A User-Centered Approach to Personal Data

The Data Economy

In 2015, the data economy was estimated to be worth over 285 Billion Euro in Europe alone. That accounts for almost 2 percent of the European GDP and it’s likely to grow with an unprecedented pace. It is estimated to reach over 3 percent of the European GDP in 2020, or 643 Billion Euro.[1] Among the total trade volume, person-related data is the most demanded, since it allows companies to target advertisements with a high accuracy. 
‍
Person-related data is usually divided into three categories. It can mean volunteered data, such as information a user purposefully submitted through apps or websites. Secondly, it can include observed data, which has been gathered without the user’s knowledge or explicit consent. Lastly, data can also be inferred from other sources to produce accurate assumptions.[2]

From the Eyes of the User 

Independent of how the personal data was gathered, in most cases a user does not own data that concerns him- or herself. That means not only that participating in the global data economy is impossible. It also strips the everyday user from essential digital rights, such as controlling where the data is stored, which whom the data is shared and the option to delete personal data. 
‍
In theory, laws such as the European GDPR are trying to counteract this imbalance, but in practice, exercising these rights can be difficult.[3] But how did we end up with this massive imbalance?
‍
In the early days of the internet, it was a digital service vacuum. Only after small companies saw the potential and started offering digital services to users, the internet began providing a real added value to most people. In exchange these startups offered to store and curate data from users. Additionally, users received a digital identity - often in form of a login – to authenticate themselves on the web. All of this was agreed to be without any payment, not from the user’s side or the company’s side. Furthermore, this deal was offered as a bundle and presented as non-negotiable. This means, that every user aiming to use a given service had to agree to that bundled deal. 

Problematic Relationships

A few years later, this has translated into an substantial imbalance of power between the user and internet service companies. Normally, we only have this type of one-sided relationship with our government and civil society has had hundreds of years to develop mechanisms to account for that imbalance. What’s more, since the bundle offered is opaque, there is no way for users to trace which data using services and data sources are included in it. Adding to that, there are four additional aspects, which tip the scales considerably into the favor of internet companies. 
‍
First of all, the bundling of services, data exchange, identity and economic inability severely inhibits competition and reduces innovation. This is further amplified by the monopolization of certain parts of the market by digital companies. 
‍
Secondly, without the ability of the user to choose between different service providers, their services and control data sharing relationships on a granular level, there can not be a meaningful consent. 
‍
Simultaneously, having a third party control a user’s digital identity seriously impedes the ability of the user to express themselves in society and exercise freedom of speech. 
‍
Lastly but most importantly, the lack of a possibility for financial exchange in both direction bars the user from taking part in the data economy. This way, it’s impossible for the individual user to impact the market and participating in the value exchange connected to it. It also obfuscates the fact that data concerning an individual is property of that said individual. The only reason the current consensus within the tech industry disagrees with this is connected to an obscure legal precedent set in the 70s.[4] But how can we shift the power towards the user and level the playing field? 

The Intermediary Instance

The most promising option is to move the point of integration to the user and to set up a intermediary instance between the user and both the service providers and data sources. The challenge here is to not overburden the user, so this intermediary instance has to assume some fiduciary responsibility for the user.[5] This means handling service discovery, identity management and data exchange, among others. It also should give easy access to consent management and access management, giving the user full transparency and control over data shared with service providers. 
‍
Through this trust framework, the user can not only control who uses his or her data, which services to use or which data sources to include. The user can also choose to pay or get paid and is able to market their own data accordingly. Consequentially, the user can participate in the global data economy. This enables the user to assume an active role within the market and exercise power to influence it. Moreover, having the feeling of authority over his or her person-related data positively impacts the transparency within the market, empowers the user, creates trust between users and internet companies and enables innovation by avoiding data lock-ins. 
‍
It seems that the internet’s personal data infrastructure is due for an update. Empowering people to take control over their data and actively participate in the value creation of the global data economy has to be the next logical step.