Data Sharing and Ownership [1]

Author: Jashan Singh

Speaker: Ardena Bašić

i. Data monopolization is creating barriers to entry; and,

ii. To be competitive, data use practices are evolving, leaving users with little control over their own information.


         In 2011, the World Economic Forum declared raw data an asset; and in 2017, the Economist published an article that claimed, “the world’s most valuable resource is no longer oil, but data”.  Also, in 2017, John Thornhill, the Innovation Editor for the Financial Times, made a claim that “the most valuable asset that [companies] possess is the data that its users, often unwittingly, hand over for free before [it is] sold to advertisers”; and understandably so, with nearly 50 billion devices connected to the internet (including the Internet of Things, or IoT), it is this information brokering[2] that drives bottom lines. For this reason, Sean Howell, an associate at Covington and Burling LLP, classifies raw data a “competitive asset” meaning that some companies have greater advantages over others. Unfortunately, creating competitive environments with only the best, most experienced businesses thriving, leaves severe barriers to entry for start-ups. Accordingly, both tech giants and small-to-medium size enterprises—businesses that are at either end of the spectrum--are pertinent to this discussion. Consequently, in an attempt to be the most competitive company and from the user's perspective as well, the discourse shifts from a matter of Privacy to Data Ownership and Protection, with the key question being: who owns your data, and who has the ability to control it? Still, insofar as exploiting inexperienced users goes, it must be noted that Privacy plays a huge role in this discussion. Yet, it must also be noted that “exploiting users” is an over-exaggeration because oftentimes, the benefits of sharing data outweigh the costs of doing so. 


          Essentially then, the biggest consideration that needs to be made is how the reasonable person identifies a balance between data sharing being both beneficial and harmful. Is data sharing only beneficial as long as it fulfils customer needs but should be stopped immediately after a data breach? Additionally, does it matter what data is shared, and by extension, potentially lost? 


i. What is Information Sharing?


            For businesses, data sharing is the exchange of data between various entities for improved analytics, which are in turn, useful for improving customer services, ultimately allowing businesses to better tend to user needs, consequently, maximizing their own efficiencies. Users, then, reap the benefit of information sharing because they are now being taken care of in ways they may have not considered previously. A prime example is targeted marketing. Further, information sharing is inherently good because it gives everyone access to the same knowledge, thus allowing for the identification of problems before they even exist. Despite its many uses, however, it is the massive volume and depth of data being collected on users that are morally concerning, especially with regard to privacy. 


ii. What is Data Ownership?


             To begin, it is vital to first define what “data” and “data ownership” mean for the purpose of this paper. According to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Personal Information is defined as “any factual or subjective information, recorded or not, about an identifiable individual”; and relative to the current world population of nearly 7.8 billion people, with such a definition, it is easy to see why data can be classified an asset. By extension of this definition then, data ownership as the name suggests implies owning one’s information. Understandably though, Ownership not only infers to but also requires “possession”, “accountability” and “responsibility” seamlessly coexisting to constantly tip the scale towards information sharing being more beneficial than harmful. Consequently, making efficient data protection a collective effort, rather than just the responsibility of users or businesses. As a corollary then, from a corporate perspective, not utilizing such a vast amount of data for the betterment of society, could be considered a gross disservice. 


            From the user’s perspective, however, there must be laws in place to ensure that only as much data as is absolutely necessary is collected and shared. Accordingly, at this point, the Global Data Protection Regulation (GDPR) in Europe may be the best point of comparison for the PIPEDA; and Article 5 (f) of this GDPR, which clearly states that “personal data may be stored…insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes…subject to implementation of the appropriate technical and organisational measures…in order to safeguard the rights and freedoms of the data subject” highlights the above perfectly. Still, insofar as organisations continue to find new ways to define what constitutes as “public interest” and as long as “data ownership” remains an abstract concept, there will always be uncertainty regarding how to govern it. Nevertheless, users can find consolation in still other parts of these regulations which provide them with the mechanism to limit this collection of data and delete any previously collected data once deemed useless to the “public interest ”.


  iii. Data as an Intangible “Asset”: Whose Data is it?


          The focus of this paper remains on the latter part of the data collection process: who owns your data after it has been shared? From the get-go, it is evident that data is an intangible asset, which means that it is “a resource with non-monetary value that an individual [or] corporation owns or controls with the expectation that it will provide a future benefit”.  While tangible assets are easy to evaluate and trade, data being an intangible one makes it significantly harder to comprehend. Therefore, we must attempt to analyse it as we would any other intangible business asset (ex. trademarks, patents, copyrights) to gain a grasp over how it could be treated; and it makes sense to do so because according to a Forbes article, “Intangibles have grown from filling 20% of corporate balance sheets to 80%” which further justifies why corporations would actually lose out on revenues by not collecting and processing data. Still, it is vital to remain cognizant of the fact that “data”, although classifiable as an intangible asset, remains different in the personal value it holds for users. 


