I’ve recently seen a lot of excitement around data trusts and other alternative data governance approaches. There is some excellent work being done (for example, the Mozilla Foundation’s recent study), but there is also a chorus of naive claims on social media that we should all own or get paid for the use of our data. Usually the confusion stems from a lack of clarity around what the writers mean by “data”.
The appeal is easy to see: if it’s “my data” I should “own it” and getting paid for it sounds great. But “data” is not just things like my favorite color or my pet’s name. Even defining “my data” is nuanced in many important cases. If you own a grocery store, are you allowed to count how many liters of milk individual customers buy, or does that data belong to them? If you use a search engine, among the most valuable data you provide is which results you click on after making a search. If you go to a library, should the library not be allowed to keep track of which books you’ve taken out?
That’s not to say that a library couldn’t choose to use a data governance approach that ensures that data on which books are checked out is only used in the interests of its patrons. And it’s similarly possible for any data company to choose an alternative data governance model.
Critically, however, a change in data governance would not magically solve the problem of data being used to manipulate users and drive social division, it simply shifts some of the responsibility to whoever (depending on the governance model) owns the data. This may be an improvement, especially if the body is not accountable for profitability of the company collecting the data, but the dangers are complex and subtle.
Ultimately, applying data (as in modern online services) has social consequences that are poorly understood. Regardless of governance models, and regardless of who, if anyone, is paid for use of the data, we need thoughtful regulation to protect society from the misuse (or malicious use) of our data.