Personal Data: The Business, Technical, and Legal Challenges

Summary Notes of Event 

Hosted by MyData

 

13/03/19 @ The Open Data Institute 

 

Topics of talks:

  • The Hub of All Things (Speaker: Jonathon HoltbyHATDEX)

  • Economics of Personal Data: How to Fix a Broken Market (Speaker: Benjamin FalkYo-Da)

  • Bottom-Up Data Trusts (Speaker: Sylvie DelacroixBirmingham University)

Event Description:

(www.hubofallthings.com

 

Topic of Data Portability and Mobility is covered in the CTRL Shift report for DCMS: 

 

A HAT (Hub of All Things):

  • is a microserver:  

    • a database wrapped with microservers that is a person’s own. They own the rights to their data in their HAT. 

  • are open source, contra social logins e.g. Google.

  • You can use an app to see your own HAT.

  • HAT owners can copy their data from across the internet into their HATs using a Data Plug.

    • This works via Subject Access Requests

    • Once inside the HAT, the data is legally theirs

    • The Data Plugs don’t see or hold the HAT data.

      • One Q: How does data ownership work when it comes to social or shared data e.g. payments between two people?

        • Distinction offered between ownership and rights.

    • Data Debit takes snapshot of HAT data to give to 3rdparty software/services.

      • Does the process get rid/delete the data elsewhere or merely copy it? Is it just for your viewing pleasure and convenience or does it collect and centralise all your data from various sources?

        • GDPR’s ‘Right to be forgotten’ allows this, but perhaps a suggestion for an automated service along with Data Plugs

Hub of All Things:

  • Personal Data is information.

    • Like a book, or newspaper, we publish about ourselves for AI to read.

      • Should they pay us for this?

  • We’re effectively publishers and our content/information copyright is being infringed.

    • This is a governance issue, not a tech issue.

  • We need to redesign incentive structures in the informational markets

  • Informational goods:

    • High fixed costs; low reproduction/variable costs

    • Economies of scale and scope

    • Experiential

    • Non-excludable (cannot be kept secret)

    • Non-rivalrous (re-usable without diminishing returns)

    • Externalities both positive and negative

 

At the time of the Gutenberg/printing press revolution, there was no copyright law but after it there was a need to incentivise authors to publish in the face of mass unauthorised re-prints. This led to patents and intellectual property, and when used in Italy, eventually lead to the Renaissance.

 

Currently, personal data is not governed by patents or copyright and we are in a similar situation online today as we were with publishers in the 15thCentury.

  •  This is a monitoring problem.

  • Ownership v Rights?

    • False dichotomy. 

      • GDPR gave us nontransferrable copyright to info we create.

        • E.g. Facebook gets paperback, we retain the rights.

  • Give consumers monopoly supply on data.

    • Allow them to charge for their data.

  • Balance the risks of undersharing and overproduction.

  • Consumers need a data agent – this would improve efficiency of market. 

  • Result would be to incentivise authors and lead to a similar renaissance-style revolution.

Economics of Personal Data - How to Fix a Broken Market:

Problem:

  • We’re becoming more transparent, but opacity is important.

    • Need to reverse this process.

  • Data as property rights akin to ownership of river: poor control.

    • Hard to decide how data is controlled.

 

Proposal: Data Trusts.

  • Use legal instrument of a trust to give control back to data subjects.

    • Allows us to exercise our rights (of which we’re unaware we have).

  • Analogy of people buying a freehold together and splitting it up in order to get a vote (when property was a condition of suffrage).

  • Need intermediaries between controller and subject/trusts to avoid conflict of interests.

  • Subjects could shop around between trusts based on preference e.g. maximise money, maximise security, in aid of research and common good, or balance between the three.

    • Preference can change over time. 

      • Requires data portability

      • Erasure rights

      • Access rights

      • Also needs to be secured.

        • Currently GDPR helps but is limited.

  • Data Trustees could end up being a lobbying force for their data subjects.

 

Implementation Challenges:

  • Trust law across countries

    • Easier problem, as it is generally upheld internationally.

  • Ensuring uptake of trusts

    • Harder to go from zero to a motivated and educated public who will choose a trust.

      • Solution: paternalism to begin with.

        • By default, data gets put into a data trust.

          • Need to ensure safeguards on this, most wouldn’t opt out due to laziness and lack of motivation so requires oversight and guarantees.

  • Other concerns include security and exit procedures.

Bottom-Up Data Trusts:

©2019 by AITHICS