WHAT’S A (PERSONAL) DATA?
A data is an information, it can be of any form and be perceived in all different ways, with all the senses.
A data can be under a binary format when processed by a computer machine. A data is called personal when it is connected to the person herself.
And we can call “personal” data any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.1
THE NEED TO DISTINGUISH DATA AND PERSONAL DATA
Personal data are part of the data, they are data. But the fact that is they are personal, they are attributable to one or more persons, and that's what makes them special data, and not to be put in the same category as the others. Personal data are sensitive data, and cannot be disclosed in any way.
Who would want their bank account number or or his postal address exposed for all the world to see?
No one wants to, however, everyday our personal data are revealed, notably by the social medias, and pass from one server to the other, unknowingly. Everyday, unknowingly, people spread out their life on internet, sharing it with their friends, but not only that...
THE VISION OF PERSONAL DATA IN THE WORLD OF NOWADAYS
Nowaday, almost everyone use an online service, and has already had to fill out a form to register on a website (social networks, streaming application, online shopping, etc.). Providing information about oneself is not very constraining at first sight and even seems normal for the functioning of the several online services. But those informations are not here to look nice
Have you ever wondered how free services such as facebook could become the biggest business today without ever asking for any money?
“If the service is free, you are the product”
Your personal data helps the service to work properly, as it is necessary for a social network to know your identity so that you can interact with others, for example. But, your personal data are an asset for them.
Your personal data are also and above all used by these platforms to learn about your tastes, your lifestyle, what you eat, where you move, in short, to know you better.
In fact, have you ever seen an ad on your favourite social network containing items similar to the ones you just watched a few minutes ago on your online shopping site? It’s not a coincidence, your data are their currency. So, should we stop going to all these sites? No need for that, all we have to do is change our view of the data.
If your data are their asset, let's try to think about who provides them; Those platforms? No they don’t, you're the one who provides the data. When you build something and then you undertake to sell it, you determine its price. Let’s transpose that idea to your data: you sell your personal data to these platforms without even realizing it.
But actually, you don’t negotiate the price, it’s these platforms, by their privacy policies which do this. But if we collectively realize that our data are not just informations but a bargaining chip, we will be able to negotiate the terms of the contract.
And that's where Return on Data comes in. Today we have no choice but to provide the data we are asked for, but Tomorrow we’ll be able to negotiate how much data we want to provide depending on the usefulness of the service we use.
And this change is only possible if we collectively realize that the services we use are not free of charge but are paid for with our data. And if our data are no longer only informations we provide but a currency that only we possess, we will become active in the regulation of our data.
A NECESSARY OVERHAUL OF THE DEFINITION OF “PROVIDED BY THE USER”
The best way to actually point out the value of our data is to use our right to data portability, enshrined in the GDPR article 20. This right enables us to transfer in a computed and interoperable way this value from one platform to another, or even to yourself.
But the scope of data that might be transferred by this technical and legal means is restricted by the fact the GDPR made data portability mandatory only for the data that the data subject provided to these companies (data controllers). It means that there is a subsequent and more narrow conception of the data definition in this particular case. Changing the definition of the data is also changing the provenance of the data. And that provenance can change the owner of the data, so that's probably the most important point.
Determining the source of the data is determining who owns it.
And we're faced with two problems:
- GDPR ( general european text about data protection) do not specifically describe what is a “data provided by the user”
- Each platform has a different definition of "data provided by user"
And in most of these cases, web platforms do their best to minimize the bunch of data that they consider as being provided by the user, and therefore, try to have control over as much data as they can.
Is there a real definition of “data provided by user”?
Unfortunately there is not. Thus, in general, the “data provided by the user” concept is defined as it is stated in the privacy policies, integrally redacted by these platforms, which can determine the terms they want. And if we apply the Return on Data, we will be able to bring some of the data generated from your personal informations by the platforms and others into the perimeter of “ data generated by the user”.
As a result, certain rights over the data, and in particular the right to portability will be exercised without any unfavourable compromising for the user. Moreover, unless the existing details given by the EDPB (former G29) in its guideline about data portability.3
WHAT OTHER PURPOSES FOR YOUR DATA?
Being aware of the financial aspect of your data will empower you to take control of the data you provide but also of the data you want to retrieve or transfer.
By the right to portability (which enable you to receive the personal data concerning you, which you has provided to a controller and give you the right to transmit those data to another controller) you can have your personal data get back to you or reuse them. The fact that is few controller respect this right and don’t give you all the data they should.
By being aware that your data is an asset, this can change. It's exactly the equivalent of making a bank transaction, the same amount of money moves from one account to another, so why can't the same thing happen to your data? If you provide an asset, you should be able to recover this same asset, and not only that. The platforms use your data to make statistical studies and other things with the data YOU provided, it would also be normal to retrieve them, don't you think?
YOUR DATA : MORE THAN ASSET, A VALUE
Data are not just information, and even less so your personal data. However, it's this ideology of data that's ingrained in everyone's mind… so, if those data are just information, why is it called a data market, or even the black gold of the 21 century? A market obviously contain a value as a currency and this currency is your data. As long as people think that the services they use are free, they will continue to provide their data without any compensation.
But it is important to understand that these services are anything but free and they are paid for at the price of your data. Changing the mainstream opinion about what data is means changing the relationship between you and the data controller, it means changing the value of this data and, above all, it means changing the position you have towards these platforms.
You are no longer their customer, they are yours.
- https://www.cnil.fr/en/personal-data-definition ↩
- Noam Kolt, Return on Data, 38 YALE LAW & POLICY REVIEW, forthcoming 2019 ↩
- https://www.cnil.fr/fr/reglement-europeen/lignes-directrices , we can observe in practice that there isn’t any actual consensus about this definition of “data provided by user”. ↩