          Traditionally then, from a business perspective, an organization has ownership over an asset for as long as they own it—which varies for the types of assets[3] and the jurisdiction in which the business operates—at which point, it can be sold to other businesses for-profit (amongst other reasons) or retained for future use. User data, however, can and does not operate like that, and for good reason. Trademarks and other intangibles, in essence, could be viewed as assets created independent of personal information, value or attachment, whereas user data is recognizably very dependent on all of the above. For this reason, one could potentially view the process of data sharing (especially in the context of social media organizations or other day-to-day interaction-based businesses) as borrowed property rather than full transference. This is especially evident in the healthcare industry, where most patient data are only kept for certain amounts of time, after which it is discarded. Therefore, one can claim that in this context, users still own their data entirely, but are merely sharing it with others for the purpose of receiving services. 


         Unfortunately, it is harder to rationalize this explanation in the context of social media corporations such as Facebook or Amazon, where user data is held indefinitely for the purposes of improved customer service and targeted marketing. A very reasonable rationale being that the data collected and shared is always going to remain necessary for the purposes of improving performance by running analytics and gaining better insights into consumer behaviour. Nevertheless, in accordance with strict regulations set out by Privacy Regulations, companies comply and clearly state their policies on how and when the data will be used, and when it will be deleted. Understandably though, it is unclear who owns the data in these contexts. 


         Additionally, issues arise because (intangible) assets follow a business to business model of trade whereas data sharing on social media platforms especially, exist between customer to business to third party providers; making the primary business a mere intermediary. So, when user data is sold from one company to another for the purposes of providing services, it becomes unclear as to whose data it really is. Still, user consent can be given to sharing certain data, whilst limiting it on others. Regrettably, data is collected and processed beyond what the user is aware to produce results and is therefore hard to control. Monotonous activities such as conducting Google[4] searches, for, are also analysed to produce and improve services for the betterment of collective societies[i]. In such a context then, data, and more importantly, information sharing remain beneficial to both, businesses and consumers. 


        Accordingly, the German term, “Informationelle Selbstbestimmung”, which refers to “the authority of the individual to decide himself, on the basis of the idea of self-determination, when and within what limits information about his private life should be communicated to others” is of key interest to this discussion. As a corollary to this argument, human values such as power and trust must, therefore, also be considered; because it is not about whose data it is, but rather about who the users trust enough to share it with and how these companies, in turn, have the power to use it. Consequently, industry experts, businesses and lawyers are already having discussions that consider the possibility of compensating users for their data; and companies like UBDI[5], for example, already follow such a business model where users are compensated for the data they share. In such arrangements, users are not only in control of how much of their own data they want to share with companies, but also remain anonymous and get fairly compensated. 


 v. Antitrust Law and Data Monopolization[6]


       There are still bigger forces at play when it comes to information sharing. Companies such as Facebook and Google, for example, are what can be classified as data-opolies, which essentially means that they have an advantage over all other companies operating in similar industries when it comes to data collection and information sharing; perhaps due to better research practices yielding from longer periods of existence. The advantage, however—similar to how traditional monopolies operate--comes at a great cost not only to other businesses but also to users. For the regulation of traditional markets, antitrust laws are created to “protect consumers from predatory business practices”. With the evolution of technology, however, and as more businesses continue to operate online, antitrust laws must now be modified to also regulate data-opolies; and doing so would be just as beneficial to other businesses as it would be for users, because as the Harvard Business Review claims that data monopolization not only results in “lower quality products with less privacy” and “implications of data policies”, but it also“hinder[s] individual autonomy”.


            So, In the US for example, Letitia James, New York’s Attorney General has launched an investigation into Facebook, in collaboration with the attorney generals of other states to “use every investigative tool…to determine whether Facebook’s actions may have endangered consumer data, reduced the quality of consumers’ choices, or increased the price of advertising.”. Further, the Federal Trade Commission and Justice Department are conducting similar investigations into other tech giants with the same intent. 


v. Recommendations:


  1. Classify Personal Information as Intellectual Property 

  2. Modify Antitrust Laws to regulate data-opolies, in addition to traditional markets. 

  3. Increase transparency in data sharing practices. 

  4. Make users shareholders in businesses but limit their powers. 

  5. Regulate “public interest” and specify data use policies.


vi. Evaluation


            The question is about whether or not users own their data even after it is shared with more than one company. To address this question, however, we must first acknowledge that while users continue to own their personal information, it is the analysis that is done on their data that they don’t have access to; and although not all of it may be relevant, users still deserve to have knowledge of all the data that is collected on them, so they can make informed decisions at their own discretion.


