Should Consumers Be Able To Sell Their Own Personal Data?
Two advocates square off over whether consumers will be helped or hurt by being able to own and sell their own data. Should Consumers Be Able To Sell Their Own Personal Data?
People around the world are confused and concerned about what companies do with the data they collect from their interactions with consumers.
A global survey conducted last fall by the research firm Ipsos gives a sense of the scale of people’s worries and uncertainty. Roughly two-thirds of those surveyed said they knew little or nothing about how much data companies held about them or what companies did with that data. And only about a third of respondents on average said they had at least a fair amount of trust that a variety of corporate and government organizations would use the information they had about them in the right way.
The question is what should be done about this. One idea is to give people greater control over their data by granting them ownership of it and the right to sell it or restrict its use as they see fit. Proponents of this approach say it would allow consumers to protect their privacy, reward them for use of their data and result in a broader distribution of data that would spark competition and innovation. Opponents worry that it would entice people to give up more of their privacy without adequate reward and would stymie the flow of information.
Christopher Tonetti, an associate professor of economics at Stanford Graduate School of Business, says consumers should own and be able to sell their personal data. Cameron F. Kerry, a visiting fellow at the Brookings Institution and former general counsel and acting secretary of the U.S. Department of Commerce, opposes the idea.
YES: It Would Encourage Sharing of Data—a Plus for Consumers and Society
By Christopher Tonetti
Data isn’t like other commodities in one fundamental way—it doesn’t diminish with use. And that difference is the key to why consumers should own the data that’s created when they interact with companies, and have the right to sell it.
With most goods—think of a plate of sushi or an hour of your doctor’s time—one person’s consumption of the good means there is less to go around. But data is infinitely usable. The same data can be used simultaneously, without being depleted, by engineers in different businesses and scientists in various universities.
That means that if consumers could sell their data, they would have the ability to share the data from any transaction with multiple organizations—to their own benefit and that of society as a whole. Ownership also would give them control of their privacy.
Owning data grants the right to decide how it is used. Consumers could sell or even donate their data to organizations of their choosing, withholding data they wish to keep private and spurning organizations they don’t trust. That’s obviously preferable to the current situation, where firms tend to own the data from transactions and can use it in ways consumers may not want and without the consumers’ knowledge. And giving consumers ownership of their data is better than simply outlawing the use of that data by firms—or giving people greater access to their data and control over its content—because it allows consumers to profit from their data and promotes the broad use of it.
Broad use can deliver large gains to society. Consider the example of machine learning and medicine. Algorithms can be trained to diagnose skin cancer using images of biopsies paired with pathology reports; the more images used to train an algorithm, the more accurate its diagnosis. An algorithm trained only on a hospital’s own patients will be inferior to an algorithm trained using images from every patient in America. When data is used broadly, the algorithms improve: We all get better medical care, safer cars and more accurate speech recognition, among many other benefits. Every hospital cannot use the world’s most talented surgeon simultaneously, but they can all potentially employ the best data.
By contrast, when firms own data, they may not want to sell it to their competitors. For a company like Amazon, Facebook or Google, their users’ data gives them an important competitive advantage. But if consumers owned their data, they could sell it to multiple firms, stimulating competition and innovation.
Consider, for example, the auto industry. Tesla collects data as its cars are driven around and uses that data to develop self-driving car technology. If Tesla’s customers owned the data, they could sell it to Tesla, but also to other competing firms. Every firm’s AI would improve and barriers to entry to developing self-driving cars would fall. Safer cars would result in the short term, and the move to autonomous vehicles would accelerate.
Consumers might have to pay a higher price for their Teslas at first, because the company would be losing something of value, or would have to pay for it. Right now, we pay to use Gmail and Teslas in part by ceding exclusive rights to the data we provide—exclusivity that inhibits the competition that stimulates innovation and economic growth. But any price increase for a car would be partly offset by the proceeds consumers could receive from the sale of the data, and eventually greater competition could lower prices across the industry.
Practical considerations currently make the sale of personal data difficult. Valuing personal data, developing markets, and the burden on consumers of managing the sale of their personal data are among the many challenges. Businesses would have to make many adjustments, and the range of rights that could be sold, including the right of purchasers to then share the information, would be complex.
But allowing consumers to own and sell their personal data is the spark that would encourage innovators to tackle these problems, too. Many goods are hard to value and sell and many transactions are complex, but when the benefits are large, as they are with data, these problems can be overcome.
Some worry that financial incentives would encourage consumers to sacrifice even more of their privacy than they do now. But that is a choice consumers should be allowed to make—which data is worth selling for the price they would receive, and which isn’t. Some firms allow consumers to sell their data to competitors already. We should make this a universal right.
