Earlier this month, Olivia was on an IT Pro panel at the Mindshare UK Huddle discussing the value of data, together with Tim Danton (editor of IT Pro), Chloe Grutchfield (co-founder of RedBud) and Tom Cheesewright (applied futurist).
The panel discussed the ‘tricks’ that organisations play to get hold of someone’s data or to gain consent to its use, for example by only explaining things in the small print, or making it appear that consent is the only option. Olivia commented on the differences between terms, privacy notices and consents, and explained that if someone is tricked into giving a consent, such consent is unlikely to be valid.
The panel discussed the market value of data, and how much someone might be paid for their data (and Tom and Chloe provided some useful facts and figures). Olivia raised that, whilst data is given value, it cannot be legally owned as such. A range of intellectual property rights can give protection to collections of data, and data protection laws give rights to individuals on how data is used. Value is certainly attributed to data, for example, the ICO has recently requested stronger powers to take action against criminals who steal and sell data.
Data protection rights (under the GDPR) include the right to data portability and the right to erasure, although these are not blanket rights – they only apply in some circumstances. In particular, if an organisation has a legitimate reason to retain certain data, and is complying with other data protection rules, it may continue to hold that data. In practice, some data sets may be retained after an individual leaves, for example, Facebook. The panel discussed what data may be retained by tech companies and how data protection laws may apply. The difficulties with anonymisation, and the concepts of data repositories and data trusts, were also touched on.
The panel commented on whether the GDPR was (yet) having its intended effect to protect data, considering attitudes of companies and regulators to compliance and enforcement. There was also some debate over whether individuals care about how their data is being used.
The panel discussed whether we are moving towards a model of data ownership and a market for individuals to sell their data in the future. Olivia raised ethical issues surrounding the buying and selling of personal data: data protection derives from privacy and human rights laws, so could trading of personal data infringe on those rights? Might poor or vulnerable individuals be forced to sell their data? Similarly, big tech companies may be able to afford data, but smaller companies whose use of data has a public benefit (such as health organisations), may not be able to afford it. Also, if an individual sells their data, how would this fit in with ongoing data protection rights? These types of concerns would need to be addressed before treating data like cash.
IT Pro’s report of the Huddle is here.
Olivia Whitcroft, principal of OBEP, 26 November 2019
This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details