their data?
It’s hard to put a value on what a user’s data is worth. Based on their usage of Google and Facebook’s services, it would seem that users consider their data to be worth nothing. They pay nothing for Google or Facebook and get no compensation in return. (In reality, users pay for Google and Facebook with their data, and the compensation they get is through the utility of the services.) But could there be an alternative? What if users were able to put a price on their data?
Personal data trading would allow users to set the price for their data. If companies wanted to buy their data, they could bid on it, and users could accept or reject their offers. A company and a user could enter into an agreement whereby the former would exchange its services for access to the latter’s data. Then we would actually find out how much users think their data is worth. And maybe it is worth nothing to users, but at least we would know for sure. As it is now, the assumption is that users gladly give their data away for free, but maybe that’s just because they’re ignorant of just how valuable their data is.
Finally we come to the issue of consent as it pertains to data. One of the key tenets of the GDPR legislation mentioned earlier is that users must consent to any usage of their data. Additionally, that consent can be revoked at any time. And furthermore, that consent must be informed consent, meaning the user must adequately understand what they’re agreeing to. All of these regulations help to ensure that users know where their data is going and what it’s being used for. That’s a tremendous win for users.
(It is a definite loss for small businesses, however, as so much legislation is. It’s easy for Google to throw a bunch of money at making its services GDPR-compliant. It’s much more difficult for a small startup to spend that much time, energy, and money on doing the same. It’s enough to bankrupt a company considering how complex the requirements of GDPR are. But still, it’s at least a step in the right direction notwithstanding the unfortunate companies that will be buried in its wake.)
Companies need to be thinking about design choices that ensure users understand the service and how their data will be used. That’s especially important with children, who are becoming increasingly savvy technologically and are utilizing services they may not fully understand. Facebook’s minimum age is now only 13, and whether a 13-year-old understands the intricacies of Facebook’s data sharing policies is up for debate. (When I think back to the 13-year-olds I knew when I was that age, I’m dubious that there’s any sort of deep level of understanding.)
It’s not just user agreements where children are vulnerable, however. The issue of consent arises as well from the online presence that’s generated for them before they can even consent to it. Nowadays, by the time someone turns 18, there’s already thousands (if not tens of thousands) of pieces of media including them. And much of it they won’t have consented to having online. Don’t companies have responsibilities to these new adults to remove all previous content that was posted without their consent?
The world revolves around data. Increasingly that data is being controlled by a few powerful entities. The internet was designed so as not to be owned by anyone; it was supposed to be a beautiful anarchic utopia. Ironically, the internet has been used by a small handful of companies to own data about everyone and everything in the world. Instead of a pseudo-anarchy, the internet produced a pseudo-tyranny.
But people are starting to push back and for good reason. The abuses of data, from breaches to profiling to political manipulation, have made more and more people wary of how their data is being collected and processed. Hopefully in the near future we’ll see a pushback against the expansion of big data and the datafication of life in general. Technology as a whole needs a good pushback.