Contrary to common reports of public ignorance or complacency, we’ve found people are increasingly concerned with how data about them is used. We need stronger data rights, and to achieve this we need to build a language around data that people can understand and engage with
By Renate Samson and Anna Scott
This week at CogX in London (a festival of AI and emerging technologies), several of the panel discussions explored this debate. On Tuesday, our CEO Jeni Tennison joined Sylvie Delacroix, Professor in Law & Ethics and Fellow of the Alan Turing Institute; Gus Hosein, Executive Director at Privacy International; Sana Khareghani, Head of the Office for Artificial Intelligence; and the panel chair Martin Tisné, Managing Director at Luminate, to discuss a potential bill of data rights, and the complexities around rights vs ownership.
Also this week, at the RightsCon Summit in Tunisia (which explores the intersection of human rights and technology), there's a focus on data. From data protection to artificial intelligence, international trade to human rights, conversations are buzzing with speakers and delegates talking about how data is an integral part of who we are. The global crowd attending the summit are grappling with the complexities of how we talk about data about us, how we control access to it and how we protect ourselves from data being misused. We're there to listen, learn and debate our views.
Here at the ODI, we have long been clear that the concept of data ownership is tricky at best. We think a rights-based model – giving us control over the ways that data about us is used – is more viable than owning data about us.
Many of us have a tendency to use the language of ownership when we refer to data about us, saying “my data” or “your data”.
This suggests that we have an emotional and personal reaction to data, which we think is positive; it means we understand that data does refer to us, and that data has meaning and importance to us and our online lives.
However, data that is produced, held and shared, is rarely, if ever, just about one individual.
Data is often about many people at once. It’s about me, you, family, friends and acquaintances. It’s about the people we work with, and the people nearby. It’s about people we never meet – the people who provide us with a service or who create, retain, use or share data about us.
Last year, we worked with IF, a technology studio, to help people understand the complexity of data about us – how data can be about multiple people, and how our control over it is personal but often collective; it involves others too.
The notion that we can ‘own’ data about us is actually pretty complicated. But what about the notion of rights over data about us? Can rights be defined and actioned over something so intangible as data about us, and what responsibilities should be attached to a rights framework?
How do people understand rights over data?
Since February, we have been working with the Royal Society of Arts (RSA) and Luminate on a project exploring narratives around data rights and data ownership: how people feel about them, and how we can talk about them in ways people can understand and engage with.
Over the last few months we’ve been speaking about this with members of the UK public, and plan to continue this work and broaden it towards France and Germany over the coming months.
First, we spoke with a small group of Fellows of the RSA and then with members of the public during two half-day focus groups in March.
We explored the concept of ownership, and data ownership, with one group, and then explored the concept of rights, and data rights, with another. This was so we could be able to compare and contrast their reactions to the concepts and see what kinds of language was most engaging.
We won’t divulge all our findings in this blogpost (as it is ongoing work), but something we took away is that the people we spoke to had strong, defined and nuanced views.
Most of the narratives – heard in the press, from businesses and politicians – around ‘the UK public’s’ understanding, awareness and engagement with data about them – are patronising. It’s often said that we, the public, don’t understand – or, if we do, we don’t care or are happy not to challenge the status quo.
Surveys about data are often misinterpreted
This is a curious approach to take, and one that seems to stem from surveys of people’s attitude and understanding to data being misinterpreted.
As with any type of statistic, surveys can be interpreted in many directions. But we’ve found that many of these surveys give a very complicated picture of awareness, control, understanding and comprehension – they seem to emphasise the public ‘not really getting it’.
The most recent survey to suggest a lack of public understanding of data is Ofcom’s Online Nation report, published at the end of May. The language of the report refers to its findings as people having “limited understanding” or “mixed” awareness. It is not clear why this commentary has been chosen, rather than one that emphasises that people’s awareness is growing.
The survey reveals that 71% of adults are aware of cookies being used to collect information, 60% of people saying they know social media gather information, and 49% being aware that smartphones apps collect information.
The number of people who don’t mind the way that data about them is being gathered is noticeably less than a quarter – only 17% of adult internet users say they don’t mind if organisations use information about them to decide the content they are shown, and 18% say they don’t mind information about them being used to determine what adverts they are shown.
These findings show a shift from people being relaxed about the 'trade off' of data for personalisation or access to service, to more people – 39% in fact – saying they are not happy for companies to collect and use their personal information.
The Ofcom report is one of many that present figures which show the public actually do understand data and want greater control over how it’s used and shared, and who benefits from it.
For example, surveys on attitudes published by DotEveryone, reports on AI from Ipsos Mori, and a survey from Deloitte, published six months after the General Data Protection Regulation (GDPR) became law, which revealed that people felt things had improved but still wanted more control.
The conversations we’ve had with members of the public support the findings of these reports, proving that people are becoming far more data savvy and aware about their online lives, and they want to be heard.
There is a genuine awareness of the GDPR – either through dealing with it at work, or from receiving notices online – of the behaviour of social media companies. This is especially true in light of the Facebook/Cambridge Analytica revelations and concerns around 'fake news', around privacy protections and controls, encryption, how to secure devices, how to delete data, terms and conditions being complicated and, mostly, how many people appear to feel resigned to accepting choices that might not favour them ultimately.
While awareness has increased – as would be expected when people are increasingly engaging and interacting with the internet, data and connected online lives, certainly in the UK and Europe – most of us do not have the time or inclination to want to drill into the finer points of how data about us is collected, unless we have to.
Building a shared language of data
But rather than dismiss that as ‘people not caring’ or ‘being complacent’, we have an opportunity to work with people, and encourage wider learning and shared language about data about us, how it should or shouldn’t be used, and how governments and businesses have responsibilities.
We feel that everyone must have the opportunity to understand how data can be and is being used, but it should not be necessary for every person to have a deep understanding of data to have agency in their relationship with it. We need a trustworthy data ecosystem. We want to build understanding together, and create positive awareness and rational reasoning around risks and responsibilities.
We believe the idea that people don’t care or are complacent couldn’t be further from the truth. We have found that people care very much – many are growing weary of the imbalance and lack of control they have in managing their online lives, and when given the chance, many are very willing to grapple with ideas for bringing about change.
We are continuing to engage with people and listen to what they have to say. We will publish our findings and recommendations for how a rights framework – rather than an ownership model – could be the foundation for a balanced and secure digital life in autumn this year.
We'd like to hear from you. What stories would you like to explore about how data is used, to engage more in the idea of data rights? How would you describe your relationship with data? Share your thoughts with us at [email protected]