This article has been written by Shanuja Thakur pursuing the Diploma in US Technology Law and Paralegal Studies: Structuring, Contracts, Compliance, Disputes and Policy Advocacy from LawSikho.
In developing countries like India, which are densely populated and are non-regulated markets of data, ownership of Data, be it sensitive personal data or non-personal data, is a nascent concept. The consumer himself does not think twice before giving personal information to companies in exchange for services and perks, which often results in the misuse of data and makes it easier for the companies or business entities to encroach upon our personal information. India, as a data market is growing at a CAGR(Compounded Annual Growth Rate) of 12%. With such growth, India as a nation needs to recognize the rights of the individual over the data, as with rising data consumption the data receivers and data principles are becoming more vulnerable. To foster fair competition and economic growth, protection of non-personal and personal data is of critical importance. For this, it is imperative that we first understand what ownership of data is, the meaning of the word ‘ownership’ as well as understand the significance of data ownership especially in a technology-driven world that is evolving into an artificially intelligent one d entirely dependent on data- the data produced by common men and owned by others.
Paradigm of ownership
Ownership of data is not just about who has the right over data or possession of data and who can license it out. It is a wide concept that defines an owner as a person who has the power and control over the data which includes the power to access, modify, sell, delete and license the access to others. In legal terms, a data owner is a person who has the legal right or legal title and as well as full control over a piece of information or set of data. This legal right is just like the legal right of a person over the physical property s/he owns. The data can be sold and licensed out to someone for a certain period just like in the case of physical assets. The point to be noted here is that in case of data it can be given to someone and still be owned by the original owner. The rights associated with non-digital property are clearly defined whereas the mere concept of data ownership is new and even ascertaining who is the actual owner of the data is complex. The ownership may be claimed by the data principle, the companies, funders, assembler and compilers or even the decoder. The ownership is all about control of the owner over data, consent to be taken before using the data and data rights of an individual.
Personal data is categorized into the following categories –
1. Credential data – the sensitive personal information be it health data, memberships, licenses, passports, aadhar card in India or citizenship documents and other such documents.
2. Title data – the data which acts as evidence of ownership of property, car or any sort of an asset. It is the title that is transferred when the asset is sold, therefore such data often changes with a change in ownership of the asset.
3. Digital possessions – the digitally owned or brought assets like photographs, videos. NFTs are an excellent example of this type of data.
4. Historical data – this refers to the record of an individual, be it health records, educational and employment records, history of everything you ever sold and purchases you made, even the websites you visit. These are the major categories of data that are collected by the brokers or businesses for different purposes.
Significance of data ownership
Let us understand the significance and value of the personal data discussed above. Companies, especially e-commerce and social media-based companies, buy personal data and harvest it to sell advertisements and make billions of dollars annually. There is less authenticity and integrity of the data being used as it is not collected directly from the customers and the data principle or the customers don’t even know where the data is going. In other words, the owner cannot control and share the data with consent and this allows the middleman to sell data and increases the cost for a business to maintain public relations with the consumers.
All sorts of data, whether personal, non-personal or even sensitive personal data, is exploited and harvested by tech giants to reap profits without the consent of the actual owner. This data may be held by the banks, government or websites you often use to buy groceries and other products like Amazon or Flipkart, social media platforms like Meta, LinkedIn etc. Every movement you make online is being recorded and stored in the name of providing better services, the data is being traded and not even a slight insight is given to the data principle about the use of this information. For instance, when you are hospitalized several medical checkups are done, you give blood samples, urine samples and so on, yet you never know where that data goes after your treatment is done.
Every piece of information is collected by the data brokers and openly traded in the data markets; tech giants spend thousands of dollars to buy your data to make money. In the era where we talk about the right to privacy as a fundamental right, a common man doesn’t even know how, where, when and for what purpose his data is being recorded and stored. So basically the data is collected and assembled from a variety of public and non-public sources, and is later used by the companies to understand the audience at scale, target the right set of consumers and finally sell the services effectively and efficiently.
The question which arises here is of legality and the legal right of the brokers and companies to use the data in this manner. When it comes to physical possessions there are laws in place and no one can infringe upon the right you have to enjoy your property but in the digital space, the scenario is entirely different. The legislators are still trying to understand this nascent concept of data and its ownership. It has only been a couple of years since the European Union came up with one of the first data protection laws, which is the enactment of the General Data Protection Regulation (GDPR) in 2018 which took the internet by storm. A European citizen has the right to get their data by demanding the copies from the entities who hold their data and assemble it in one place. Due to the provisions of the GDPR. EU citizens can find out where their data is and where it is going, whereas in other countries due to lack of any such regulation, the data is being exploited and the right to privacy remains a myth.
This model of GDPR has become a guardian light for many nations while coming up with data protection laws since it is one of the most impactful sets of data protection laws. Anyone intending to target a customer in the EU is supposed to adhere to these guidelines. GDPR reflects the importance of the concept of data ownership, that the data principal has the right to do what he wants to do with his data and no one can infringe upon that right and use it without his or her consent. To truly uphold the right to privacy and the rights of a data owner a strong set of laws must be implemented across all nations especially in countries like India which are unregulated markets of data and are falling prey to huge technology companies.
The value of personal data is evident and so is the exploitation by tech giants, yet we don’t know the significance and demand of data and we as citizens actually have control over the data and understand the importance of data ownership. We can change how companies work and protect ourselves from exploitation. Companies too on the other hand can receive authentic data making it a win-win situation for both consumers and companies. The middleman i.e. the data brokers who take undue advantage of unregulated markets will no more be able to exploit common people. Data is such a powerful resource that it can change the way we receive services but the way it is being collected and stored is highly unethical and against fundamental rights of an individual. At the same time, a lack of understanding about data and how it is used can be seen among citizens. Countries like the USA are on their way to having stringent data policies as major states like California have implemented data protection and privacy laws following the GDPR compliances of the EU. The question of how people want the data to be used and their choices are still debatable issues, governments across the world have just started looking at data rights as the fundamental rights and have recognized the need for a stringent framework to make people understand the value of their data, the concept of ownership of data and laws the rights of a data owner. In India, the PDP Bill of 2019 is expected to become an act soon which will indeed change the digital arena and will regulate the Indian digital market to some extent. Many other countries are following the footsteps of the EU and recognizing the need to regulate data markets. It is just a matter of time that people across the globe will understand the value of data ownership and an evolution of the data market will come about.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: https://t.me/joinchat/L9vr7LmS9pJjYTQ9