Personal data should be protected as aggressively as copyright

Record labels and movie production companies work hard to protect their copyrights, especially when it comes to digital distribution solutions, which has resulted in all kinds of restrictions in how content can be copied, distributed and shared. They have also been very aggressive with legal action to enforce those restrictions.

Which gets me to wondering: could the same happen for personal data? Imagine that every time someone uses someone else’s personal data, they must pay for using it and must adhere to agreed-upon policies on how it can be used, otherwise they will face harsh legal action.

There are several factors changing the personal data business: GDPR and other new regulations in many countries; increasing concerns about privacy; blockchain-type solutions to distribute data and make smart contracts; and more advanced models to monetize data. It is basically a combination of changes in the legal environment, people’s behavior and Internet services, as well as emerging FinTech models.

In the content business, authorities have been very active to shut down sites that enable file sharing of music or video (see: Pirate Bay or Kim Dotcom). And currently in many countries, ordinary consumers can be sued if they download an illegal copy of a song or movie, or knowingly used a pirate streaming device. In some countries, even using a friend’s Netflix login credentials is illegal.

But what are the consequences for companies that have sold, bought or utilized data from ordinary people without proper and clear consent? Up to now there really haven’t been any. Indeed, it’s a core business model for OTT services – attract people to somehow use something for free, and then take their data and monetize it by selling it to advertisers and partners. The people whose data is being used are the product, not the customer.

One extreme and confusing consequence of this is that consumers’ personal data can be potentially mishandled by companies they don’t have accounts with. For example, I just received an email from British Airways informing me that someone had stolen payment data from their servers, including names, credit card details, and customer addresses. The email was essentially a notification and apology, with no offer of compensation or redress.

But the strange thing is that I have never created an account with BA, so I was surprised that they were storing my payment data in the first place, and confused as to why they would. A payment transaction should be just a transaction, and when they get the money, they should not keep all the details.

Turning point

It has been easy for companies to collect all this data and develop fancy ideas to use it or sell it. And to be sure, many individual consumers haven’t been too keen to protect their data, and have been willing to let companies use it in exchange for some meaningless discount points. Meanwhile, the ones who do want to protect and control their data have very limited options to hold companies who collect and misuse that data to account.

However, this year marks a probable turning point. Many point to GDPR as the linchpin, but honestly, it is just one component in this shift. It might actually be more significant that public opinion is shifting and technology is being developing to enable these changes to happen. It is also about having solutions that make it cost-effective to implement new data models.

Many companies see customer data as a business opportunity, but they might also see it as a potential liability if they (or a partner) lose it, abuse it or do anything unethical. The risks to play with data are becoming increasingly higher, even if what’s at stake is your reputation. Companies also need more and more advanced tools to utilize data all the time – simply analyzing purchase behavior to for some “best next offer” campaign isn’t a competitive advantage anymore.

Blockchain, distributed models and smart contracts are among the solutions that are changing services and data models. The same is true for local AI solutions that work for an individual consumer to find the best deals. All this together fundamentally changes services and concepts. Of course, none of this will happen overnight, but this is increasingly becoming the mission statement of a new wave of startups rather than the usual “free service in exchange for your data” model.

I have written in the past about data being the oil of the 21st century – that is to say, just as oil was an enabler for people do new things (especially drive a car), data should also enable people to do new things. Maybe we can also say personal data should be the copyright battle of the 21st century, where the individual is seen as the ‘copyright holder’ of their data (intellectual property).

We’re seeing the first indicators that this change is starting to happen. When companies understand they must respect the individual’s ownership of data as much as content companies expect us to respect the copyright of songs and movies, we will enter a totally new phase of consumer data. Only then can we say consumer data really gets the value it deserves.

The article first appeared on Disruptive.Asia.

Read more about Prifina's models to manage personal finance data.