10

WHY IT’S SO HARD FOR USERS TO CONTROL THEIR DATA

by Bhaskar Chakravorti

A recent IBM study found that 81% of consumers say they have become more concerned about how their data is used online.1 But most users continue to hand over their data online and tick consent boxes impatiently, giving rise to a “privacy paradox” where users’ concerns aren’t reflected in their behaviors. It’s a daunting challenge for regulators and companies alike to navigate the future of data governance.

In my view, we’re missing a system that defines and grants users digital agency—the ability to own the rights to their personal data, manage access to this data, and potentially be compensated fairly for such access. This would make data similar to other forms of personal property: a home, a bank account, or even a mobile phone number. But before we can imagine such a state, we need to examine three central questions: Why don’t users care enough to take actions that match their concerns? What are the possible solutions? Why is this so difficult?

Why Don’t Users’ Actions Match Their Concerns?

To start, data is intangible. We don’t actively hand it over. As a by-product of our online activity, it is easy to ignore or forget about. A lot of data harvesting is invisible to the consumer—they see the results in marketing offers, free services, customized feeds, tailored ads, and beyond.

Second, even if users wanted to negotiate more data agency, they have little leverage. Normally, in well-functioning markets, customers can choose from a range of competing providers. But this is not the case if the service is a widely used digital platform. For many, leaving a platform like Facebook feels like it would come at a high cost in terms of time and effort and that they have no other option for an equivalent service with connections to the same people. Plus, many people use their Facebook log-ins on numerous apps and services. On top of that, Facebook has bought up many of its natural alternatives, like Instagram. It’s equally hard to switch from other major platforms, like Google or Amazon, without a lot of personal effort.

Third, while a majority of American users believe more regulation is needed, they are not as enthusiastic about broad regulatory solutions being imposed.2 Instead, they would prefer to have better data management tools at their disposal. However, managing one’s own data would be complex—and that would deter users from embracing such an option.

What Are the Possible Solutions?

One solution is to create mechanisms that give users direct ownership of their data. There are many proposals jostling for attention.

Legislative fixes

Some internet observers believe that the only way to fix the problem is through a comprehensive privacy bill or meaningful, large-scale regulation of Big Tech. Europe’s General Data Protection Regulation (GDPR), which is arguably the most comprehensive legislative measure thus far, offers provisions for data portability, giving citizens greater digital agency. However, the European solution has left many dissatisfied with the lack of practicality associated with the rules. As of January 2020, the California Consumer Privacy Act (CCPA) brings a version of GDPR to California residents—and, by extension, residents in other states in many cases, as companies adopt the same standards nationally—who will have the right to know what data of theirs has been collected, delete it, and stop its sale to others, among other things.

The United States also has several other bills under consideration. Senator Mark Warner (D-Va.), Senator Richard Blumenthal (D-Ct.), and Senator Josh Hawley (R-Mo.) have proposed the ACCESS Act that would mandate that social media platforms with over 100 million users in the United States offer users a way to easily move their data to another service. The bill would create conditions for users to retrieve their personal data in a structured and machine-readable format, while the tech companies maintain the necessary interfaces that give access to this data to competing platforms. Hawley and Warner have also coauthored the DASHBOARD Act, which would require data-collecting platforms to be transparent about what data is being collected on users and how it is being monetized.

There is also an “Own Your Own Data Act” in the U.S. Senate, giving a user “an exclusive property right in the data that individual generates on the internet,” a cause that has been adopted by former Democratic presidential contender Andrew Yang. Democratic senator Elizabeth Warren has called for an outright breakup of Big Tech, which would increase users’ ability to negotiate greater data agency.

Big Tech–led initiatives

The tech companies are attempting to get ahead of the surge of concerns and legislative action and define the ground rules before regulators set them. To be sure, the companies have also been given a prod by the right-to-data-portability requirements under statues like GDPR and CCPA. Facebook has a white paper on data portability, while Google has a facility that allows users to download their data. A challenge remains in that data portability just isn’t practical or easy for most users who want a fast way to switch between platforms. To address this, Facebook, Google, Microsoft, Twitter, and Apple have launched a collective initiative, the Data Transfer Project, to move data between platforms without having to download or upload user data; however, progress on the project has been slow.

Ideas from the wider expert and business community

Some of the ideas from the wider business community are conceptual but intuitive because they use recognizable analogies, which makes them worthy of our attention. For example, the musician will.i.am has proposed a concept called idatity, combining identity and data as a human right with users being eligible for compensation for transferring it to others. Researchers Eric Posner and Glen Weyl have argued for data to be treated as “labor” and have advocated for mechanisms such as “data labor unions” to collectively bargain with tech companies over payments for access to data. Extending the analogy, they also call for a “minimum data wage” that is equivalent to a standard minimum wage argument but applied to a guaranteed basic compensation to users for producing useful data.

Others, such as the journalist Rana Foroohar, have floated the idea of a public data bank, regulated by elected governments along the lines of the “civic data trust” being considered by Toronto for Google’s Sidewalk Labs or data trusts being proposed in general as the concept of a legal trust being applied specifically to the securing of data.

And there are entrepreneurial opportunities. Engineer and World Wide Web inventor, Sir Tim Berners-Lee, launched a startup predicated on the idea of data ownership, where users store their data in a personal data “pod.” Users can give or revoke permission to individual apps to read and write to their personal pods.

