Modern Rights – Data Agency

By: Alexis Campestre

Throughout human history there has been a battle for information in every domain of human interaction, whether on the literal battlefield, or pricing risk in the insurance markets. The better insight information provides, the better decisions that are made. It was during the Industrial Revolution in the late 18^th century, in which the pursuit of more information than your competition (or customer) became formalized into the discipline of “marketing.” Flash forward to modern day business, and terms such as “Customer Data Management” and a “Segment of One” have become commonplace due to the massive amounts of data collected on any one individual. With the advent of the internet and increasingly so with smart phones and the “Internet of Things,” the evolution of information about the individual is happening at such a rapid click (pun intended) that the concept of Data Agency (i.e., data property rights) should be more widely discussed and understood by researchers, policymakers, businesses and marketing departments, and most importantly, YOU – you, as a consumer, and You, as a human with inalienable rights.

Today, data harvesters (read: every viable modern business) can gather enough data points about a single person that the phrase a “segment of one” has been coined: the ability to adjust a customer’s experience (CX) on the fly, in real-time, using software and advanced analytics (including artificial intelligence). The marketing website, MarTechAdvisors.com, defines Customer Data Management (CDM) as a framework to effectively deliver unique, personalized, real-time, and channel-agnostic customer experiences [1]. It goes on to declare that “customers’ expectations are evolving” to demand a personalized customer experience. Yet, despite this expectation for personalized experiences, there is blowback worldwide against the infringement of individual privacy.

The General Data Protection Regulation (GDPR) became law in the European Union in 2016 with the primary goal of giving increased control to the individual over privacy via opt-in requirements, full disclosure on transference of data to third-parties, and transparency in usage, among other protective measures. In the U.S., proposed legislative pieces such as the ACCESS ACT, the DASHBOARD ACT, and the “Own Your Own Data Act” are similar attempts at data protection. In an article for The Guardian, Chris Hughes, a co-founder of Facebook, argues that government regulation is the first step in leveling the playing field in the fair distribution of the profits from data.[2]Hughes writes, “the users of digital platforms should organize not only for better protection of our data, but for a new contract that ensures everyone shares in the historic profits we make possible.” Thus, the battle for information wages. Yet, despite the push to assure privacy, individuals are somewhat inconsistent in their actions regarding privacy.

The Privacy Paradox

In a January 2020 Harvard Business Review article, Why It’s So Hard for Users to Control Their Data, Bhaskar Chakravorti explains the lack of congruity between one’s actions and one’s concerns for their privacy as the “privacy paradox.” According to Chakravorti, this lack of congruency arises because data are intangible. As a byproduct of our online and smart device interactions, we are not explicitly aware of the data trail we are leaving nor what companies are gathering those data. Evidence of this paradox is shown in Figure 1, Figure 2, and Figure 3 (Appendix) summarizing a June 2019 poll by the Pew Research Center; over 80% of Americans are “agreeing” to privacy policies monthly, while only 60% of all Americans say they have ever read a privacy policy. Of the 43% that “glance it over without reading too closely,” only 13% report having a “great deal of understanding” of what they are reading[3].

These data suggest that despite being concerned about their privacy and data protection, Americans either cannot be inconvenienced enough to actually read the Privacy Policy, or the legalese contained within is too overwhelming for the average American. Furthermore, this Pew Research Poll indicates that although Americans are concerned about their privacy, just over half of Americans (55%) are “somewhat more likely to favor better consumer tools than stronger laws to help safeguard personal data” (Figure 4 in Appendix). It is clear a new framework for individuals to have full control and easy distribution and monetization of their data property would be useful. Chakravorti argues there is a critical missing system that “defines and grants [people] ‘digital agency’ – the ability to own the rights to their personal data, manage access to this data and, potentially, be compensated fairly for such access.”

What is being done to allow individuals to regain control over their data property?

With all the debate by academics, politicians, business icons, and the press regarding data protection and privacy, this concept of data as property, or data agency, is a critical step toward ensuring that individuals have complete control over their data, from distribution, to access, to due compensation.

