Data as a Commodity
“If you’re not paying for it, you are the product.”
This is not an original idea but it is one that most people may not realize and even if they realize it, they may not understand the implications as it applies to their personal data. Consumer manipulation or “commodifying” our attention has been going on for a long time with the first examples as early as the 1800s when magazines started selling advertisements. This type of advertising was not directed at an individual person and required no personal data to be effective. Since then, advertising has grown exponentially and the idea of ‘personalization’ is causing today’s issues. Personal data is now a commodity.
With the advent and growing preponderance of cameras, phones, social media and surveillance in our daily lives, data collection has become an integral, multi-billion dollar part of finding and marketing to consumers. We have become the product, by way of the billions of data points collected daily in our interactions on the internet and sold like any other commodity. In fact, an article in The Economist claims that data has surpassed oil as a more valuable commodity in today’s data-driven world. In 2020, 5 out of the top 6 companies in the world were data companies. A startup with few employees and only one product, with that product being the collection of massive amounts of data, can be worth billions of dollars, and has the power to shut down competitors.
Have you ever stopped to consider, though, what the consumer’s role is in this? We the consumers provide the data that turns the crank for the business, whether willingly or not. Do you own your data? Legally, no. Do you receive compensation for it? You are allowed to use the product the company offers but other than that not really. Your data has become just another lucrative commodity to be used, and someone else is profiting from it.
Consider the concept of personal property, things belonging to you. Much of what we have (besides our physical selves) remains in our possession only through an implied social contract, which is where the idea of theft comes in. Your neighbor doesn’t take what’s yours because society has developed penalties for violating the social contract of ownership. However, data is a new type of “property” which we haven’t had the time or experience to address in terms of laws, guidelines and standards. Moreover, due to privacy and copyright laws, we have been lulled into a false sense of ownership regarding our data.
How has it gotten to this point? Every time we step out of our homes, every time we log on to the internet, make a purchase, drive somewhere, call someone, check social media, walk around town, we are generating data points. Things we may consider insignificant behavior, like crossing against the light, are actually data points that can be analyzed and from which information and predictions about buying patterns and behavior can be extrapolated. Experts also predict that governments may increasingly use this data to enforce laws and restrictions. This is already being done by the Chinese government.
To give an example of how much companies know about us, consider the case in which Target began sending coupons for baby products to a teenage girl. Her father interrogated a Target manager about why he was sending baby-related coupons when his daughter was only a teenager. A few days later, he apologized to the manager with the explanation that he had subsequently found out his daughter was pregnant. It turns out that Target assigns each customer a unique Guest ID, and based on the types of things the guest buys, can guess fairly accurately not only that a customer is pregnant, but also when she is due. Keep in mind, though, that Target is not unique in doing this.
Enormous amounts of time, money and effort are spent analyzing people’s behavior, down to minute bits of information, in an effort to capture profiles to predict their actions. An article on DataScienceCentral.com provides an excellent chart comparing the processing of personal data to that of other commodities. One of the crucial differences, though, is that companies selling traditional commodities like oil or corn get paid for those products, whereas consumers either willingly (engaging in social media) or unwillingly (photographed by surveillance cameras) give up their “commodity” for nothing.
One company set to change this is Brave.com, an internet browser created by Brendan Eich, the creator of JavaScript and Mozilla Firefox, who believes consumers should be compensated for their attention and have a say in who else profits from it. It also “…prevents fingerprinting, auto-play of media, crypto-mining, and access to media input devices.” Brave utilizes a token reward system, the Basic Attention Token (BAT), powered by the Ethereum blockchain, to compensate users for their attention.
Changes in concepts of data ownership are on the horizon, though. Increasingly nations, companies and policy-makers are beginning to address the question of who owns and profits from data. A 2020 survey by PwC discovered that data issues have become a top concern for those at the leadership level, and are a common thread among several key policy areas including antitrust, privacy, Artificial Intelligence (AI) and trade. Some countries are considering taxing the revenue from digital services, which could end up benefiting users by providing the funds for public services. Trade agreements are increasing including digital commerce provisions. Consumers and consumer advocates are also concerned about data privacy and the need for businesses to be more transparent about how they collect and use data. Although this ownership and transparency sounds promising on the surface, the implications are enormous should you be asked to sign a legal release by every corporation, individual or government entity basically any time you’re in public.
Another issue going hand-in-hand with data privacy is security, and the goals of both are converging. The PwC article referenced above describes a typical SaaS (Software as a Service) environment, for example, in which there is a division of responsibilities between the online service provider and the consumer, with both parties touching security and privacy throughout the process. Because of this, online service providers should offer privacy features that enable consumers to manage and authorize the usage of their personal data. One might automatically infer that security equals privacy, but this isn’t the case, because security focuses on protecting the data contained in computing systems, not on deciding what personal data is available in the first place. In addition, an organization’s data may be secure, but the association of different data attributes might start to display patterns and correlations that would reveal personal information a user would rather keep private.