Should my personal data that I put online be considered private property?
Here’s a part of an article written by Mark Sullivan, that summarizes my question better. He says: “The key question is this: Does my personal data constitute property that has value? … In the Internet economy, information is the chief currency. Many of today's biggest and most profitable Internet companies have found a way to turn user information into real money. The usual model is to collect and aggregate as much user data as possible, anonymize it, and then sell it to third-party Web marketing or advertising firms… Because my information has genuine value, I should have a property owner's rights when I lend that data to some Internet company.”
Jaron Lanier, an American computer philosopher (probably of the libertarian brand) suggests that we should be treating personal data as a property right and we should be able to sell it at a price of our choosing. Would this be a step in the good direction?
The question is phrased in a way that seems to offer two alternatives:
The question describes a specific situation in the general topic of property and privacy (underline emphasis added):
The usual model is to collect and aggregate as much user data as possible, anonymize it, and then sell it to third-party Web marketing or advertising firms… I should have a property owner's rights when I lend that data to some Internet company.
If a business aggregates and anonymizes large blocks of data from many individual users, I do not see why that should be considered an unreasonable use of the data. The rights of the individual data providers are protected by the anonymity and aggregation, and any financial value that the data acquires as a result of the effort of the business to aggregate and anonymize the data is most directly made possible by the effort of the business, not the mere fact that the data originally came from individual users. The business deserves appropriate acknowledgement of the effort and initiative which the business provided to create a greater value than existed before.
This example also refers to the data as having been "lent" to the business, but I see that as a "smuggled premise." I see no reasonable basis for classifying user data in that way unless it was explicitly agreed to by both the business and the data provider. The principle of individual rights means that businesses cannot do whatever they please with user data, but neither is it the case that users necessarily retain full ownership of their individual data when they voluntarily provide it to a business as part of engaging in a trade with the business.
answered Apr 26 '15 at 18:51
Ideas for Life ♦
No. A person cannot own the facts of reality, even if those facts are personal. "Data about you", as you put it, is simply a fact of reality.
If you have blue eyes, this is a fact of reality. If I observe this fact (without violating rights in order to observe it), then you cannot rightly stop me from acting on this fact or sharing my knowledge of it with other people, any more than you could rightly stop me from acting on/sharing my knowledge of other facts of reality. That the fact relates to you does not somehow give you dominion over it.
How then can you legally keep personal information about you from spreading if you don't want it to? By using contracts and your other property. In particular, you can enter into contracts with those to whom you provide information that keep them from sharing that information, and you can utilize your own property to keep others from observing certain facts that you would like to keep secret.
Prior to your sharing information with someone, you can always enter into an agreement with that person stipulating how they can use the information that you provide them, in exchange for the information and/or other compensation. For example, if the bank wants to know your annual income, then you can offer to provide the bank that information only if they agree to keep that information private. If the bank agrees to this, then you now have a legally enforceable contract, and you have a legal cause of action if the bank violates the agreement. (This does not mean that you own the information--if a third party discovers the information on their own, your contract with the bank cannot stop the third party from sharing that information.)
Obviously, contracts cannot protect all your personal information. As already noted, in general a contract only binds the parties to the contract, and thus third parties will be free to discover the information on their own if they want to. However, for information that is difficult to obtain from sources other than yourself or those with whom you share it, contracts may be a good protection, since third parties not bound by the contract will be unlikely to discover the information on their own.
In addition, in the context of businesses selling information to other businesses, which appears to be the chief concern of this questioner (and most of the people who raise this issue), contracts could protect the relevant personal information in almost every case. This is because you almost never share information with a business unless it is incident to some transaction you are entering into with them, and if you are entering into a transaction with them then there is a contract involved and you can make an agreement regarding information usage.
You can also use your own property to protect some information. For example, if you don't want people to know you have a mole on you bottom, then you can put clothing on when you are in public that conceals this fact. As another example, if you don't want people to know that you have a purple teddy bear, then keep that teddy bear in your house with the curtains drawn. The point is that, while you do not own these facts themselves, you can make it difficult or impossible for people to observe these facts using your actual property.
A related issue is identity theft. Although this is a digression from the main topic, it is one that I think is important enough to address in the main answer itself because it is commonly raised by people as retort when they hear that personal information is not property (“so your saying that identity theft is okay?”, or “so you think it’s okay for a business to sell your social security number to some guy in Russia”, etc.). Identity theft involves one person using identifying information about a second person in order to fraudulently impersonate the second person. It is proper to outlaw such fraudulent impersonation. However, note that the reason it is proper to outlaw identity theft is because the use that the identifying information is being put to is fraudulent (a rights violation), and not because the identifying information is owned by the person it identifies. In particular, it should not be illegal to obtain identifying information about a person as long as the way you obtain that information is not a rights violation. Moreover, it should not be illegal to use such information, as long as the use is not itself rights violating (e.g., not fraudulent).
Things get more complicated when it comes to selling such identifying information. In general, it should not be illegal to sell information that is lawfully obtained and which you are not contractually bound to keep secret. However, if you know, or reasonably should know, that the information you are selling is going to be used for identity theft, then it is arguable that you are an accomplice or co-conspirator (depending on the situation) to the identity theft. Given that identity theft is becoming more common, I think it might be reasonable to impose a rebuttable presumption that all sellers "should have known" that the information was going to be used for identity theft, which the seller could rebut by proving that they took reasonable steps to investigate the buyer.