One attempt at creating the framework necessary to provide individuals with data agency is built on blockchain technology by the group Ocean Protocol. Ocean’s website states:

Ocean is a decentralized protocol and network of artificial intelligence (AI) data/services. Ocean does decentralized orchestration: at its core are decentralized service agreements and decentralized access control, which execute on decentralized virtual machines. This allows connection to, monetization of, and curation of arbitrary data services. On that, Ocean adds network rewards to incentivize data sharing, including privacy-preserving data commons.[4]

Seeded with funding in late 2017 and just under two years later (Nov 2019) Ocean Protocol deployed their beta test, Tethys, and deployed the Nile Beta Network, which includes service execution agreements, access control, and meta data storage using a propriety blockchain ledger. Ultimately Ocean Protocol’s goal is to provide a full permission-less data transfer platform that focuses on transparency and a balanced governance system between keepers[5], service providers, curators, and validators. Learn more about the amazing Ocean Protocol project and their roadmap on their website.

Another attempt “to restore rightful ownership of data back to every web user” is being carried out by Solid, an initiative by World Wide Web inventor Sir Tim Berners-Lee seeking to create what he refers to as “data pods”. These data pods provide the ability for individuals to interact through an API that connects to a “virtual USB” storing all of their data, thus allowing them to seamlessly determine the who, what, when, where, and how, of all their data property.

Of these two initiatives, I find Ocean Protocol’s to have the greater potential, as it combines the benefits of a secure public ledger with an incentive system to encourage engagement by providing a necessary direct link between providers (individuals) and end-consumers of data. This direct connection between providers and consumers allows individuals to quite literally “sell” their data, should they choose to do so, without fear of misuse or transference to an undesired or unknown third-party.

I am, in many ways, a walking and talking privacy paradox. On the one hand, I own a digital marketing agency that’s very lifeblood comes from analyzing digital fingerprints from many different sources, channels, and inputs to help business owners make decisions about their digital and online marketing strategies, from web design to SEO, PPC, and SEM. On blogs, webinars, phone calls, and face-to-face meetings I extoll the many virtues of a business staying personally present in the lives of customers and potential customers. With a holistic customer profile of every single one of a business’ highest value customers in hand, business owners have the deck stacked in their favor for success.

On the other hand, I take active measures in my day-to-day engagements with technology to mask my identity. I utilize a VPN, engage minimally with social media (and to my detriment, my business pages on Instagram and Facebook), often browse in ‘incognito mode’, and I use an adblocker extension on my browser.

Despite these attempts at anonymity, I have no false impressions about the extent of my information already available and the usage of this information by many different entities. I am complicit in the provision of said information. I signed up for Facebook in 2005 and my LinkedIn profile leaves no stone unturned for potential employment opportunities with tons of specific and Personally Identifiable Information (PII) about me out there for the world to see. I have provided this information to these platforms with the expectation of a personalized and valuable experience, whether staying in touch with family or making professional connections. What I do not expect is for my information to be sold to third parties without my knowledge and without due compensation.

Although not worn on my sleeve, anyone who knows me well enough is aware of my strong philosophical leanings toward the non-aggression principle (NAP) and classical liberalism. In short, I believe that a civilized and prosperous society requires private property, an unhampered market economy, the rule of common law, and inalienable individual rights.[6] Furthermore, I believe the degradation of individual rights in contrast to group rights, will always and everywhere lead society down a “road to serfdom” à la Friedrich Hayek (The Road to Serfdom 1944). To the best of my knowledge, the Austrian school of economic theory has not formally addressed the concept of data as property or data agency. I would love to read a thorough dissection of the concepts of data agency in relation to inalienable human rights by anyone with greater knowledge on the subject matter, but particularly by an expert from the Austrian School of economic theory.

Nonetheless, as the very nature of data has evolved, so should our understanding as individuals of the value of our data and recognition of the inalienable right to our data as property. For the record, I have never read a Privacy Policy.

Oh right, and the obligatory: