They say that data is the new oil — but who exactly owns it?

Avatar photo

By Polly Botsford on

As part of Legal Cheek’s occasional series exploring buzzing legal research across the UK and internationally, today, on the day that new data protection rules come into force, we delve into the unchartered territory of the law on data ownership

In the not too distant future, driverless cars will be the norm. We will be speeding around in autonomous vehicles, our journeys managed through a handheld device, our lives transformed — again.

Those cars will collect and store a huge amount of data: on our exact location and where we are going, on how fast we are going. Through connected devices, ‘the Internet of Things’, data will be transferred and stored on who the passengers are, including biometric data for identification purposes and even something as personal as heart rate monitors which will assess our health risks and how comfortable we are in our vehicle.

This vast reservoir of data (perhaps amounting to as much as 4,000 gigabytes every day), some of it highly personal, has untold value: as market intelligence, as consumer information, as well as value for less business-oriented reasons such as safety or public policy.

We are building rules around data that is personal to us in a bid to ensure such data is treated with respect and privacy (witness today’s ‘Hallelujahs’ over the new GDPR) but what about the much thornier issue of who exactly owns this data, whose data is it? Who should reap the benefits of this “new asset class”? This is the subject with which Václav Janeček, currently a research student at the Oxford Law Faculty, is grappling in his paper: Ownership of Personal Data in the Internet of Things.

We often find it surprising that we don’t automatically have ownership rights over our personal data, and we are taken aback that the likes of Facebook can legally do what it does with our data which is invite us to give it our data, and then package it up and sell it onto someone else; Facebook makes money out of our data without paying us for that — that is its business model.

The quandary of data ownership has emerged as an issue at an EU level when the European Commission consulted on it as part of its push to encourage the free flow of data across EU borders. The response to its consultation has been, in a nutshell, “don’t go there”. So why is data ownership so — legally speaking — challenging?

Janeček is assisting in a joint project between the American Law Institute and the European Law Institute to explore the key legal principles in a data economy, and you can read his paper here or here. He argues that from the very outset the concept of ownership has been overshadowed by real problems of definition: if we want to own personal data (in the same way that we want to be able to keep personal data private) then how do we work out what is personal and what isn’t?

Want to write for the Legal Cheek Journal?

Find out more

Apart from certain intrinsically personal types of data such as your name, your heart rate in the above example, or biometric data that is increasingly used for identification, personal data is “a moving target”. Raw data might be non-personal data in one aspect and in one configuration but could well become personal data in another. Take, for example, data regarding your journeys in that driverless vehicle of the future. If a company profiles all your journeys to work out how far you travel and how often, that might be personal data. But if a company profiles those journeys to assess fuel consumption and efficiency of that particular vehicle, is that still, usefully, personal data?

Even if we could work out what type of data we were talking about and even if we could accept that some sort of data ownership is essential for our economic growth, the next problem is how we go about introducing such a new type of legal right. Janeček suggests that we can either impose the legal right of ownership by creating it through legislation (what Janeček calls “the top-down approach”) or we could let ownership rights develop through various other means such as through technology or through piecemeal case decisions which give certain classes of data ownership potential (“the bottom-up approach”).

For example, you can imagine that in the driverless car example, our journey data could be quite easily stored in an app which we could download and “own”, or you can imagine a legal challenge where your journey data is sold to a travel company and a judge might decide that it is the car company not the person taking the journey that has some ownership rights to that data. In such cases, ownership rights would stem from the bottom up.

Janeček is uncomfortable with the top-down approach because of the problem of working out what is and isn’t personal data, but also, more fundamentally, because ownership is regarded as something which comes from human nature, a fundamental right, therefore something that cannot be imposed from the top down. He turns to the philosopher John Locke, writing at the end of the 17th century, who stated in his Second Treatise of Government: “God has given the earth to the children of men; given it to mankind in common.” And so “in the state of nature, all particular things are unowned”. But what man does, Locke argues, is enter into society for “the preservation of their property” and it is at this point that ownership in things becomes possible.

In the (near) future then, when drones deliver our Amazon shopping, when driverless cars take us to work, when an estimated 163 zettabytes of digital data is out there, Janeček argues that there is unlikely to be a single comprehensible legal instrument which declares who owns this data (the limiting factors being not only the law but also the lack of technology).

Instead, there will be a patchwork of specific rights: to data access and erasure, property rights in storage mechanisms such as black boxes, there will be intellectual property rights in some databases (like Spotify) — but the individual nuggets of data will hardly fit our traditional notions of ownership rights. The raw data, that vast reservoir of prima facie meaningless numbers and words, is, legally-speaking, unowned.

This is the second in an occasional Legal Cheek Journal series, looking at new and interesting legal research. If you are working on a paper or research which you’d like to share with Legal Cheek, email us.

Join the conversation

Related Stories

Can we regulate Uber into ‘doing the right thing’?

In the first of its kind, Legal Cheek launches an occasional series exploring buzzing legal research across the UK and internationally

Mar 16 2018 11:32am

Can Facebook really listen in on your conversations?

The hills have eyes, but it would be a 'scandalous breach of data protection' if they have ears too

Dec 13 2017 9:10am

The final countdown to GDPR compliance begins

Womble Bond Dickinson's data protection team explains the key points of the big legislative change of 2018

Feb 15 2018 3:15pm