A strong global trend in data handling regulation is taking shape, typified by the EU’s General Data Protection Regulation (GDPR). While many countries outside of the EU are just beginning their serious conversations about their new laws (including the United States), some states and localities are forging ahead on their own. One of the main trailblazers is California. The state is not only set to implement a “GDPR lite” bill in 2020, but also now has a proposal on the table to force big tech companies to create a digital dividend fund to share revenue from any personal data monetization.
California Governor Gavin Newsom used his most recent State of the State Address to introduce the idea of a digital dividend scheme for some of tech’s biggest names, which would enable Californians to ” … share in the wealth that is created from their data.” Newsom framed it as a general idea rather than enumerating any specifics, but did mention that he had already directed a team to develop a proposal.
The State of California
As home to Silicon Valley and the headquarters of many of the biggest names in tech and “big data”, California is uniquely positioned to deploy such a revenue sharing system.
Fortune 1000 tech companies based out of the state with business models that might be the focus of such a data monetization law include Adobe Systems, Apple, Facebook, NetApp, and Google parent company Alphabet.
Newsom’s proposal dovetails with two emerging trends seen both in California and across the United States as a whole: an increased demand for transparency and oversight in the handling of personal digital data, and increasing concerns about income inequality and propositions for government involvement in wealth redistribution. The California-based digital advertising companies that such a law would impact are among the world’s largest in terms of revenue; Facebook brings in over $55 billion USD per year, while Google brings in over $100 billion.
Data monetization and the rules of ownership
In Europe, the GDPR has formally tied the concept of data privacy to fundamental rights of personal privacy. As it stands in both California and the United States in general, this is not the case. United States law only addresses privacy rights when the data assets are being handled by companies in certain industries, such as health care and financial services.
Outside of those exceptions, companies are free to collect valuable data with a simple notification. In most cases, transmission of the data and use of the site or service is considered implied consent to collect and use this information in a variety of ways, including data monetization. And there is nothing approaching the “right to be forgotten” in the GDPR that allows individuals to request removal of their information from data sources at any time.
That essentially makes companies the de facto owners of data once consumers give it to them.
This data is not only an immensely valuable asset (as demonstrated by the rapid rise of Facebook), but also a constant threat to consumer safety and security that needs to be managed appropriately. As numerous recent data breaches demonstrate, that asset is not always being appropriately secured.
Colin Bastable, CEO of security awareness company Lucy Security, feels that the digital dividend proposal is only the beginning of leveling the playing field for the benefit of consumers:
“I’m glad that politicians are taking this issue seriously – but we need to go further. Consumer data is digital gold, and its value is at the heart of the cybercrime wave engulfing American consumers. FAANGs (companies like Facebook, Apple, Amazon, Netflix and Alphabet’s Google) and hackers alike are appropriating and abusing consumer data.
As I have proposed before, consumers should have lifetime ownership of their data, and we need politicians to enshrine this ownership in law. Any organization seeking to monetize consumer data should annually obtain consent to do so, and should share the gross profits of selling such data on a fifty-fifty basis.
Furthermore, we need the Federal government to regulate the license terms by which companies offer their software and services. Onerous terms should be outlawed, and primacy of the consumer’s rights should be established. We live in a world where software drives most technology with which we interact, and unfair terms are imposed on consumers by default. These are cybersecurity issues.
Only governments and lawyers benefit from GDPR-type fines levied on organizations that are hacked or are careless with consumer data. By giving American consumers lifetime ownership of their data, we would give consumers rights under the civil law to sue for lost income, as well as for privacy breaches.”