- Watch Jeni's interview on BBC Breakfast (from 1h 24)
- Listen to Jeni's interview on BBC Radio 4's Today programme (from 50:00)
As stories about the Cambridge Analytica and Facebook scandal fill our feeds, questions about the use and misuse of personal data are high in the public’s mind.
While this far-reaching story has multiple angles, we are interested in what it might mean for data and our perception of how it should be controlled. Many argue that digital privacy rights require individual consumers to have ownership of data about them. As the FT put it, ‘a key part of the answer lies in giving consumers ownership of their own personal data’.
We believe that we need to benefit from our decisions being informed by data, while being protected from any harmful impacts. We think that most of the people arguing for data ownership believe in the same end goal. But we don't think that data ownership will achieve this goal. We need a rights framework instead.
Personal data is often about multiple people, not just one
Facebook users have masses of data collected about them from the moment they start using the social network. It is common for people to play games or quizzes with their friends on Facebook and in doing so provide access to data Facebook holds about them to developers – as was the case with the app built by Global Science Research which generated data reportedly sold on to Cambridge Analytica.
However, the APIs that Facebook offered to third parties granted access not only to an individual’s profile but also to those of their friends and family.
There is practically no data about us that is not also about other people. Our DNA reveals information about our parents and offspring. Our health records contain information about medical professionals. Our bank accounts reveal details on those we transact with. Our utility bills can reveal those we live with. Respecting all of these people’s rights over data about them is crucial if we're going to create a trustworthy data ecosystem.
We must consider the rights of society
As well as the multiple people having rights over data about them, societies have rights to data.
Nation states have the responsibility of protecting us. Under certain conditions – and with appropriate levels of transparency and democratic accountability – our governments need to access data about suspected criminals to keep us safe.
They also have the responsibility of giving us services and keeping us healthy. Data gathered through national censuses have helped governments do this for many years. In the future other forms of data, such as that gathered by social media but also data gathered through our health system or communications networks, could help us tackle 21st century challenges like climate change, growing and aging populations, or the spread of diseases across national boundaries.
Having data under the exclusive control of individuals disregards our communal and societal interests as citizens.
Individuals do not make perfect decisions on their own
Many of the proposed solutions to the current data challenge – like data ownership – rely on individuals making perfect decisions. Experience shows this won't work.
Many people don't have access to all the information they need to make a decision or understand the implications of granting access to data. Some people’s decisions will be affected by time and financial pressures. Even if they make a good decision, most people will lack the skills to know if an organisation has respected it.
In other areas, legislation, regulators and consumer rights organisations emerged to protect consumers against other types of harm, such as the use of toxic chemicals in toys. These help people make better decisions and encourage businesses and governments to design better products and services. We need to provide a strong and clear enough framework for these support structures to grow.
We need a rights framework for data
To build a future where we benefit from our decisions being informed by data while being protected from any harmful impacts, we need to respect the rights of multiple individuals and of societies, and to create legislation, regulators and organisations that help people make better decisions.
To create this ecosystem we need to develop a rights framework that makes clear the data rights and corresponding responsibilities of individuals, data stewards (the people who hold data on our behalf), and governments. This framework should be widely monitored and enforced. We will expect public, private and third sector organisations to respect it when they design services and collect and use data. To create trust, we will also need civil society, the media, and people as consumers, creators and citizens to be able to see what is happening to data, and to know that we are fairly benefitting from its use.
The European Union's General Data Protection Regulation is a step in the direction of developing this framework, but it is not perfect and will need to evolve, alongside other laws, regulations and norms.
While contributing to, developing and promoting a global rights framework for data might seem a hard journey it is one we need to make if we are to use data to build a better future and better society for everyone.
You can read all of our thought pieces and interviews on the Facebook and Cambridge Analytica story in our ODI View page. If you have comments or experience that you’d like to share, pitch us a blog or tweet us at @ODIHQ.
Photo: Thought Catalog, CC BY 2.0