What are the Priorities for Data Protection and Privacy Officers in 2020?    
Image of a fruit market representing the idea of who owns my data and whether data can be sold
Who Owns My Data

Who Owns My Data?

Consumers are slowly becoming both more conscious and doubtful about the ownership of the data that they generate.  As more enterprises start utilising user-generated data for so-called target marketing, more consumers have begun questioning the unfairness in the distribution of profit that is earned by enterprises who commercialise the user-generated data.  This question has also led these same consumers to think about the very essence of privacy.  Is privacy just about the right to be left alone? Or, might it include the right to sell one’s own data?  Further thoughts on these two different notions are set forth below.

Privacy ecosystem

As highlighted by renowned security guru Bruce Schneider in his book “Data and Goliath,” consumers of this era may not be the true owner of the data they produce every day.  It is becoming more and more common for enterprises, allied with advertising companies, to use their customers’ personal data to conduct more personalised marketing targeted towards their customers.  Well-known players who engage in such practice include, among others, finance companies, telecommunication service providers, and Internet service firms.  In other words, a massive ecosystem exists out there with “user-generated data” as the primary source of income and foundation of their business model.  Search engines and SNS giants are already mature players in conducting intelligent “target marketing,” which utilises users’ (and visitors’) behavioral patterns such as page views and conversions.  Although such technology has existed for a while, the majority of users still become excited when an advertising pop-up regularly appears on the corner of the browser containing captivating pictures of the dream holiday spot that they raved about with friends and when noticing how reasonable the prices are.  Meanwhile, more and more customers have also become aware of the existence of a “privacy ecosystem,” and have started demanding their share of the profits that were generated from utilising their personal data.  In Korea, one of the biggest domestic retailers is the subject of litigation claiming that, inter alia, it failed to disclose that customer data would be transferred to other third parties in exchange for monetary compensation when obtaining customer consent for such transfers.

Right to be let alone vs. Right to sell own data

Privacy advocates may argue that the ‘right to be let alone’ is a fundamental human right to be protected as a matter of dignity when raising their voices and initiating reward-claim actions against privacy-invading ad campaigns. However, not everyone believes in the customer’s ‘right to be let alone’ as a valid argument for such reward-claiming, as many others view it as an abuse of the customer’s “right to sell his/her own data.”

Before you continue reading, how about a follow on LinkedIn?

In this ‘age of information’, personal attributes such as buying propensity, health information, emotions and even live scenes of daily routines become ‘sellables’ in addition to traditional items like labour, skill, knowledge, products and ideas.   The problems arise when such new ‘sellables’ are likely to be by-products of other goods and services exchanged between enterprises and consumers – many of which seem to be beyond the original scope of the goods or services exchanged between them.  What makes matters worse is that the relevant laws and regulations have not kept pace with the rapid development in technology and the changing landscape of related information industries, thereby making it difficult to rely on legal measures to effectively resolve such disputes.  Given that the arrival of more privacy-threatening technologies such as IoT and self-driving cars are just around the corner, chances are someone will be even more likely to capture, analyse and produce meaningful outputs using a person’s daily patterns of movement or likes and dislikes, gleaned from the person’s social media accounts.  Consumers’ sense of discomfort will only increase upon realising that they authorised such invasions when they unwittingly signed a consent form full of opaque technical and legal terminology.

Good news and bad news

The good news for consumers is that more businesses are becoming aware of the consumers growing demand for dividends on their data, and are planning to design monetary reward programs and the like. According to Accenture’s 2015 study1 on the value of personal data, about 50% of businesses are developing strategies for potentially increasing the benefits customers receive in exchange for sharing their data. The study urged companies to “shift from a one-way data-collection mindset to a two-way transaction or fair value exchange mindset” in order to implement the principle of “digital equity.” As expected, with good news always comes with a healthy helping of bad news. The potential downside to these monetary reward programs is that the companies may think of them as “season passes” and abuse the programs to make the most out of the deal, for instance, by trading personal data behind the customers’ backs without consent or beyond the scope of what the customers initially consented to. It is without any doubt that more efficient utilisation of customers’ personal data will enhance the ability of companies to offer better services. Nevertheless, it is also crucial for businesses to remember that monetary reward programs were conceived as a by-product of the broken trust between customers and the company. Once the reward programs are offered, customers are likely to hold such offering companies to higher standards of compliance with fair trade principles and more rigorously monitor for any cases of abuse. As such, businesses will be eventually pushed to uphold most of the data management principles and best practices. In sum, enterprises must endeavor to maintain all conditions of privacy, including transparency, legitimate purpose and proportionality, with an increased level of care. Whether or not an enterprise decides to adopt such monetary reward programs, it may not be long before they become an irreversible trend.

If you own your #privacy and personal data, can you sell it instead of companies taking it for free? Click to Tweet

 

1  Guarding and Growing Personal Data Value, 2015, Institute for High Performance, Accenture

 

Head of Data Protection and Privacy Practice at Lee & Ko

Leave a Reply

Please Login to comment
  Subscribe  
Notify of

Enjoyed the article?

Get notified of new articles and relevant events.

Thank you for being a part of the CPO Magazine community.

Something went wrong.

Before you go ...

How about giving us a follow? lang: en_US Or let us notify you of new articles and relevant events.

Thank you for being a part of the CPO Magazine community.

Something went wrong.

 

Follow CPO Magazine