The Right Way & The Wrong Way To Sell Your Personal Data

Co-authored by Paul Marek, Founder of Muuver – a Personal Data Ownership Platform, and Catherine Chen, Founder of IG Liaison Strategy & Business Consulting – an Information Governance and Privacy Strategies Firm.

Personal Data Ownership is a massively profitable and transformative new industry emerging from the convergence of new technologies, new regulations and societal discontent…
but, there’s a right way and a wrong way to profit from this potent new product.

While the notion of taking ownership of your personal data seems foreign to most people right now, there’s been a recent confluence of 6 major influences that are causing it to actually happen.

Consequently, there are 2 core value propositions for consumers that are implicit in the ability to take ownership of their personal data:

  1. the ability to better control the privacy of their data
  2. the ability to extract the value (monetary or otherwise) out of their data

 

This new prospect of personal data ownership not only has great value for consumers, but it holds even greater value for – and will have its most dramatic effect on – the actual consumers of the data itself: the businesses and advertisers who rely on the insights that the data ultimately produces.

Third Party Benefits and Dangers

…there are great dangers inherent in a majority of these approaches because they are mainly focused on only one side of the equation…

But yet another group will benefit from this industry – the facilitators of data ownership: Personal Data Ownership Platforms, Services, Apps or Agents.

Because of the massive profit potential inherent in this budding new industry (which is as yet without any examples for success) there are many new players in this game who are approaching the issue from a multitude of methodologies, perspectives and philosophies.

Unfortunately, there are potential dangers within a majority of these approaches because they are mainly focused on only one side of the equation – the profits involved in extracting the value out of the data. They are ignoring the most critical part – personal data privacy.

Without heeding true privacy as the primary consideration of their approach, these models could be doomed to fail and/or ultimately harm a lot of people who subscribe to them in the meantime.

Let’s look at how and why the industry formed in order to get a better picture of what these dangers are as well as the best ways to avoid them.

1st) How Can You Own And Sell Your Data? – The 6 Primary Influences

As mentioned earlier, the recent confluence of new technologies, new regulations and societal discontent is what has given rise to this new industry. But there are specific influences within each of these fields that have been the primary contributors to its realization.

New Technologies:

Industry Influence #1:   Blockchain

Blockchain is the underlying technology that allows Bitcoin to be a decentralizing new force in one of the most heavily centralized world-wide institutions: banking and monetary control.

If you’re not familiar, you can learn more about the finer details of blockchain “What is Blockchain?” but, within our “personal data ownership” use-case scenario here, blockchain allows for the decentralization of data control – from the platforms and data collectors, back to the people;

“Blockchain allows ‘consent’ oriented data sharing platforms to be built where individuals have sovereign rights over their data…”
  1. blockchain firstly provides a highly secure (military grade encryption) and trusted methodology (distributed ledger) for ownership of digital assets; in this case, one’s personal data,
  2. blockchain secondly allows for a digital “smart contract” to immediately and automatically be executed based on certain conditions that may occur within an actual legal contract. For example: Someone might have an Intellectual Property Contract for their personal data transcribed to an executable “Smart Contract” that says; if any of the personal data is accessed, the party accessing the data immediately (automatically through the smart contract) compensates the owner of the data being accessed, using a digital token that represents a dollar value as agreed to in the legal contract.

For those who understand the future implications of blockchain, know it is a breakthrough technology. Shagufta Sayani, a Blockchain Solution Architect and Developer at Ernst & Young (EY) offers, “Blockchain allows ‘consent’ oriented data sharing platforms to be built where individuals have sovereign rights over their data and the ability to control and track who stores, accesses or uses their information, for what purpose and for how long.”

Industry Influence #2:   AI (Artificial Intelligence)

Because we’re talking about aggregating massive amounts of data about someone all into one dataset, then multiplying that by everyone in the system, this will require enormous amounts of data processing in order to produce valuable insights from the mountain of available data.

In the short term, while AI is not essential to the actual ownership of personal data, it allows for much easier management and value extraction than would be possible without it.

AI’s greatest potential will be realized more so in the future rather than immediately, because as the amount of data about an individual (and collectively) increases over time, more and greater insights will be able to be extracted from the data.

For example, imagine what your own AI that knows everything about you could do for you as a personal assistant. It could act in your service or on your behalf in many aspects – from shopping for (and getting the best price on) the things you need, to recommending the healthiest meals based on your current state of health and genetics, to offering a favourite song or piece of advice when it “senses” you are down.

