Do You Know Where Your Personal Data Is?

A recent intellectual property and licensing conference got me rethinking about the ownership of personal data. I say “rethinking” because I assumed that ship sailed long ago with Big Data Inc.—Google, Facebook, Microsoft, etc.—securely at the helm.

After all, most of us have turned over the rights to our personal information a long time ago in exchange for convenience, thereby helping create a multibillion-dollar economy that trades on that information. There are a handful of businesses, such as Datacoup and Meeco, designed to help consumers sell, barter or manage the right to use their personal information. They have been lauded among privacy advocates, but have done little to put a dent in Big Data, Inc.

So, why am I now rethinking who owns the right to use consumer data? And what does it have to do with licensing and IP?

There are several reasons and they begin with the well-known concerns about data security, which are naturally coupled with privacy. With the fledgling Internet of Things (IoT) market and autonomously driving cars no longer in the realm of science fiction, it doesn’t take much imagination to conjure up catastrophic consequences from security breaches that go beyond garden-variety identity and e-mail theft.

The quest for better encryption technology is on. One technology—blockchain technology (best known for bitcoin encryption)—is getting attention for both its security and rights-permission abilities. It allows for the handling of encrypted transactions with clear rules/permissions (blocks of data that are chained together) and these transactions do not include middlemen (or presumably data brokers). It also creates “shared ledgers” so that every party within a transaction has secure access to all information regarding the asset. At this point, the technology is being used mostly for business-to-business applications, such as executing and tracking transactions within supply chains.

But could it be used, for example, within a home network where the asset is personal information and consumers might favor one service provider over another based on who gives them the most favorable terms for their asset? Would providers of bundled Internet, voice, security and video services be able to offer discounts to consumers based on access to specific data that the service provider most values? Or, would providers trusted by consumers to properly and securely handle their information have a competitive advantage? It seems as if blockchain technology could couple security with asset transfer to provide options for personal-information use. Whether it’s feasible from a business perspective is an entirely different matter.

One of the conference panelists at the Big Data and IoT session posited that there’s a school of thought that “consumers will own their data in the future because relationships with providers will be built on trust.” The idea is that with blockchain technology data could stay within the home and be analyzed there, not in the cloud and not sold to data brokers. Interesting idea.

But, even if a seamless technological and transactional solution can be implemented, why would consumers—who have willingly and reflexively given away personal information—insist on better terms for the use of their data now? One answer may be that because consumers may see the stakes as much higher as we transmit/store sensitive bio medical information (more sensitive than heart rate and the number of daily steps taken), or because of data breaches that may cause bodily harm.

It’s a tall order—one that would require a massive cultural shift. Government regulation can sometimes impact such a shift. EU regulation, for example, goes farther than does U.S. regulation in restricting how personal data can be processed. In April 2016, the EU passed Regulation 2016/679, which strengthened data protection for individuals across the EU. Recently, the U.S. FCC voted in a requirement for ISPs to get their customers’ permission to share their personal data from web and app use to third parties for marketing purposes. Critics say that these regulations have sufficient loopholes to keep personal-data use at status quo. That may be true, but it’s possible that these are starter events in a future cultural shift.

After all, if viewed through the lens of property rights, protection of property is generally regarded as a basic human right. It’s highly unlikely that people will starting shutting down their Facebook accounts because they don’t think they’re getting a good trade on their asset. But it is reasonable to at least ponder that attitudes might change if personal data breaches can be used to cause serious bodily or community harm.