Why it's so hard for users to control their data
- 1. Why Itβs So Hard forUsers to Control Their Data by ο· Bhaskar Chakravorti January 30, 2020 Peter Crowther/Getty Images A recent IBM study found that 81% of consumers say they have become more concerned about how their data is used online. But most users continue to hand over their data online and tick consent boxes impatiently, giving rise to a βprivacy paradox,β where usersβ concerns arenβt reflected in their behaviors. Itβs a daunting challenge for regulators and companies alike to navigate the future of data governance. In my view, weβre missing a system that defines and grants users βdigital agencyβ β the ability to own the rights to their personal data, manage access to this data and, potentially, be compensated fairly for such access. This would make data similar to other forms of personal property: a home, a bank account or even a mobile phone number. But before we can imagine such a state, we need to examine three central questions: Why donβt users care enough to take actions that match their concerns? What are the possible solutions? Why is this so difficult? Why donβt usersβ actions match their concerns? To start, data is intangible. We donβt actively hand it over. As a byproduct of our online activity, it is easy to ignore or forget about. A lot of data harvesting is invisible to the consumer β they see the results in marketing offers, free services, customized feeds, tailored ads, and beyond.
- 2. Second, even if users wanted to negotiate more data agency, they have little leverage. Normally, in well-functioning markets, customers can choose from a range of competing providers. But this is not the case if the service is a widely used digital platform. For many, leaving a platform like Facebook feels like it would come at a high cost in terms of time and effort and that they have no other option for an equivalent service with connections to the same people. Plus, many people use their Facebook logins on numerous apps and services. On top of that, Facebook has bought up many of its natural alternatives, like Instagram. Itβs equally hard to switch away from other major platforms, like Google or Amazon, without a lot of personal effort. Third, while a majority of American users believe more regulation is needed, they are not as enthusiastic about broad regulatory solutions being imposed. Instead, they would prefer to have better data management tools at their disposal. However, managing oneβs own data would be complex β and that would deter users from embracing such an option. What are the possible solutions? One solution is to create mechanisms that give users direct ownership of their data. There are many proposals jostling for attention. Legislative fixes: Some internet observers believe that the only way to fix the problem is through a comprehensive privacy bill or meaningful, large-scale regulation of Big Tech. Europeβs General Data Protection Regulation (GDPR), which is arguably the most comprehensive legislative measure thus far, offers provisions for data portability, giving citizens greater digital agency. However, the European solution has left many dissatisfied with the lack of practicality associated with the rules. As of January 2020, the California Consumer Privacy Act (CCPA) brings a version of GDPR to the U.S. California residents β and, by extension, residents in other states in many cases, as companies adopt the same standards nationally β will have the right to know what data of theirs has been collected, delete it and stop their sale to others, among other things. The U.S. also has several other bills under consideration. Sen. Mark Warner (D-Va.), Sen. Richard Blumenthal (D-Ct.) and Sen. Josh Hawley (R-Mo.) have proposed the ACCESS Act that would mandate that social media platforms with over 100 million users in the U.S. offer users a way to easily move their data to another service. The bill would create conditions for users to retrieve their personal data in a structured and machine-readable format, while the tech companies maintain the necessary interfaces that give access to this data to competing platforms. Hawley and Warner have also co- authored the DASHBOARD Act, which would require data collecting platforms to be transparent about what data is being collected on users and how it is being monetized. There is also an βOwn Your Own Data Actβ in the U.S. Senate, giving users βan exclusive property right in the data that individual generates on the internet,β a cause that has been adopted by Democratic presidential contender Andrew Yang. Another Democratic presidential contender, Elizabeth Warren, has called for an outright breakup of Big Tech, which would increase usersβ ability to negotiate greater data agency. Big Tech-led Initiatives: The tech companies are attempting to get ahead of the surge of concerns and legislative action and define the ground rules before regulators set them. To be sure, the companies have also been given a prod by the right to data portability requirements under statues like GDPR and CCPA. Facebook has