New Regulations:

I’ll let our Information Governance Consultant, Catherine Chen – a former Information Governance specialist at Baker McKenzie and expert in the field of blockchain and data governance – explain these new regulations and what they mean for consumers and businesses.

Catherine Chen:

Privacy is a human right, and therefore must be respected.

There are two new and very impactful pieces of legislation that are a huge step toward recognizing and respecting the right to one’s privacy by giving people more control over their personal data.

Industry Influence #3:   GDPR (General Data Protection Regulations – EU)

The European General Data Protection Regulation (GDPR) took effect on May 25, 2018. Under the GDPR, individuals are given the following rights:

“Privacy is a human right. Therefore, it’s our right to have the ownership of our personal data.”

There are seven key principles underpinning many of the requirements in the GDPR. One of them is that data processing must always be fair, lawful as well as transparent.

The requirement to be transparent about what organizations can do with individuals’ data is clearly defined under the GDPR. It gives individuals the right to be informed about and consent to the collection, use and sharing of their personal data.

The GDPR sets a very high standard for consent. “Explicit consent” means individuals have real choice and are in control of their own personal data. Ultimately, it also helps organizations protect their reputation and maintain their customers’ trust.

Much discussion in the past has been about the right to be forgotten, which is the erasure aspect of the GDPR, but more importantly to the personal data ownership industry is the right to data portability — a powerful new right for your data. It gives individuals the right to request and receive their personal data and store it for further personal use in any way they see fit. More importantly, it allows the data owner to ask one organization to transmit their personal data directly to another organization. For example, from a social platform where the personal data was created to a personal data ownership platform where it can be managed and monetized.

Industry Influence #4:   CCPA (California Consumer Privacy Act of 2018)

On June 28, 2018, California passed AB 375, the California Consumer Privacy Act of 2018 (CCPA), which will become effective January 1, 2020.

The CCPA gives consumers the ownership of their personal information, and helps them gain control over the personal information that is collected about them.

Under the CCPA, consumers will be given some significant rights, including:

Also, the CCPA forbids businesses from “discriminating” against consumers for exercising their privacy rights under the Act.

Note that GDPR is an omnibus law, while the CCPA is not. Although both laws give us (i.e., consumers, customers, users, etc) certain rights as to our personal data, those rights differ somewhat within these laws.

Privacy is a human right. Therefore, it’s our right to have the ownership of our personal data.

Paul Marek:

Thanks for your expertise, Catherine!

Societal Discontent:

The impetus behind the final two influences has been brewing for a long time; people are becoming more aware and less tolerant not only of how their personal data is being used and abused, but also how the major platforms are profiteering from our data.

Industry Influence #5:   #adlergic – Consumers are Sick of Intrusive AdTech

In their TMT Predictions 2018 Report, Deloitte coined the term #adlergic to describe the current state of the AdTech industry.

Their report showed that there are a vast number of consumers who are now using multiple technologies and methodologies to avoid advertising, from the obvious such as ad blockers and VPNs, to more commercial solutions such as paid content platforms like Netflix or Spotify who have created entire business models out of being “ad free”.

Consumers are clearly fed-up and highly discontented with the current methods of intrusive and invasive data gathering and ad delivery employed by AdTech, such as browser tracking through cookies, location tracking, retargeting, eavesdropping by devices, data buying and sharing, experience interruption and ad irrelevance. Consumers are so fed up that they are willing to go to extra effort or cost to avoid many of these tactics.

Industry Influence #6:   The Facebook / Cambridge Analytica Data Scandal

This is proverbial straw that broke the camel’s back and has been the single greatest influence in actually promoting and propagating the acceptance and adoption of the Personal Data Ownership industry.

There’s always been a general undertone of apathy toward the iniquitous ways the major platforms use and monetize our data, but the Facebook / Cambridge Analytica Data Scandal made it clear how it could be weaponized against us, and that pushed many people over the edge.

Although there were many social movements focused around taking action against Facebook, such as the #DeleteFacebook and #OwnYourData movements, they ultimately had little immediate effect on the platform giant. Even with the immense press coverage and social awareness campaigns against them, Facebook’s user numbers grew and so did their stock price.

 

That is, until Thursday, July 26, 2018, a day after they reported missing projections for Q2 2018 and suggested that earnings would continue to decline in the wake of these above-mentioned regulations and the Cambridge Analytica scandal. Facebook’s stock price dropped nearly 20% in one day with this report.

