Hello. This chapter will focus on data rights and the role of government in ensuring those rights. Data rights are a question of who owns--and therefore has control over--certain types of information. They tend to fall into three categories: Government Data Rights, Business Data Rights, and Consumer Data Rights. In a government context, a “data right” is a way to refer to a government's right to use valuable intellectual property, such as software or certain types of technical or scientific data.
“Data rights” generally refers to intellectual property in a business context, as well, say in the form of patents that are territorial, granted at the national or regional level.
But what’s on most people’s minds nowadays, and what is most germane to our discussion of data and Sustainable Development Goals, is consumer data rights; that is, an individual’s right to own and control the data that is collected about them, especially by businesses. And since data is such a valuable commodity- it fuels research, innovation, and other public service or private business needs-it makes sense that individuals should have a say in how it is used and who profits from it. When you upload data onto websites or social media platforms, you might not be aware of the company’s default privacy settings or terms and conditions. Most people assume that data voluntarily submitted to the website is kept secure and is not shared with third parties or made publicly available, and yet this is not always true. Accordingly, large Information Communication Technologies companies and vendors have amassed personal information from subscribers from across the globe.
Consider that Facebook had 2.23 billion active monthly users as of June 2018. That’s almost double the population of China, the most populous country in the world! And Facebook collects data about all their subscribers. Since about 2006, people who have used a variety of ICT online platforms have demanded access to the data stored on them. Initially, big ICT firms hired paralegals to deal with these ad-hoc requests by consumers, and organized customized data searches on their behalf.
The issue first arose from desires of individuals to determine the development of their life in an autonomous way, without being perpetually or periodically stigmatized as a consequence of a specific action performed in the past. This right later became known as the Right to be Forgotten, prevalent in the European Union. Social media platforms have become a one-stop shop for intelligence-gathering with respect to law enforcement, certain telecommunications metadata laws also allow authorities access to content that a user has been looking at online via their Internet Service Provider (ISP). Many police officers call this type of data the “cheapest investigative tool. "These trends in policing and data investigation are set to get even more pervasive as new technologies like Apple’s Siri, Amazon Alexa, and other types of voice-recognition devices are capturing private conversations, converting these conversations into data, and storing the data in the cloud-ripe for big data analytics. For you to be well-informed as a citizen and consumer, it’s important to understand the range of data that’s being collected and stored--and it’s not just your online history.
The collection of biometrics, especially facial images and fingerprints, has become a common practice. And what about other types of personal information-arguably the most personal information you have is your DNA? The S and Marper versus United Kingdom case that was heard in the European Court of Human Rights in 2008, determined that holding DNA profiles or samples of individuals who had been arrested, but who were later acquitted or have the charges against them dropped, is a violation of the right to privacy under the European Convention on Human Rights.
But in many countries, the collection, storage, and retention of DNA profiles and DNA cellular samples as well as biometrics in general, are ill-defined. Now we have companies collecting DNA from individuals, services like 23andme and ancestry.com, through which customers can provide a DNA sample and receive a report about their family history and heritage, their proneness to specific genetic diseases and more. Customers provide this DNA information voluntarily, but may not be aware that their DNA is then kept and stored by the company. How else is that information being used? Many of the privacy policies that consumers sign--often without even reading what they’re agreeing to--have provisions that allow companies to share customers’ data with third parties, including marketing companies whose main business driver is the liquidity of data. Ultimately, this means that the owners of this data are the companies or organizations that collect it, not the people who supply it.
Data innovation driven by government open data initiatives in the form of new services is said to drive future growth. But with this type of innovation comes a significant responsibility for stakeholders to address data management. Many governments have been proactive in considering the sociotechnical impact of ICT on citizens and businesses--technology assessments, risk assessments and privacy impact assessments are all mechanisms that examine, more often than not, negative impacts on consumers using evidence, and they allow for these risks to be identified and extrapolated. The state has a responsibility for protecting data, transparency and accountability, in the face of corporations who want to use data to enhance innovation and develop their businesses.
The GDPR has overhauled how businesses process and handle consumer’s personal data. The legislation is designed to "harmonize" data privacy laws across Europe as well as give greater protection and rights to individuals. In short, it is a set of rules that give users more control over their online personal data. Businesses operating in the EU are now required to ask consumers if they can use consumers’ data, and they are prohibited from using someone’s data if the company does not have explicit consent. Companies covered by the GDPR are accountable for their handling of people's personal information. Under GDPR, the "destruction, loss, alteration, unauthorized disclosure of, or access to "people's data has to be reported to a country's data protection regulator.
High-level initiatives like GDPR are a major step in the right direction when it comes to recognizing and protecting people’s right to control their own data. But, in an age when private companies have more data than government agencies, companies will need to lead the way in reforming business practices and restoring consumer trust.
The Chartered Institute of Marketing claim that 67% of consumers would actually share more personal information if organizations were more open about how they will use it. By demonstrating that your business is open, honest and championing best practice, organizations can show their customers the value-add of sharing their data in delivering a more personalized experience. And let’s not forget the most important stakeholder in all of this--you, the consumer, citizen, and individual.
No doubt the key to all of this is consumer education and empowerment, so you are aware of your rights and can critically evaluate how your data will be used and by whom. Children should learn about what happens when they go online or interact with a mobile device, how to interpret user agreements. Because data can be used to support or inform any of the Sustainable Development Goals, privacy and data rights figure into all of them. But, I think the most important for me are SDG 16, which promotes justice and strong, ethical institutions, and SDG 17, which stresses the importance of partnership and cooperation in achieving sustainable development.
Fundamentally, we need stakeholders to come together to protect individuals’ data rights and create new standards, industry guidelines, laws, and even privacy-enhancing technology. We cannot become lax on data rights or the ethical use of data, or think of privacy only as an afterthought. They need to be in the design process from the very beginning. Protecting data rights is a real issue--but as we’ve seen with regulations like GDPR, the work of advocacy groups like Privacy International, and consumer movements like the one to #deleteFacebook, it’s an issue that many people are committed to solving, and there is real reason for hope. For instance, blockchain technology-most often associated with cryptocurrencies and other financial technology, but which can actually be used to securely store any type of information-offers a huge amount of potential for ensuring that people can have more control over their own data.
In Australia, the government has decided to legislate a new “Consumer Data Right” to give Australians greater control over their data, empowering customers to choose to share their data with trusted recipients only for the purposes that they have authorized. This is as a direct result to new emerging open frameworks in the banking sector, but will soon be rolled out to other sectors like energy, and telecommunications, and then economy-wide. It’s an example of how reforms in the private and public sector can feed off and influence each other for the greater good, and, in theory, it will mean that individuals can feel confident that they are in control of who they share their data with.
With new consumer data rights and data protections set in legislation, consumers will negotiate how much personal information they want to share with their service providers, and they will be able to choose if they want to open their private data for public accessibility, making it available for research or other purposes. They may even be able to sell their own data, and benefit from it the way companies are benefiting from it now. But the infrastructure around such initiatives are first being enacted by legislation, then implementable frameworks, and then consumer awareness to utilize these open services. The movement around personal data rights is ongoing and will only become more important as time goes on. And as new laws and standards emerge, there are still a lot of questions about oversight and governance. Who is going to hold companies and governments accountable for their management of data? I urge you to keep yourself informed and get involved in the data rights discussion in your own communities. Thank you.