by Frank Buytendijk | November 5, 2016 | Comments Off on Who Owns The Data, Anyway?
A digital society is emerging, in which virtual and physical elements blend into a new reality. We have to get it right. I mean, if a digital business messes up, there are often alternatives of where you can take your business.
But in the digital society? We cannot live outside of it. We are part of it whether we want it or not. We need to find a way to navigate the digital society with skill and in comfort (a concept I call “digital dasein”, in reference to the work of Heidegger).
So we have to figure out the rules here. See “Introducing Digital Connectivism: A New Philosophy for the Digital Society” for some more detail.
One important aspect, that we recently discussed in our research community is “data ownership”. Who owns the data about you? Or about anything, really.
It starts with a few observations.
In the traditional world, we would manage most of the relevant business information within the organization, this would be the discipline of information governance, to make sure this would be done well.
It starts to become difficult already when organizations start to share information. Think of a banking transaction. There is the bank, the customer, the payment processor, the corresponding bank and the corresponding customer. Each adds pieces of metadata, derived from various parts of the data and pretty soon it becomes impossible to determine who owns what. The interesting thing is that in this example it doesn’t matter much. The data is locked in a process and in a system, and it can’t get out. If the process fails, either the bank or the payment processor is responsible.
In the digital world, it gets more difficult. In all kinds of business moments, not all parties are known, not all used technologies are known, agents just interface. Here it becomes an issue. Who is authorized to do what with data that is exchanged?
Let’s look at this from various angles…
In society, the law is there to settle disputes. So the law would have a place in society, like information governance has within a business. There are a few howevers… the law is not the starting point of how to act in society, it is an instantiation of how we feel we must act. In other words, society and its mores emerge first, and then what we feel is desirable in terms of behaviors and mores, we codify in the law. The law trails. Certainly and particularly in the area of technology, as technology innovation goes so fast. This is not a new point, but still valid.
New laws may have to look different. We’re not in the legal business, and don’t provide legal advice, but in practice the party that measures something, practically owns the information. Or at least governs it. Maybe we need to turn that around in the future, and create data laws that are like copyright laws – the data is owned or controlled by the object/subject the data is about. So if there is any data about me, I control the use of it, never mind who measured it. There are technologies that do this, referred to as “digital lockers”.
Also, the law is there in case of disputes. In navigating the digital society with skill and in comfort, the idea is to avoid dispute, and need of the law. It means we need different means as well.
If there is no clear ownership, then we need some collective ownership. This is the area of stewardship. We all assume responsibility. A very well-known principle in the physical society. We keep the street in front of our door clean, and we treat the public infrastructure with care (and if we don’t, the law kicks in). It is the world of the “commons”. Centuries old principle. In Switzerland it is called “Allmende”. It should work the same in the digital society. The ratings systems that Uber and AirBnB have works well, because it’s transparent how you behave. Other things that work are anthropomorphism, nudging, technology scripting etc. (see: “Modern Digital Technology Requires Shared Responsibility, Not Enforced Policy”).
Another distributed mechanism is some kind of negotiated authority to handle data exchange, based on some rules or principles or requirements in context that a certain party needs to meet. Not sure what this would look like though.
3rd party intermediation
New parties will emerge, that assume ownership, and offer auditing services, data/algorithmic quality services, authorization, financial settlement, approvals etc. Nick pointed in the direction of trusts, legal arrangements allowing a third party to hold assets on behalf of some beneficiary. Nick envisions a Personal Data Trust in which an individual’s data is collected and classified based on things like sensitivity, collection method, device context, intended value exchange, and so on. The trustee, which could be the individual or, in the case of minors, a parent, grants and revokes access and usage rights to that data on a per use or per user basis.
A good example of where this open data aggregators. Basically the same business model as all managed open source subscription services. The data or technology is for free, but you pay for the management of the support and integrity of the data or technology. http://dataportals.org/ is a metacatalog listing over 500 open data portals around the world.
And it doesn’t have to be a third party, by the way. Established players in an ecosystem can take that role too. The CEO of Volvo publicly stated that all issues caused by autonomous Volvo cars, would be the responsibility of Volvo. Other CEOs followed.
No ownership needed, thank you
What if the whole problem could dissolve? So no ownership is needed? Like in the case of the bank transaction? This is probably the real value of blockchain as a solution. Blockchain is a brilliant example of reimagining value transfer fundamentally. In the classical situation, there is a reliable transaction if you identify all the parties, and have enough security measures in place to protect that data.
Blockchain works the other way around. All transactions are open, in a distributed ledger. It’s just unidentified to others who the involved parties are. Blockchain can be used for identity management, information management, and maybe financial settlement in business moments.
Other, less clearly described solutions might be in “self-describing data”, that identifies what it can be used for and what not. Not sure how realistic or futuristic this is.
I can only imagine that reality will be a combination of all of this, and a few things we haven’t even thought of. But I am also convinced that the shift in how to deal with this needs to be significant, and will come with trial and error. Interesting times ahead.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.