Indian entrepreneur Nandan Nilekani, a champion of “data democracy,” argues that India’s technology infrastructure, with his brainchild, the unique ID system Aadhaar, as a foundation, gives India the unique ability to empower every resident with his or her own data. Many Indian banks are taking this forward by preparing to give consumers access to their financial data so that they can directly share it to apply for credit, investment products, or insurance, bypassing the credit ratings agencies as gatekeepers or the lack of credit histories as barriers. This initiative will use third-party mediators and is backed by the country’s central bank.

The list goes on. The startup Streamr, which provides infrastructure for users to collectively monetize their data, has an app, Swash, which aims to facilitate a “data union.” Yet another venture, Ocean Protocol, intends to facilitate digital agency through a self-managed distributed ledger framework of blockchain.

Despite this multiplicity of ideas, we’re no closer to truly meaningful change.

Why Is Data Governance So Hard?

Data, unlike other forms of personal property, is just plain complicated. Any workable solution would need to manage the following 10-point checklist at a minimum:

  1. Define what constitutes the personal data to which a user has exclusive rights. For example, a personal photo may contain a picture of a friend tagged by the user. Moving that data could violate the friend’s privacy. Alternatively, a user’s click-trail tracked by a platform reveals the user’s preferences based on the platform’s analysis. At what point does that revelation become the platform’s intellectual property?
  2. Establish criteria to demarcate personal data, anonymized data, and third-party data. To see why this can be difficult, even anonymized data when linked can reveal personally identifiable information; an algorithm was shown to identify 99.98% of Americans by knowing as few as 15 demographic attributes per person.3 Alternatively, if a user’s data links to third-party data deemed harmful or false, can the user remove it without violating the third party’s free-speech rights?
  3. Create a transparent—market-based—and universally accepted system of valuing data and compensating users accordingly for trading data. The compensation could be in the form of a tailored service or monetary compensation, while some data may not be tradeable at all.
  4. Define standards for how the data is stored, moved, or accessed interoperably across different digital platforms.
  5. Establish criteria to evaluate the trade-offs between many needs: interoperability, privacy, cybersecurity. Ease of interoperability, for example, could also reduce cybersecurity.
  6. Establish criteria to evaluate the trade-offs between personal data and the use of aggregated data as a “public good”—for training algorithms for societal use, fraud detection, public safety, flagging fake news, etc.
  7. Mitigate the transactions costs of negotiating with multiple parties whenever a platform needs multiple data sources, such as location data needed for a ridesharing app.
  8. Mitigate the risks of bots or malicious actors from taking advantage of compensation for access to data. For example, when Microsoft experimented with paying users for data, bots—with no usable information—exploited the system.4
  9. Make it easy to move data across platforms, without expecting the user to be a technology expert.
  10. Anticipate unintended consequences of changes as fundamental as transferring the control and management of data from Big Tech “professionals” to the “regular” users.

As the multiplicity of solutions and this checklist suggests, finding a workable digital agency solution is daunting. While users are not abandoning digital platforms, they are the proverbial frogs in steadily warming water. Company leaders, pundits, and politicians fuel the fire with rhetoric, but ultimately that’s not getting us anywhere. It is time to give users more rights of digital agency and figure out which parts of the data checklist are most practical, scalable, and sustainable. If consumers help demand it, we can find forward-looking solutions that draw upon the wealth of ideas on the table before the water boils over.

TAKEAWAYS

Despite feeling a high level of concern about how their data is used, most users continue to hand over their data and tick consent boxes. This “privacy paradox,” where users’ concerns aren’t reflected in their behaviors, points to a flawed system.

  • Companies and regulators need to move toward a consensus that defines and grants users digital agency—the ability for individuals to own the rights to their personal data, manage access to this data, and potentially be compensated fairly for such access.
  • A number of possible ways to give users direct ownership of their data have been proposed by legislators as well as Big Tech companies themselves. Some comprehensive measures, including the European Union’s GDPR and the California Consumer Privacy Act, are now being implemented.
  • Any workable solution to data governance would need to manage a list of requirements that includes creating a transparent, market-based valuation of personal data, defining standards for how data is stored, and making it easy to move data across platforms.

NOTES

  1. 1. Kim Hart, “Consumers Kinda, Sorta Care About Their Data,” axios.com, February 25, 2019, https://www.axios.com/consumers-kinda-sorta-care-about-their-data-3292eae9-2176-4a12-b8b5-8f2de4311907.html.

  2. 2. Brooke Auxier, Lee Rainie, Monica Anderson, Andrew Perrin, Madhu Kumar, and Erica Turner, “Americans’ Attitudes and Experiences with Privacy Policies and Laws,” Pew Research Center, November 15, 2019, https://www.pewresearch.org/internet/2019/11/15/americans-attitudes-and-experiences-with-privacy-policies-and-laws/.

  3. 3. Luc Rocher, Julien M. Hendrickx, and Yves-Alexandre de Montjoye, “Estimating the Success of Re-identifications in Incomplete Datasets Using Generative Models,” Nature Communications 10 (2019), https://www.nature.com/articles/s41467-019-10933-3.

  4. 4. Courtney Goldsmith, “Nothing Personal: The Importance of Creating Data Ownership Frameworks,” European CEO, March 18, 2019, https://www.europeanceo.com/industry-outlook/nothing-personal-the-importance-of-creating-data-ownership-frameworks/.

Adapted from “Why It’s So Hard for Users to Control Their Data,” on hbr.org, January 30, 2020 (product #H05DVB).

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.42.168