How much data is enough data for your IoT application?
Think about what it means to say that Smith owns his car. It means that Smith may control – broadly speaking - what happens to the car. He may for example control whether the car is used by Jones, whether the car is destroyed, sold to others etc. It also means that if Jones uses the car or destroys it against Smith’s will, then he owes Smith compensation. The idea behind The Principle of Data Ownership is that ownership over personal data works almost the same way.
There are two crucial differences between ownership over tangible objects like cars, and intangible objects like data: Smith can sell his data to Jones, without Smith losing the data. But he cannot sell his car to Jones without losing it. And, if Smith uses his car, it will eventually be worn out. But, that is not the case with Smith’s data.
In legal contexts, there are often no mentions of data ownership. Instead, a "right to control" data is often referred to. We believe that people´s rights over personal data should – by default - include more than that, such rights to use, delete and transfer. For that reason, we prefer the term "data ownership".
Imagine the following: Smith is talking with a friend about a product that he wants to buy, and shortly thereafter, Smith sees advertisement for that product on social media. The microphone in Smith’s smartphone has been turned on by companies in order to listen to what Smith might be likely to buy in the near future. According to the Principle of Data Ownership, the company is stealing Smith’s data in this case, unless he gave explicit informed consent beforehand.
"At Seluxit, we believe that people own data about themselves, and have the right to control what happens to their data. This is the first principle in our code of data ethics, and we call it The Principle of Data Ownership."
One reason we endorse The Principle of Data Ownership is that it allows for data markets in the future. In order to buy and sell things on a market, these things need to be owned. At Seluxit we are in the process of developing a data market, where people can buy and sell data collected through their IoT devices. These devices will produce data that is not strictly speaking personal. But in order to buy and sell these data, people need to own them.
Another reason for why we endorse the principle, is that the opposite would decrease the value of data. For example, once companies know that Smith bought a vacuum cleaner, the value of information that he searched for one on the Internet decreases. If Smith owns data about him, he might be able to sell the data on the market at a higher price.
Suppose that Smith has just sold some of his IoT-data to Jones. Does this mean that Jones and only Jones may now decide what happens to the data? Not necessarily. Depending on the specific contract, Jones might only have bought the right to use the data in certain ways, and for a certain period of time. In that case, the ownership that Jones now has over the data, would often not include the right to sell the data to third-parties. Data ownership does thus often – in practice –work more like a license.
There are at least two obvious objections to the Principle of Data Ownership.
The first is this: If Smith owns data about himself, then it implies that Smith’s property rights are being violated all the time, when he for example walks down the street and Jones can see Smith’s hair color, approximate age etc. For that reason, we think that ownership over personal data is often waived when people voluntarily choose to make the data in question public.
>The second objection is this: If Smith owns data about him, then the state violates Smith’s property rights all the time, when they gain access to Smith’s information about income, medical history, criminal history etc.
Our response to this objection is that Smith’s property rights are in fact violated in all of these cases. However, certain societal benefit may trump Smith’s property rights over these personal data. For example, in order to protect children’s right to safety, it may be necessary to collect criminal histories of prospective kinder garden teachers.
There are many more grey-area cases like these, challenging The Principle of Data Ownership. We are happy to receive suggestions about how to adjust this principle.
So what exactly is Seluxit doing about data ethics? Seluxit has taken the initiative to employ a PhD student in the field of philosophy with a specialization in ethics, and is writing a collection of principles of data ethics.
These principles have general application but stem from questions that arise in our daily work. The principles will serve to guide the decisions we make in our work. The principles, which can be browsed here on our website, are being published in a series.