Dr. Tonetti is an associate professor of economics at Stanford Graduate School of Business. Stanford economics professor Charles I. Jones contributed to this article.
NO: It Would Do Little to Help Consumers, and Could Leave Them Worse Off Than Now
By Cameron F. Kerry
After a wave of privacy scandals and data breaches, American consumers are right to want change.
For consumers who want more control over how their personal data is used and shared, the notion of owning their data and being able to sell it or withhold it sounds appealing. But owning data will do little to help consumers’ privacy—and may well leave them worse off. Meanwhile, consumer property rights would create enormous friction for valid business uses of personal information and for the free flow of information we value as a society.
In our current system, consumers reflexively click away rights to data in exchange for convenience, free services, connection, endorphins or other motivations. In a market where consumers could sell or license personal information they generate from web browsing, ride-sharing apps and other digital activities, is there any reason to expect that they would be less motivated to share their information? On the contrary, some small amount of money may induce people to give up even more rights than they do today, with little benefit in return.
Consumers are, after all, unlikely to strike a good deal for their data, since they will lack information about its value, and the data collectors will be the market makers. Indeed, a major problem with today’s system is that it demands more of individuals than they can reasonably give—that’s why people routinely sign away their privacy without reading a word of privacy agreements. A payment system that would turn every interaction with a company into a negotiation would demand much more.
On the business side, enterprises have many legitimate interests in personal information about individuals they interact with, including providing customer service, complying with legal requirements and many others. When a consumer buys a book from Amazon, for instance, the consumer, Amazon, the credit-card company and the delivery service all need some transactional records. Under a system of ownership rights, how would these needs be accommodated? How would rights to a customer’s information flow through a supply chain? Would businesses be free to sell the personal data they acquire?
In addition to incurring costs to pay for data, businesses would face enormous technical and logistical costs of engineering such a system to manage the many complexities of payments to consumers and negotiation of their rights. Solutions like data repositories that use blockchain technology, or intermediaries like copyright collectives, would be a long time coming. What happens to consumers’ privacy in the meantime? We need policies that work for consumers right now.
There are broader problems, as well, with the idea of consumers owning and selling their data. Data sharing has benefits that reach well beyond consumers and businesses. Our digital society and economy operate through broad ecosystems of data sharing, from financial services to health care to college admissions, among many others. The friction and disruption that would be caused by any system of payments for the data these systems depend on would undermine these flows of information.
As for the idea that a payment system would encourage consumers to share their data more broadly and thus would in fact facilitate the flow of information, there is no reason to believe that firms wouldn’t stem that flow by seeking exclusive rights to data they pay to purchase or license.
American consumers deserve better protection for their privacy. But a marketplace that would only encourage even less privacy and disrupt businesses and the flow of information crucial to the smooth functioning of the economy and society isn’t the solution. Companies should be the stewards of personal data, not become the owners. Investing in property rights rather than fair information practices would take companies’ eyes off what they need to do to protect the privacy of people whose data they hold.
Instead, federal legislation should address head-on how businesses collect, use and share personal information, and empower consumers with individual rights to access, correct and delete personal information. We need to ensure that privacy interests are not extinguished when people share information, not turn privacy into a commodity.
Lawyer Asks Whether KYC Is Worth Exposing Users To Hacking And Id Theft
In the aftermath of the recent BitMEX data leak, lawyer and general counsel at decentralized finance startup Compound Finance Jake Chervinsky raised the question of whether exposing the public to data risks that Know Your Client (KYC) requirements entail is worth it.
It Is About Time We Reconsider KYC
In a tweet posted on Nov. 1, Chervinsky calls KYC requirements “are a double-edged sword.” He explained that KYC helps law enforcement to track illegal transactions but also exposes the public to hacking, phishing and identity theft. In the end, Chervinsky raised the question:
“It’s About Time We Reconsider If The Trade-Off Is Worth It.”
Excessive Data In Single Points Of Failure
Chervinsky also admitted that he does not know the identification procedures employed by BitMEX in detail, but claimed that “using an account-based model is a form of KYC in and of itself.” He explained that storing large amounts of Personally Identifiable Information (PII) on centralized servers has serious implications:
“I Say We Should Consider If The Benefit Of Collecting Mass Amounts Of PII Into Single Points Of Failure Justifies The Cost.”
Crypto derivatives exchange BitMEX acknowledged yesterday that it accidentally leaked user emails by forgetting to use blind copy on a mass email. Furthermore, as Cointelegraph reported in August, Binance saw the KYC documents and face photos of its client processed by a third party vendor be leaked to the public in an event that showed the dangers of identity verification.