Who Owns Your Data? Is That Even the Right Question?
Who owns your data is actually the wrong question to ask. The better question is what are others able to do with information about you?
You may have heard the saying “data is the new oil”. Various kinds of data can indeed be valuable and useful. Where that goes off the rails is when that data is about you. While privacy laws have a notion of consent or reasonable use for information that is connected to us personally, it’s not always that simple.
This issue gets complicated and messy. Here are some things to ponder:
-
Cars know increasing amounts of information about their drivers. It is not unusual for automakers to claim they own the data generated by “their” cars. How much choice do we really have about that?
-
Clearview AI has scraped billions of face images from various online sources and is selling a facial recognition service to law enforcement. Combine that with increasingly ubiquitous cameras. You may have put your picture on your social media profile – but did you agree to it being harvested into a massive database so you could be tracked and identified everywhere?
-
Amazon Ring video doorbells have been marketed with police departments to create neighbourhood surveillance. Sounds disturbingly Orwellian.
-
Automated license plate readers are fine when they flag wanted plates for police, but are not fine when they retain plate numbers of all traffic like some police forces in the US do. And it’s even worse when license plate reader systems are sold to neigbourhood watch programs. I don’t recall consenting to any of that.
-
Service providers often tell us they will only use anonymized data for uses beyond strictly providing their services to us. But simply removing our names or account numbers is often not enough. It is amazing how easy it can be to re-identify info in databases that have been anonymized.
The question that needs to be asked more often is whether we should be doing some of these things just because we have the technology?
I quite agree that ownership is the wrong lens to look through. Capabilities are a better one, as they expose what use can be made of your data.
A third might be rights: I “own” myself, my body, but I cannot sell myself or my offspring into slavery, because ownership is overridden by a system of rights enshrined in law.
– A car may belong to me or to a third party, but does another party have a right to information about how I use the car? If they do, is it limited to regulated uses, like reporting annual mileage to an insurer?
– a pacemaker is similar: there are loud debates about whether the person in which it is embedded has a right to view the data about their heart, collected by the device.
– facial recognition has a known, irreducible and sometimes startling large margin of error. Who has the right to use a flawed and biased process to carry out tracking that normally requires a court order?
– security cameras, plate readers and video doorbells collect information from the public domain, but are then used for private and sometimes harmful purposes. Who had the right to convert that data to that end?
– service providers attempt to use private data for statistical purposes, but publish data that is in fact private, unsuccessfully obfuscated. Who has the right to do that?