            Although the classification of Personal Information as Intellectual Property would grant people more rights on how their data is used, in turn, giving them more control and authority, it would take very long to make such a change. Further, given the vast amount of data available and in proportion to the number of people, it would be impractical to have a law that gives such freedom to everyone. It would be especially disadvantageous to the smooth operating of businesses if they faced legal action for every small breach of user rights. Of course, businesses would have to spend a huge amount of time in modifying their policies, with very little experience on what works well and what doesn’t. 


          Based on the existence of data monopolization, it is first the duty of antitrust laws, such as the Canadian Competition Act to protect the welfare of its consumers. Still, though, this would only be the first step in terms of how businesses operate. Users still play a key role in regulating how much of their data is available online and how it is used (when an option to choose is provided to them). Companies that attempt to address this problem already exist, so, for other companies to adopt similar business models comes down to desire and knowledge. Nonetheless, it must also be noted that bringing about such drastic changes to their long-standing business models may not be feasible for large corporations.



vii. Limitations and Other Considerations


            This paper does not explore the nuances of Intellectual Property Law and can, therefore, not be used to base advanced analysis. Additionally, although specific areas of law such as Anti-trust laws are considered, the research, and the recommendations by extension, remain abstract and philosophical in nature. Also considering that data monopolization is a relatively new concept, there may not be enough data or evidence to come to substantial solutions. Nevertheless, as data monopolization evolves and antitrust laws attempt to regulate--not only how these businesses operate, but also how their operations, in turn, affect consumers--more definitive answers will be available in the future. 


viii. Conclusion


            As technology continues to advance and businesses evolve to keep up, some corporations have an advantage because of the nature of their operations and experience; and often, this experience yields to excellent research practices which in turn, allows businesses to better cater to the needs of their users. As tech giants, Facebook and Google would, therefore, have comparatively better data collection and analysis practices than start-ups or smaller businesses, consequently allowing them to continue delivering better services to their users. Unfortunately, these improvements come at the expense of users’ data and their privacy. Reasonably, a relationship can be identified, in that: businesses need user data to improve services and users continuously want these improvements. Consequently then, a proportional relationship can also be identified: as businesses continue to deliver excellent services, larger volumes of data are collected, analysed and used. Still, because neither of the parties involved would be better off without efficient information sharing, everyone continues to cooperate. 

           Regardless of the claims made till now, insofar as businesses require user information to run and make a profit, users own their personal information. This is further emphasized in privacy policies where companies clearly state that users can control what and how much of their data is being collected. By extension then, should the user choose to no longer share their data (or legally require the company to delete it), no further data sharing would occur. In this sense, not only do we see that shared data can be classified as a sunk cost, but also that the discussion on data ownership is as dependent on the past as it is on the future. 


            It is for this reason that, even though data sharing cannot, or should not be stopped, antitrust laws can expand their jurisdiction to cover data-opolies and at the same time, also mandate businesses to modify their practices to grant users more control over their own data; and instances of the same already exist in investigations such as the one launched by Letitia James against Facebook. Further, it goes without saying, but economic considerations must also be considered by each party involved and affected so that only as much power is assigned to each party as is relevant in terms of maintaining financial stability. 




[1] For the purposes of this paper, data and information sharing are used synonymously. 

[2] The collection of data on a person from various records (public or private) to create individual user profiles that can later be sold to organisations for various purposes. 

[3] In Canada for example, a company owns a trademark for up to 10 years after which it can be renewed. 

[4] This is not a matter of disclosure. In its terms and conditions, Google clearly states that “Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.”

[5] Universal Basic Data Income (UBDI) is a United States company that helps generate income by sharing user data anonymously with companies.

[6] Competitive advantage in data collection and sharing practices that allow some data companies to dominate others operating in the same industry as them. 


An Overview of Restorative Justice in Canada 

Guest Writers: Rani Mowakket, Adam Nudo, and Alexandra R. Dobre 

Editors: Fiona Mahadeo and Samantha Ceschia

Speaker: Sohinee Sikder


   I. Introduction&n