From this it is apparent that concern for data privacy has recently grown more potent than the apathetic attitudes of the past and people are now speaking with their wallets, which is where it hurts data abusers most: their bottom line.

With all of the above influences, people are now starting to realize that they actually can take ownership of their personal data and start to control their data privacy, but they’re also realizing the immense monetary value of their data and how they can extract its value just like the big platforms have done with it (but without compensation to its owner).

2nd) The Benefits Of Personal Data Ownership

So we’ve mentioned a number of times the two core value propositions for people taking ownership of their personal data:

  1. the ability to better control the privacy of their data
  2. the ability to extract the value (monetary or otherwise) out of their data

The Ability To Control Your Data Privacy

A majority of the problem known as “The Privacy Paradox” (the behavioural contradiction where a vast majority of people say they are very concerned about their personal data privacy being intruded on and abused, but they do very little about it while apathetically and robotically clicking every “I Agree” button they encounter, without consideration) is caused by the overwhelmingly manual and time-consuming process of actually reading the fine details of every single Terms of Use and Privacy Policy that a typical person has to agree to each year; a process that would take hundreds of hours to complete, regardless of one’s ability to actually understand their intentionally obfuscated meaning hidden behind paragraphs of legalese gobble-di-crap.

…these new services will become ideal “centralized privacy control APIs” that outside platforms and services must come to for the user’s privacy preferences…

Essentially, the Privacy Paradox has arisen because until now there has been no solution for it.

 

Since these new personal data regulations are just coming into effect this year in the EU and in 2020 in California, the current technological solutions are minimal and are very manually intensive processes people must undertake to begin to actually own and manage their personal data. Very few (if any) of the major platforms provide an API for people or developers to manage or control the personal data that they warehouse.

Currently, the ability to control one’s data privacy settings can only be done on the individual platforms or services that a user joins. But, as users begin to aggregate and centralize their own personal data within these new personal data ownership mechanisms, these new services will become ideal “centralized privacy control APIs” that outside platforms and services must come to for the user’s privacy preferences on any data the platform uses or collects.

This aggregate centralized data along with privacy settings will also effectively solve the problem of a universal identification mechanism, eliminating the need for logins with usernames and passwords or other forms of ID verification. The more verifiable data that one accumulates about oneself in a secure environment, the better this becomes in validating one’s identity in a number of scenarios. Matching someone to a large multi-point dataset about them is much easier to validate their identity with than remembering a socially-hackable encryption key code or using a combination of biometrics that can also be gamed. A combination of biometrics (another form of personal data) and data-point matching would be the ideal identification system.

The Ability To Extract The Value From Your Data

While people are definitely happy to be able to control their data privacy as an aspect of personal data ownership, their eyes light up with starry dollar signs when they learn that they can also begin to extract the monetary value out of their personal data; data that has been making the large web platforms $BILLIONS for years.

The common messaging theme that many early players in this industry are conveying to consumers is “GET PAID FOR YOUR DATA”.

This is where the problem begins and where the major dangers are that could destroy all the benefits of owning one’s personal data.

So, rather than just getting into the details of extracting the value out of one’s personal data, I’ll first detail the way many early players are proposing to help people “get paid for their data”, and why (in my opinion) these approaches are not only wrong, but they are dangerous and could potentially harm those that use them. I’ll then share our approach and why I think it is the model that all other platforms and services in the industry should follow.

3rd) The Dangerous Pitfalls of “Getting Paid For Your Personal Data”

The primary purpose of all this new legislation, as well as all the consumer concerns about current AdTech and the recent data scandals, is about the PRIVACY of their personal data.

If we know this to be true, why not then make privacy the core feature of any personal data monetization product or strategy? Why not use the 7 Principles of Privacy by Design in your product and process design? (Disclosure: Dr. Ann Cavoukian, creator of the 7 Principles of Privacy by Design is an Advisor to Muuver.)

The Potentially Disastrous Effects of The Wrong Way Model

Unfortunately, because there is a lot of easy money to be made in this business, profits are the primary (or sole) focus of many of the approaches that early players are taking as a means to capitalize on the timing and market size of the industry.

Approaching this industry with the wrong model can have devastating effects.

They’re also aware that the “get paid for your data” message is much sexier and more alluring than the “control your privacy” message.

The dangerous and destructive “wrong-way model” that many of these players are getting into the game with, is to advise people to first take ownership of their data, but then to literally “sell your data” to typical data consumers: brands, advertisers and perhaps even data brokers.

