It is the summer of 2023, and Rachel is broke. Sitting in a bar one evening, browsing job ads on her phone, she gets a text message. Researchers doing a study on liver function have gotten her name from the bar’s loyalty program—she’d signed up to get a happy-hour discount on nachos. They’re offering $50 a week for access to her phone’s health data stream and her bar tab for the next three months.

At first, Rachel is annoyed at the intrusion. But she needs the money. So she nods at her phone—a subtle but distinct gesture of assent that is as legally binding as a signature—and goes back to her nachos and her job search.

But as the summer wears on, Rachel can’t help noticing that she’s getting rejection after rejection from employers, while her friends, one by one, line up jobs. Unbeknownst to her—because she didn’t read the fine print—some data from the research study, along with her liquor purchase history, has made it to one of the two employment agencies that have come to dominate the market. Every employer who screens her application with the agency now sees that she’s been profiled as a “depressed unreliable.” No wonder she can’t get work. But even if she could discover that she’s been profiled in this way, what recourse does she have?

A day in the life

If you’re reading this, chances are that, like Rachel, you created an enormous amount of data today—by reading or shopping online, tracking your workout, or just going somewhere with your phone in your pocket. Some of this data you created on purpose, but a great deal of it was created by your actions without your knowledge, let alone consent.

The proliferation of data in recent decades has led some reformers to a rallying cry: “You own your data!” Eric Posner of the University of Chicago, Eric Weyl of Microsoft Research, and virtual-reality guru Jaron Lanier, among others, argue that data should be treated as a possession. Mark Zuckerberg, the founder and head of Facebook, says so as well. Facebook now says that you “own all of the contact and information you post on Facebook” and “can control how it is shared.” The Financial Times argues that “a key part of the answer lies in giving consumers ownership of their own personal data.” In a recent speech, Tim Cook, Apple’s CEO, agreed, saying, “Companies should recognize that data belongs to users.”

“Data ownership” not only does not fix existing problems; it creates new ones.

This essay argues that “data ownership” is a flawed, counterproductive way of thinking about data. It not only does not fix existing problems; it creates new ones. Instead, we need a framework that gives people rights to stipulate how their data is used without requiring them to take ownership of it themselves. The Data Care Act, a bill introduced on December 12 by US senator Brian Schatz, a Democrat from Hawaii, is a good initial step in this direction (depending on how the fine print evolves). As Doug Jones, a Democratic senator from Alabama who is one of the bills cosponsors, said, “The right to online privacy and security should be a fundamental one.”

The notion of “ownership” is appealing because it suggests giving you power and control over your data. But owning and “renting” out data is a bad analogy. Control over how particular bits of data are used is only one problem among many. The real questions are questions about how data shapes society and individuals. Rachel’s story will show us why data rights are important and how they might work to protect not just Rachel as an individual, but society as a whole.

Tomorrow never knows

To see why data ownership is a flawed concept, first think about this article you’re reading. The very act of opening it on an electronic device created data—an entry in your browser’s history, cookies the website sent to your browser, an entry in the website’s server log to record a visit from your IP address. It’s virtually impossible to do anything online—reading, shopping, or even just going somewhere with an internet-connected phone in your pocket—without leaving a “digital shadow” behind. These shadows cannot be owned—the way you own, say, a bicycle—any more than can the ephemeral patches of shade that follow you around on sunny days.

Your data on its own is not very useful to a marketer or an insurer. Analyzed in conjunction with similar data from thousands of other people, however, it feeds algorithms and bucketizes you (e.g., “heavy smoker with a drink habit” or “healthy runner, always on time”). If an algorithm is unfair—if, for example, it wrongly classifies you as a health risk because it was trained on a skewed data set or simply because you’re an outlier—then letting you “own” your data won’t make it fair. The only way to avoid being affected by the algorithm would be to never, ever give anyone access to your data. But even if you tried to hoard data that pertains to you, corporations and governments with access to large amounts of data about other people could use that data to make inferences about you. Data is not a neutral impression of reality. The creation and consumption of data reflects how power is distributed in society.

You could, of course, choose to keep all your data private to avoid its being used against you. But if you follow that strategy, you may end up missing out on the benefits of sometimes making your data available. For example, when you’re driving, navigating by smartphone app, you share real-time, anonymized information that then translates into precise traffic conditions (e.g., it will take you 26 minutes to drive to work this morning if you leave at 8:16 a.m.). That data is individually private—strangers can’t see where you are—but cumulatively, it’s a collective good.

The creation and consumption of data reflects how power is distributed in society.

This example shows how data in the aggregate can be fundamentally different in character from the individual bits and bytes that make it up. Even well-intentioned arguments about data ownership assume that if you regulate personal data well, you’ll get good societal outcomes. And that’s just not true.

That’s why many of the problems about unfair uses of data can’t be solved by controlling who has access to it. For example, in certain US jurisdictions, judges use an algorithmically generated “risk score” in making bail and sentencing decisions. These software programs predict the likelihood that a person will commit future crimes. Imagine that such an algorithm says you have a 99% chance of committing another crime or missing a future bail appointment because people demographically similar to you are often criminals or bail jumpers. That may be unfair in your case, but you can’t “own” your demographic profile or your criminal record and refuse to let the legal system see it. Even if you deny consent to “your” data being used, an organization can use data about other people to make statistical extrapolations that affect you. This example underscores the point that data is about power—people accused of or convicted of crimes generally have less power than those making bail and sentencing decisions.

Similarly, existing solutions to unfair uses of data often involve controlling not who has access to data, but how data is used. Under the US Affordable Care Act, for instance, health insurance companies can’t deny or charge more for coverage just because someone has a preexisting condition. The government doesn’t tell the companies they can’t hold that data on patients; it just says they must ignore it. A person doesn’t “own” the fact that she has diabetes—but she can have the right not to be discriminated against because of it.

“Consent” is often mentioned as a basic principle that should be respected with regard to the use of data. But absent government regulation to prevent health insurance companies from using data about preexisting conditions, individual consumers lack the ability to withhold consent. The reason they lack that ability is that insurance companies have more power than they do. Consent, to put it bluntly, does not work.