Given the public outcry over the lack of data privacy in today’s digital world, it’s perhaps no surprise that tech innovators are working on new privacy solutions that can help to bring together the buyers and sellers of personal data in a way that is convenient, transparent, secure and fair. One solution that’s getting a lot of attention these days, for example, is the personal data marketplace powered by blockchain technology. But is this data marketplace really the right direction for data privacy?
A personal data marketplace is simply an online destination where buyers of data (usually big corporations) are able to transact directly with consumers willing to part with some portion of their personal data. The idea is simple: corporations are already monetizing users’ personal data anyway, so why not at least compensate consumers for using their data? In theory, an online marketplace is the most efficient marketplace to buy and sell data, and will “reveal” the true price of user data.
The personal data marketplace concept is important because it recognizes that all user data has some value attached to it. For example, who wouldn’t want to monetize some of the data that they are sharing via social media platforms like Facebook? Or monetize some of the data that they are sharing with healthcare or financial services providers? Presumably, very sensitive information – such as one’s annual income or amount contributed to a particular political campaign – would carry much greater value than other types of data (such as one’s age or gender). In a perfect world, very efficient data exchanges would arrive at the “fair” price for user data.
When these personal data marketplaces are constructed using blockchain technology, it helps to avoid some of the problems currently encountered in today’s digital world – such as the widespread problem of one’s personal data getting hacked. With a blockchain-powered personal data marketplace, all data is fully encrypted, and the only people with the “keys” to decrypt this data is the consumer. Therefore, if a consumer doesn’t want a particular corporation or advertiser to purchase data, then all that’s needed to do is not hand over the key to the data to that corporation.
Before you continue reading, how about a follow on LinkedIn?
What’s particularly elegant about this personal data marketplace solution is that it is fully GDPR-compliant. In other words, the ability to (literally) “throw away the key” is the same as the “right to be forgotten.” In a perfect world, a user could prevent all personal data from ever being used, by anyone, simply by never handing over their encryption keys.
Moreover, the allure of the personal data marketplace is that is empowering for the end user. You can literally choose which corporations get your data, and which don’t. By having control over the data sources, the data buyers and how they sell data, consumers don’t have to worry about shadowy data brokers getting access to their data via unscrupulous means, or machine learning algorithms processing their data in a way that was never intended.
And there is one other big positive for personal data marketplaces – they enable consumers to “monetize” their data. In short, they get paid for their data. If you buy into the argument that “Big Data is the new oil,” then this makes a lot of sense. Just as commodity exchanges exist to buy and sell oil in a transparent, convenient and efficient way, shouldn’t the same type of mechanism exist for personal data? Data buyers wouldn’t have to worry about scrubbing all the unstructured data out there, and data sellers would no longer feel like companies are profiting from their data without sharing part of the profit with them.
While this upside of personal data marketplaces is fantastic (at least, in theory), a number of personal privacy advocates are now warning that they are just a new way for third parties to profit from personal data. In fact, the ACLU, long renowned as a defender of personal rights, has come out very negatively about personal data marketplaces, warning that they are “the tech industry’s latest privacy Trojan Horse.”
The ACLU specifically points to the example of Hu-manity.co, which is pushing for new privacy bills across the United States on a state-by-state basis. The specific focus of Hu-manity.com is personal health information, and the overall sales pitch is quite seductive: patients should not have their personal health information sold without their consent and without any compensation for data collected. Using Hu-manity.co, patients would have a way to monetize their data.
Yet, as the ACLU argues, all Hu-manity.co is doing is shifting the profits from shadowy, third-party data brokers to a new set of so-called “customer information sales agents.” These customer information sales agents would become the new data gatekeepers and, presumably, companies within the healthcare industry would have some form of control or ownership over these organizations. In short, the people “getting rich” off health data might be the very healthcare companies creating the vast data sets of medical information!
Despite its lofty name, Hu-manity.co is not a nonprofit organization or any kind of privacy advocacy entity – instead, it is a profit-seeking venture with a lack of transparency, says the ACLU. The company is promising that a share of the profits will be shared with consumers, but there has been no defined amount set up in advance, meaning that patients might only end up getting “mere pennies” for their data, while the third-party customer information sales agents collect everything else.
Finally, there is the whole matter of equity. In short, people who need the money the most would be selling off their data, while the most financially secure people would be able to hold onto their data. This, in effect, would create two different classes of consumer – the wealthy consumer with maximum privacy rights, and the lower-income consumer with minimal (or no) privacy rights.
The concept behind these personal data marketplaces has thus been quite popular within the tech sector, and has set off a mini-boom in new data marketplaces. There are now, for example, business data marketplaces, where businesses can exchange business intelligence data with other companies. There are even sensor data marketplaces, where people can buy and sell data generated by objects and sensors hooked up to the Internet.
That’s where we stand today. On one hand, you have the tech enthusiasts, who are raving that personal data marketplaces are “the Holy Grail of the Information Age.” On the other hand, you have the ACLU and other privacy advocates, who are warning that personal data marketplaces are a dangerous “Trojan Horse” for the tech industry.