I wrote about new business opportunities for financial services incumbents, specifically banks, in my previous post. More notably, I posited that 1) because banks were in the Trust Business 2) they have an opportunity to expand their offerings by 3) protecting their customers’ IDENTITY and DATA much like they protect customer’s money today.
Soon after I published that post, I came across a short video by Tyler Cowen (see here) in which he discusses the importance of trust in the banking relationship. He points out that trust is made possible by a shared understanding that individual property rights exist and will be enforced by the state. A bank that takes customer money can’t just keep it, and has legal obligations to protect it. Tyler’s video reminded me the multifaceted aspects of trust and that I had only touched on the trust between a bank and its customers.
Given that I believe in how technology is and will enable individuals to utilize their identities contextually and enable them to monetize their own data, that video spurred me to think about data and identity ownership. To be clear, this post is not about exploring new business models, rather it is about understanding what data means legally to us and the implications of ownership and rights associated with data.
Our lives are increasingly defined by the electronic data stored in third party databases that is generated by day to day activities, for which limited records existed even a decade ago. Drive your car, by groceries, visit a web-site, pay a toll electronically – data is harvested, data is stored. When aggregated, these prosaic electronic breadcrumbs have massive economic value. Indeed, considering that our economies are undergoing a massive realignment and restructuring, moving away from the industrial age towards the digital age, it is easy to realize that the data and metadata we generate (about ourselves, our behaviors, our habits, our consumptions) or that of our own physical assets generate will be increasingly valuable.
And the amount of data we generate is increasing, not decreasing. If our data and our identities are already valuable today, they will be more so tomorrow. At this particular historical moment, the commercial value of consumer data is a one-way street. Once a business has your data, they may have legal obligations to you, depending on the state or country where you live (HIPPA and Graham Leach Bliley are two U.S. examples). But you don’t have a financial stake in the data. Say, (for example) that an advertiser makes money by sending an ad targeted to you because of knowledge about your purchasing preference. You’re not going to receive a commission for the use of or reliance on your data. Where does personal data fit into the framework of traditional property law? This is an admittedly broad question, but we can make some general observations. Why does this matter? Most economists – or so I hope – agree that a strong protection of property is one of the most important vectors driving economic activity and wealth creation. Western industrial capitalism is premised on the understanding that individuals have the right to enjoy their private property without fearing it being stolen or misappropriated by a third party, let alone a government.
Generally speaking, there are two types of property. Tangible property, refers to physical things, (a house, a plot of land, a car, physical cash, gold…). Intangible Property, refers to incorporeal assets (intellectual property (“IP”, copyrights, patents, trademarks), corporate good will, securities, security interests, and dematerialized investments, money, …).
So – what is “personal data”, the stuff that makes up our identities. It’s definitely intangible, but it is certainly not a dematerialized investment or money. Could it and should it be considered and individual’s IP? The answer is most probably not. Could it be a corporation’s IP? Maybe so. The lack of clarity on data and its ownership is indeed tricky.
The Merriam-Webster dictionary defines IP as “something (such as an idea, invention or process) that comes from a person’s mind”. Modern IP laws arose out of the need to protect personal creation. The printing press, mass media, the internet are technology vectors that increased the value of one’s creation. Commercial interests required strong protection and licensing laws. As such, traditional IP comes out of active creation.
Can we say the same of all the data and metadata associated with our health our payments history, our interactions with our social media/networks, our apps, our smartphones and IoT? Or are we faced with passive creation. Would these types of data and metadata be treated as IP or are they in a class of their own? My non-legal-expert view is that we are dealing with a new class of property borne out of new ways to create it, enabled by new technologies and ultimately supporting new economic activity which demands new legal constructs.
The same questions and comments apply to our Identities – physical, digital, private, health, financial.
Clarity on what personal data is leads to clarity on what types of rights can be associated with it, and to the extent there are gaps, what types of rights should be developed.
Ownership is equally important. Who owns our data? In some instances we do, in others we cede control as part of a Term of Service we barely read, and in yet others we probably wade in a grey area where those that use and monetize our data are more than content to keep the status quo and not explicitly spell out ownership.
I strongly believe data ownership frameworks need to be brought up to the level of sophistication of data privacy laws. How our data can be used, how it should be protected data is a national and international discourse our governments, the corporations we interact with and ourselves are engaged in continuously and for many good reasons. No one can use or misuse private information without prior consent, no one can handle our private information carelessly. We already have the right to digital seclusion (i can restrict access to my Facebook or Twitter identity to a handful of trusted friends, or altogether shut it completely) and are slowly gaining the right to be forgotten digitally.
Rights associated with having, owning and securing a personal identity are intertwined with self-determination, basic human rights and freedom of speech.
Up to now the sum total of rights associated with data, which I label Individual Identity Rights have not coalesced into a systemic societal issue. Too many interested parties want their hands on our data with as little friction as possible. Enterprises because of monetization potential, Governments because of their thirst for transparency and control. The early stage of the digital age have mirrored the industrial age from a centralization point of view. Large intermediators such as Ebay, Facebook, Amazon or Google have dominated – and will continue to do so for many years to come. Be that as it may, the potential of blockchain technology is enabling decentralized business models to emerge. Soon we may have the choice to conduct our private business (sharing with friends, buying, selling, creating) with a decentralized marketplace, a decentralized social network, a decentralized search engine – the list goes on. The data we generate on these platforms will be our own, and we better have ownership rights that reflect such an unequivocal fact.
Up to now the ways and frequency we have needed to produce a form of identity to gain access to a service, a product or a place has been limited. Both will increase and with them the complexity of provisioning and managing our identities. The multiple identities we will create and inhabit better have the same ownership rights that reflect how central identity will be in our post-industrial world.
Up to now we have not paid much attention to our data and have been more than content to cede its monetization to third parties in exchange for convenience or entertainment. As data will rise as one of the central vectors of our economic and social engines we will want to control and share in the wealth creation, we will demand more transparency with regards to who will use our data, for how long and in what capacity, and we better have ownership rights that reflect these value chains.
Individual property rights have been essential to wealth creation in the industrial age. Individual identity rights will be essential to wealth creation in the digital age.
I would like to thank Stephen Palley for helping me think through my arguments, providing invaluable feedback and editorial support.