States and companies collect huge amounts of data about you, not always with your consent. Is that OK? Or do you have the right to control who has access to your data?
So what exactly is Seluxit doing about data ethics? Seluxit has taken the initiative to employ a PhD student in the field of philosophy with a specialization in ethics, and is writing a collection of principles of data ethics.
These principles have general application but stem from questions that arise in our daily work. The principles will serve to guide the decisions we make in our work. The principles, which can be browsed here on our website, are being published in a series.
At Seluxit, we believe that people own data about themselves, and have the right to control what happens to their data. This is the first principle in our code of data ethics, and we call it The Principle of Data Ownership.
Think about what is means to say that Smith owns his car. It means that Smith may control what happens to the car. He may for example control whether the car is used by Jones, whether the car is destroyed, sold to others etc. It also means that if Jones uses the car or destroys it against Smith’s will, then he owe Smith compensation. The idea behind The Principle of Data Ownership is that ownership over data works almost the same way.
There are two crucial differences between ownership over tangible objects like cars, and intangible objects like data: Smith can sell his data to Jones, without Smith losing the data. But he cannot sell his car to Jones without losing it. And, if Smith uses his car, it will eventually be worn out. But, that is not the case with Smith’s data.
The fact that Smith can sell his data to Jones without losing it, has caused some people to think that Smith should not be allowed to own the data in the first place. If Jones can have the data, without Smith losing, then Jones should be allowed to have it too.
Most people agree, though, that this is not be the case with personal data. Just because Smith does not lose his data about, say, a chronical disease of his, if he sells it to Jones, it does not mean that Smith should not be able to own these data, and exclude Jones from having access to them.
It is important to remember that the more data Jones has about Smith, the easier it is for Jones to manipulate Smith. For that reason, we think it is important that Smith has the right to control whether Jones has access to Smith’s data. And that right is best granted through ownership.
Imagine the following: Smith are talking with a friend about a product that he wants to buy, and shortly thereafter, Smith sees advertisement for that product on social media. The microphone in Smith’s smartphone has been turned on by companies in order to listen to what Smith might be likely to buy in the near future. According to The Principle of Data Ownership, the company is stealing Smith’s data in this case, unless he gave explicit informed consent beforehand.
One reason we endorse The Principle of Data Ownership is that it allows for data markets in the future. In order to buy and sell things on a market, these things need to be owned. At Seluxit we are in the process of developing a data market on our platform Wappsto, where people can buy and sell data produced through their IoT devices. These devices will produce data that is not strictly speaking personal. But in order to buy and sell these data, people need to own them.
Another reason we think that people should have property rights over data about them is the opposite would decrease the value of data. For example, once companies know that Smith bought a vacuum cleaner, the value of information that he searched for one on the Internet decreases. If Smith owns data about him, he might be able to sell the data on the market at a higher price.
An obvious objection to the principle could be this: If Smith owns data about himself, then it implies that Smith’s property rights are being violated all the time, when he for example walks down the street and Jones can see Smith’s hair color, approximate age etc.
For that reason, we think that ownership over personal data is often waved when people voluntarily choose to make the data in question public.
Another objection could be this: If Smith owns data about him, then the state violates Smith’s property rights all the time, when they gain access to Smith’s information, such as information about income, medical history, criminal history etc.
Our response to this objection is that Smith’s property rights are in fact violated in all of these cases. However, in such cases, there are often overriding societal benefits trumping Smith’s property rights over these personal data. For example, in order to protect children’s right to safety, it may be necessary to collect criminal histories of prospective kinder garden teachers.
There are many more grey-area cases like these, challenging The Principle of Data Ownership. We do not have an answer for all of them.
But, the default should be that data about you is yours.