Explainer: What is personal data and how can I control how it’s shared?

Fri Apr 6, 2018
$download_content = get_field('download_content');

How can data about me be collected, shared and used? Can I control where data about me goes? We demystify these questions and explain why we want stronger data rights

 

How can data about me be collected, shared and used? Can I control where data about me goes? We demystify these questions and explain why we want stronger data rights

Lots of people are talking about personal data and how it is shared and used. These are high in people’s minds after revelations that researchers shared large amounts of personal data from Facebook with Cambridge Analytica.

But what is personal data? How can data about me be collected, shared and used? Do I own personal data about me, and can I control where it goes and how it’s used? In this post we demystify these questions and explain why we are calling for stronger data rights to benefit everyone.

What is personal data?

Government regulations define personal data as specific bits of information about ‘an identifiable person’, such as name or location. People often think of personal data broadly as information about where we work, what we like and who our loved ones are.

Data that identifies a person, even without a name attached, may be personal data if it is used to learn or record something about that person. For example, data about gender, age and salary can be combined to allow you to identify an employee at a company, even if you don’t already know their name or job title.

How can data about me be collected, shared and used?

Personal data is collected, shared and used in our day-to-day lives. When we go to a shop and use a contactless card to pay for groceries, the shop collects and uses personal data about us – such as the card number, how much we spent and who with – to process the payment.

Some organisations may use personal data to understand their customers better and provide a more effective or efficient service. They share personal data with third parties, who use it to provide insights or advice (like which insurance would suit you based on transaction history), to create new products and services (like Facebook games and other apps that connect users to their friends), or to market relevant products to customers.

Personal data can also be used in ways that benefit all of us. For example, under certain conditions it can be used in medical research, or shared with governments to keep people safe from suspected criminals. These uses benefit society as whole.

Can I control how data about me is used and shared?

Our privacy is important and organisations that collect data about us often give us ways to control how that data is used. When we join a platform like Facebook, for example, there are privacy controls which we can use to manage how data about us can be used and shared. Guides to privacy controls can be helpful, like this guide on Facebook privacy settings from Techlicious.

Sometimes decisions about how data is used and shared are made by one person using a service (like when you choose to pay by card in a shop). At other times it might be made with other people who could be affected by the data (for example, the other people in a conversation on Facebook). And sometimes the decision is made by government (whose opinion you might influence through consultations, campaigns or elections).

While privacy is a fundamental human right, giving individuals exclusive control of data about them means that wider society can’t benefit from it. Data gathered through national censuses help governments keep us healthy and safe, and future gathering of data could help us to tackle challenges like climate change and an aging population through scientific research.

Does this data belong to me?                     

There are many different views about data ownership. At the ODI, we believe that data does not belong to any one person, not least because data about us is often also about other people. Our DNA, for example, reveals information about our parents and family. Utility bills reveal who we live with. Health records contain information about medical professionals.

It can be easy to view personal data as a commodity to be exchanged, or even sold. But data is a different kind of asset. If you sell a house, it is no longer yours. The new buyer can do anything they want with it and it won’t affect you. Personal data isn’t like that. It’s always going to be about you and the way it’s used will always matter to you.

This means property rights, or ownership, isn’t a useful way of thinking about the relationship between you and personal data about you. You need to always have rights about what is done with that data.

What does the ODI think about data ownership and data rights?

We believe that we all need to benefit from our decisions being informed by data, while being protected from any harmful impacts. We also believe that most of the people arguing for data ownership believe in the same end goals. But we don’t think that data ownership will achieve this goal. We need a rights framework instead.

A good rights framework would make rights and corresponding responsibilities clear. It would be widely monitored and enforced. We would expect public, private and third sector organisations to respect it when they designed services, and collected and used data. We would also expect citizens to be supported and able to use their rights when they needed to.

Parts of this rights framework already exist. In some countries, data protection legislation has been in place for decades. Other current laws, rules and regulations also guide how personal data is used, such as the UK’s Consumer Credit Act. Coming into force in May 2018, the General Data Protection Regulation (GDPR) is a regulation in EU law designed to increase the control we have over data about us. It strengthens some of our existing rights and creates new ones.

At the ODI, we will continue to explore how rights that could shape how data about us is collected, used and shared can build on these existing frameworks and develop in step with technology and social norms.

You can read all of our thought pieces and interviews on the Facebook and Cambridge Analytica story in our ODI View page. If you have comments or experience that you’d like to share, pitch us a blog or tweet us at @ODIHQ.

If you are getting to grips with ethical data use in your organisation, the ODI offers workshops, coaching and resources designed to help you navigate them. Speak with us at [email protected] to find out more.