- 3. a white paper on data portability, while Google has a facility that allows users to download their data. A challenge remains in that data portability just isnβt practical or easy for most users who want a fast way to switch between platforms. To address this, Facebook, Google, Microsoft, Twitter, and Apple have launched a collective initiative, the Data Transfer Project, to move data between platforms without having to download or upload user data; however, progress on the project has been slow. Ideas from the Wider Expert and Business Community: Some of the ideas from the wider business community are conceptual, but intuitive because they use recognizable analogies, which makes them worthy of our attention. For example, the musician, will.i.am, has proposed a concept called βidatityβ, combining identity and data as a human right with users being eligible for compensation for transferring it to others. Researchers Eric Posner and Glen Weyl have argued for data to be treated as βlaborβ and have advocated for mechanisms such as βdata labor unionsβ to collectively bargain with tech companies over payments for access to data. Extending the analogy, they also call for a βminimum data wage,β that is equivalent to a standard minimum wage argument but applied to a guaranteed basic compensation to users for producing useful data. Others, such as the journalist Rana Foroohar, have floated the idea of a public data bank, regulated by elected governments along the lines of the βcivic data trustβ being considered by Toronto for Googleβs Sidewalk Labs or data trusts being proposed in general as the concept of a legal trust being applied specifically to the securing of data. And there are entrepreneurial opportunities. Engineer and World Wide Web inventor, Sir Tim Berners-Lee, launched a startup predicated on the idea of data ownership, where users store their data in a personal data βpod.β Users can give or revoke permission to individual apps to read and write to their personal pods. Indian entrepreneur, Nandan Nilekani, a champion of βdata democracy,β argues that Indiaβs technology infrastructure, with his brainchild, the unique ID system, Aadhaar, as a foundation, gives India the unique ability to empower every resident with her own data. Many Indian banks are taking this forward by preparing to give consumers access to their financial data so that they can directly share it to apply for credit, investment products, or insurance, bypassing the credit ratings agencies as gatekeepers or the lack of credit histories as barriers. This initiative will use third-party mediators and is backed by the countryβs central bank. The list goes on. The startup Streamr, which provides infrastructure for users to collectively monetize their data, has an app, Swash, which aims to facilitate a βdata union.β Yet another venture, Ocean Protocol, intends to facilitate digital agency through a self-managed distributed ledger framework of blockchain. Despite this multiplicity of ideas, weβre no closer to truly meaningful change. Why is data governance so hard? Data, unlike other forms of personal property, is just plain complicated. Any workable solution would need to manage the following 10-point checklist at a minimum: Define what constitutes the personal data to which a user has exclusive rights. For example, a personal photo may contain a picture of a friend tagged by the user. Moving that data could violate the friendβs privacy. Alternatively, a userβs click-trail tracked by a platform reveals the userβs preferences
- 4. based on the platformβs analysis. At what point does that revelation become the platformβs intellectual property? 1. Establish criteria to demarcate personal data, anonymized data and third-party data. To see why this can be difficult, even anonymized data when linked can reveal personally identifiable information; an algorithm was shown to identify 99.98% of Americans by knowing as few as 15 demographic attributes per person. Alternatively, if a userβs data links to third-party data deemed harmful or false, can the user remove it without violating the third-partyβs free-speech rights? 2. Create a transparent β market based β and universally accepted system of valuing data and compensating users accordingly for trading data. The compensation could be in the form of a tailored service or monetary compensation, while some data may not be tradeable at all. 3. Define standards for how the data is stored, moved, or accessed inter-operably across different digital platforms. 4. Establish criteria to evaluate the tradeoffs between many needs: inter-operability, privacy, cybersecurity. Ease of inter-operability, for example, could also reduce cybersecurity. 5. Establish criteria to evaluate the trade-offs between personal data and the use of aggregated data as a βpublic goodβ β for training algorithms for societal use, fraud-detection, public safety, flagging fake news, etc. 6. Mitigate the transactions costs of negotiating with multiple parties whenever a platform needs multiple data sources, e.g. location data needed for a ridesharing app. 7. Mitigate the risks of bots or malicious actors from taking advantage of compensation for access to data. For example, Microsoft experimented with paying users for data, and bots β with no usable information β exploited the system. 8. Make it easy to move data across platforms, without expecting the user to be a technology expert. 9. Anticipate unintended consequences of changes as fundamental as transferring the control and management of data from Big Tech βprofessionalsβ to the βregularβ users. As the multiplicity of solutions and the checklist above suggests, finding a workable digital agency solution is daunting. While users are not abandoning digital platforms, they are the proverbial frogs in steadily warming water. Company leaders, pundits, and politicians fuel the fire with rhetoric, but ultimately thatβs not getting us anywhere. It is time to give users more rights of digital agency and figure which parts of the data checklist are most practical, scalable, and sustainable. If consumers help demand it, we can find forward-looking solutions that draw upon the wealth of ideas on the table before the water boils over.
- 5. Bhaskar Chakravortiis the Dean of Global Business at The Fletcher School at Tufts University and founding Executive Director of Fletcherβs Institute for Business in the Global Context. He is the author of The Slow Pace of Fast Change.