The model suggests aggregating your personal data from as many sources as possible into a commoditizable package, then to sell that package of data for a fixed price to as many buyers as they can find for you – the way data brokers do it, except now you get a cut too.

But here are the reasons that “selling your data” can be very dangerous, if not disastrous:

  1. Privacy Negation
    By selling your data to multiple parties (especially highly valuable aggregate data) you essentially negate any aspects or expectations of privacy that owning or controlling your data has for you. Your data is out there everywhere now. Can you be 100% guaranteed that your data will always be safe and never shared by any of these holders of your data?
  2. Value Dilution
    Quite simply, the more your spread your data around, the less overall value it has. This also reduces the long term value of the data as a whole. If you were to make the data only available to a few, or to no one, it would have much greater value to those who desire it.
  3. Value Minimization
    The value of a package of personal data about someone is minimal, typically only cents to a few dollars for any one given purchaser. This is because it is not the data itself that is valuable; but the insights that the data can produce are what is most valuable. If a company buys a package of your data, they still have a lot of costs involved in managing, storing and processing the data in order to produce the insights they are actually mining from the data.
  4. Compliance & Management Encumbrances
    Not only are there management, storage and processing costs involved with the raw data, but the purchaser then also becomes highly accountable for the proper regulatory compliance around the management, custodianship, storage, processing and governance of the data.
  5. Analytical Inaccuracies
    Selling your data in packages fragments the data, making analysis less accurate than if the complete dataset were available for analysis.

In short: selling your data is just “giving away” its value and totally ignores your privacy. It’s not a sustainable business model and can be disastrous for anyone whose privacy and/or value is compromised.

There’s a much safer and much more profitable way to extract the value from the data.

4th) The Healthy, Value Enhancing Path Of The Right Way Model

PRIVACY FIRST!

Some of these early players who suggest that you “sell your data” will say that they DO have privacy as a major concern, by letting you decide whom and whom NOT to sell your data.

Except that’s like saying that you are in control of slavery by letting you decide who will be your new master. It’s a ridiculous claim.

As soon as a party other than you has access to your data, your privacy has begun to be compromised.

  1. NO ONE SHOULD SEE YOUR DATA PACKAGE EXCEPT YOU. NO ONE. EVER. THAT is privacy first.
  2. Whenever you add data to your data vault, it should always be defaulted to the “Private” setting, not the “Available” setting. THAT is privacy first.
  3. Every aspect of the system should be designed from the start to protect your privacy; from the features in your app to the receptionist at your data ownership platform who is trained on socially engineered phishing attacks. THAT is privacy first.
  4. The system should be completely transparent about who, what, where, when and how your data is being used – at all times. THAT is privacy first.
  5. The system should not sacrifice any aspect of your privacy in any way for the sake of anything else, including profits. A “Right Way” model should be able to maximize both privacy and profits for a “win-win” scenario. THAT is privacy first.

SELL THE DATA INSIGHTS, NOT THE DATA

The best model to meet all those criteria above for keeping privacy first, while at the same time maintaining and maximizing the value potential of the data: is to NOT sell the data.

 

The insights that the data can produce are far more valuable than the raw data itself.

That is what the brands and advertisers are looking for. That is where the monetary and analytical value of the data is… Insights.

If you were a brand or advertiser, would you prefer a data-dump from 10,000 people, or would you prefer a list of 10,000 people that predictive purchasing AI identified as the most probable to purchase your blue widgets over the next two weeks, along with where they prefer to be advertised to and the best day and time to advertise to them?

Which would you pay more for if you were that brand or advertiser?

The answer becomes obvious: Sell the data insights, not the data.

THE EMERGENCE OF “PRIVACY BASED MARKETING”

Earlier I mentioned that this industry would have the biggest impact on the data consumers themselves: the brands and advertisers who want the data most.

It’s quite apparent that there is a powerful new trend toward giving people stewardship of their personal data, with privacy as the major concern. That trend will have a greater and greater impact on how brands and advertisers interact with consumers and customers as the trends continues and matures.

While in the early stages it may seem to these entities that not being able to access consumer data in ways they are accustomed to is costly and requiring valuable effort, very soon it will become clear to them that this is the ideal marketing scenario:

All this is facilitated simply through the consumer taking ownership of their personal data and providing consent controls for their privacy.

There could be no better scenario for marketers than the coming Personal Data Ownership industry, and Privacy Based Marketing.

EXTRA BONUS INFO

Here’s a few things blockchain and AI allow, without ever selling your data to anyone: