By Charles Adjovu, Director & Researcher at Ledgerback Research Institute

My Data! My Rules!

The Rise Of A New Data Governance Landscape In The Midst Of Heightened Data Privacy Concerns

By geralt. Accessed on Pixabay [1].

Introduction

When I share my data with companies, do I still have a say over how my data is stored, shared, and used? What about when these companies make a profit by sharing my data?

This question is one of the defining questions concerning data privacy from the consumer² viewpoint.

Unfortunately, the answer to this question is more often than not … no. Once you share your data with a company³, your data tends to get shared with more parties than you can even imagine.⁴

For example, in Geoffrey A. Fowler’s article The spy in your wallet: Credit cards have a privacy problem, the data generated from Fowler’s purchase of a banana with a credit card at Target ended up with multiple third parties unrelated to the transaction (“marketers, Amazon, Google and hedge funds”).⁴

And lest we forget, the constant sharing of consumer data between businesses and third parties is a major catalyst for data breaches.⁴

This is the unfortunate reality of consumer privacy, a world in which consumers need to be pragmatic about their privacy because they have little to no control over how businesses use their data once they have shared their data with them.⁵

Perturbed but defiant, consumers who are unsatisfied with the status quo, who believe that they should have more control over their data, are pursuing alternatives to protect their data.

Luckily for them, many individuals and enterprises share their sentiment (e.g., DuckDuckGo search engine), and are readily available today for them to make the switch.⁶

This article will proceed in two parts. Part One will discuss the status quo for how companies share consumer data and concerns about data breaches. Part Two will discuss alternative services and businesses that empower consumer privacy.

Note: This article is a pre-print. The final print of this article will be published in 1–2 weeks. You may read the full article when you sign up for Ledgerback’s Substack. In the full article, we discuss some additional examples of foul play by companies with consumer data and some additional readings to help you better understand the data privacy and alternative services and businesses landscape.

1. The Data Privacy Status Quo

As discussed above, the status quo for data privacy is pretty bleak for consumers, and this is reflected in how consumers view data privacy.

1.A. Consumer’s view data privacy as fundamental in theory, but are willing to give up their data privacy in practice

Photo by Dayne Topkin on Unsplash

In general, consumers believe they should have control over how businesses use their data, preferably on an as-needed basis.⁵^⁷^⁸^⁹

Consumers can be categorized into three groups based on Acxiom’s Data privacy: What the consumer really thinks survey:

“data pragmatists: those who will make trade-offs on a case-by-case basis as to whether the service or enhancement of service offered is worth the information requested data fundamentalists: those who are unwilling to provide personal information even in return for service enhancement and data unconcerned: those who are unconcerned about the collection and use of personal information about them.”⁵

Based on the responses to the survey, consumers were segmented into the three categories described above, with the majority of Americans being classified as data pragmatists (58%), while 24% were classified as data fundamentalists, and 18% were classified as data unconcerned.⁵

7 of the 9 major takeaways in Acxiom’s survey discussed consumers wanting more control and transparency over how their data is used by businesses (e.g., receiving remuneration for sharing their data with companies, and the need for trust and transparency before exchanging data with companies).⁵

Though consumers believe they should have more control, as discussed above, most consumers are data pragmatists because without giving up autonomy over their data, they cannot access the products and services they desire to use.⁵

Thus, it is not surprising that even though consumer views on data privacy are strongly pro-consumer, their actions differ widely from their views.⁵

Although Acxiom’s survey was reported in 2017 before the Facebook and Cambridge Analytica scandal in 2018, the same principles still hold true in 2019.⁸^⁹

After the scandal, as reported in IBM’s Institute for Business Value survey, more consumers believe that organizations “should face stronger regulations on personal data management,” but that they are still willing to be pragmatic about their data privacy in exchange for access to products and services.⁹^¹⁰

Though, the data pragmatist approach may start dwindling as new data privacy legislation in California and the European Union give consumers more protection over their data.¹¹^¹²

1.B. Most consumers are unaware of how businesses benefit from their data-generating activities

Photo by Bernard Hermant on Unsplash

Most consumers do not see the connection between their data-generating activities, especially on purportedly free services (“search online for free, check their free email accounts, post on their free social media accounts and more …”) and how the data generated from those activities are used by businesses.¹³^¹⁴

Two examples highlight the disconnect between how consumers view their data generating activities and how businesses use the data.

First, marketers use the data consumers generated on the free services and platforms discussed above to provide more relevant marketing (i.e., targeted advertisements) to consumers.¹³

Second, businesses, even those that seem unrelated or unaffiliated, share data with each other, such as how Facebook entered into a data sharing agreements with third parties such as Amazon, in which Facebook gave “names and contact information” to Amazon, and in return, Facebook could use Amazon’s data “in its ‘People You May Know’ feature.”¹⁵

1.C. Data Breaches are becoming more frequent as companies store and share more consumer data

Photo by Samuel Zeller on Unsplash

Because consumers are so resigned to losing control over their data, consumers also harbor similar sentiments about data breaches.⁷

In Akamai’s 2018 survey Consumer Attitudes Toward Data Privacy Survey, forty-six percent (46%) of consumers surveyed stated that they will give companies a pass for data breaches “as long as they are immediately informed about the attack and information is shared about how the company is responding.”⁷

1.D. Data breaches are becoming more frequent and severe because businesses are storing large amounts of consumer data

Photo by Michael Geiger on Unsplash

A major reason why data breaches are becoming more frequent and exposing more and more consumer data is because companies are storing more consumer data than ever before.¹⁶^¹⁷^¹⁸

More troubling than the rising frequency of data breaches, the majority of companies do not take data breaches as seriously in the USA than in the European Union (EU) because the fines and penalties associated with data breaches in the USA generally do not have a major impact on a company’s bottom line.¹⁹^²⁰

For consumers, this raises many issues because consumers have to rely on companies to properly secure their data because companies store consumer data, even though, as mentioned earlier, they have little to no incentive to properly secure consumer data as long as the fines do not heavily impact their bottom line.¹⁸

For example, this year, Verifications.io, a marketing platform, had approximately 800 million unencrypted records (i.e., the information was in plain text and human readable, just like this article) exposed containing varied amounts of personal information (e.g., credit scores from an unsecured MongoDB database) which anyone could have seen.²¹

How can companies get away with this kind of conduct? Because our collective memory of data breaches is pretty short, and we tend to forget them as fast as the news broke out about the breach.²²

2. A Change in the Data Governance Landscape

Unfortunately, despite how companies use and misuse consumer data, and the lack of effort to properly secure consumer data, most consumers remain data pragmatists because without giving up their data privacy, they cannot use the services they desire.⁹^¹⁰^¹⁸^¹⁹^²⁰

The issues discussed in the previous section have led to the creation of a niche market of privacy-centric businesses, technologies, and services that empower a new data governance framework based on user consent.²³

2.A. The Rise of New Data Governance Frameworks

Vincent Straub and Geoff Mulgan in their article, The new ecosystem of trust: How data trusts, collaboratives and coops can help govern data for the maximum public benefit, developed a typology of data governance frameworks (categories described below) that promote individual control over data:

“data cooperatives and commons,

personal data stores,

Industry data stewardship trusts,

public private data trusts,

commercial data public research steward,

public data research trust,

public data trusts, and

public benefit data trusts.”²³

Straub and Mulligan define data trusts as “institutions that work within the law to provide governance support for processing data and creating value in a trustworthy manner,” based on Kieron O’Hara’s definition of data trusts from his whitepaper Data Trusts: Ethics, Architecture and Governance for Trustworthy Data Stewardship.²³^²⁴

An additional governance framework that is helpful to understand the new privacy-centric market is the data collaborative framework developed in New York University’s (NYU) GovLab.²³^²⁵^²⁶ This framework is generally more focused on private-public partnerships than Straub’s and Mulligan’s framework.²³^²⁵

A data collaborative, as defined by Stefaan Verhulst and David Sangokoya, “ refers to a new form of collaboration, beyond the public-private partnership model, in which participants from different sectors — including private companies, research institutions, and government agencies — can exchange data to help solve public problems.”²⁵^²⁶

There are six types of data collaboratives:

“Data Cooperatives or Pooling,

Prizes and Challenges,

Research Partnerships,

Intelligence products,

Application Programming Interfaces, and

Trusted Intermediaries.”²⁶

Data Collaboratives provide five major benefits:

“situational awareness and response,

public service design and delivery,

knowledge creation and transfer,

prediction and forecasting, and

impact assessment and evaluation.”²⁶

One of the major drivers for data collaboratives is that for public-sector entities to combat public problems, public-sector entities require greater access to data, which is often held by private-sector entities.²⁵

The six major motivations for corporations to share their data with, or as part of, a Data Collaborative, are:

“reciprocity,

revenue,

research & insights,

regulatory compliance,

reputation, and

responsibility.”²⁶

2.B. What is a Data Cooperative?

Photo by Pietro Jeng on Unsplash

For this article, we shall discuss Data Cooperatives because they can fall under the Data Collaborative framework from NYU Gov Lab by Verhulst and Sangokoya as a Data Cooperative, or as a Data Coop or Commons under Straub’s and Mulgan’s data governance framework.²³^²⁵^²⁶

Data Cooperatives are “[c]orporations and other important dataholders group together to create “data pools” with shared data resources.”²⁶ Data Cooperatives can be considered a type of platform cooperative, a cooperative-run enterprise or similar that operates, maintains, shares, or creates a platform to connect individuals together.²⁷

This type of data trust is one of the best models for ensuring data usage based on individual consent because they can develop “common standards to ensure data security, compliance and technical treatment.”²³

2.C. Two innovative Data Cooperatives pushing consumer ownership of data are Savvy Coop and Driver’s Seat Cooperative

Two Data Cooperatives we wanted to discuss in this article are Savvy Coop and Driver’s Seat Cooperative.

2.C.1. Savvy Coop: A Patient-owned Data Cooperative

Photo by Samuel Zeller on Unsplash

Savvy Cooperative (“Savvy Coop”) is a patient-owned cooperative that offers a platform for patients and care providers to share their health experiences with companies and researchers interested in their health experiences for their own projects.²⁸^²⁹

Patients can earn rewards when they share their health experiences on the platform through (but not limited to) surveys, interviews, focus groups, discussion boards, user-testing, scientific research, and many more gigs.²⁸^²⁹^³⁰

Patients can receive rewards in a variety of ways including:

“Cash,

Savvy Points,

Savvy Badges,

Amazon Gift Cards,

Visa Gift Cards, and

Discounts Coupons.”³⁰

Savvy Coop offers two types of accounts for patients, a free account and a member account.³⁰ The free account is available to everyone, but the member account is available only to co-op members.³⁰

For companies and researchers, they can schedule gigs on the platform to get feedback from patients.³¹

In Savvy Coop’s model, patients have more control over their personal data because the:

patients are co-owners of the enterprise;

patients have a say in the co-op’s decision-making through voting;

patients choose who to share their information with;

patients receive remuneration for sharing their data; and

patients are entitled to a profit-share from the co-op.³⁰

Additionally, the consumer view of greater control over how consumer data is used, and the possibility of receiving remuneration is actuated at Savvy Coop because patients retain control over the sharing of their medical information, and the opportunity to be remunerated for sharing the data they created.⁵^⁷^³¹

2.C.2. Driver’s Seat LLC: A Driver-owned Data Cooperative

Photo by why kei on Unsplash

Driver’s Seat, LLC (“Driver’s Seat”) is a driver-owned cooperative that offers a platform where drivers, primarily rideshare drivers, can share their driving data with Driver’s Seat customers, (e.g., local governments and transportation agencies).³³

Drivers can track and share their driving data by using the Driver’s Seat’s mobile application (currently in beta testing).³³

For rideshare drivers (e.g., Uber and Lyft drivers), Driver’s Seat will provide free data insights on their driving habits to help drivers better optimize their earnings.³³Additionally, as a co-operative enterprise, rideshare drivers have a say in the co-op’s decision-making through voting, and are entitled to a profit-share from the co-op.³³

For local governments and transportation agencies, Driver’s Seat will provide rideshare data so that they can make data-driven decisions about “how ridershare relates to transit, how to reduce congestion and VMTs, and how rideshare and delivery impact the curb”.³³

The consumer desire for greater data autonomy, and receiving remuneration is actuated at Driver’s Seat because drivers retain control over how their driving data is shared with third parties, and the opportunity to be remunerated for sharing their driving data with local governments and transportation agencies.³³

2.D. Distributed Data Storage and Personal Data Stores

Distributed data storage is data stored among multiple devices rather than a single device.³⁴ Distributed peer-to-peer (p2p) data storage is a type of distributed storage where data is shared among the nodes on a p2p network.³⁴

A Personal Data Store (PDS) may be defined as software that “offer[s] to store the user’s personal data and allow the user to give controlled access to other organisations.”³⁵ In other words, PDS allow users to “[in]put [] data about [themselves] and evidence of [their] identity (using passports and bank statements) which [] others [can] access or indirectly use in order to provide you services.”³⁵

Common attributes of PDSs identified by Irina Bolychevsky & Simon Worthington in Are Personal Data Stores about to become the NEXT BIG THING?, are that they “ensure your personal data:

“would not be lost when the company pivots, is bought up, goes bankrupt or decides to delete or suspend your account since you maintain it”;

“would not be as vulnerable to misuse, exploitation or data breaches since you hold the data and can revoke access”; and

“can be kept accurate and up to date more easily from on[]e central location.”³⁵

2.E. AXEL Network and SoLiD are giving consumers new-found control over how they share their personal data with third parties

2.E.1. AXEL Network

Photo by imgix on Unsplash

Before discussing AXEL Network, we first need to know about the InterPlanetary File System (IPFS).

The InterPlanetary File System (IPFS) is a project by Filecoin that enables distributed storage and transfer of files among nodes in a peer-to-peer network.³⁶

In the IPFS, file storage is distributed among the nodes on the network such that each node has a chunk of the file data, thereby ensuring that no single node holds a complete copy of a file.³⁶

To achieve the above, the IPFS implements a distributed hash table (DHT) that allows “any participating node to efficiently retrieve the value associated with a given key.”³⁷ By relying on a p2p network, the DHT can scale to an “extremely large numbers of nodes and to handle continual node departures, arrivals and failures.”³⁷

A major advantage of using the IPFS is that it ensures that a node requesting a file will receive it from the closest nodes storing the file, thereby making file retrieval faster.³⁶

A local company based in Las Vegas, Nevada that is implementing the IPFS as a distributed data storage solution is AXEL Network (“AXEL”).³⁸

AXEL’s IPFS implementation, IPFS Pinning Facility, primarily works as a content distribution network and consumer file storage solution.³⁸

AXEL’s IPFS Pinning Facility is an IPFS tool that has a built-in file management system that makes it extremely easy to upload and manage files on the IPFS for the end user.³⁸

The main reasoning for AXEL’s development of the IPFS Pinning Facility is that since IPFS does not automatically store data unless pinned, the IPFS Pinning Facility “tells a server on IPFS to retain [your] data because it’s important.”³⁸

AXEL’s IPFS Pinning Facility provides three primary benefits:

“Saving on Bandwidth and Storage

Overcoming Latency

Storing Files.”³⁸

AXEL’s IPFS Pinning Facility is also integrated with their blockchain network.³⁹ AXEL Network operates a Proof-of-Stake (PoS) blockchain which is secured through Masternodes⁴⁰.³⁹

2.E.2. SoLiD

Photo by Michael Jasmund on Unsplash

SoLiD is an open source project, developed by Sir Tim Berners Lee at Massachusetts Institute of Technology (MIT) that extends the current functionality of the web (W3C standards and protocols) by applying “Linked Data principles.”³⁵^⁴¹^⁴²

SoLiD seeks to simplify data ownership concerns for consumers and businesses by 1) giving users the freedom to take their data anywhere and avoid vendor lock-in, and 2) for developers, the ability to reuse data in existing apps for new apps so consumer data does not need to be shared with a new service.³⁵^⁴¹^⁴²

In SoLiD, PDSs are called pods, and pods are stored on SoLiD servers.⁴³

SoLiD utilizes Linked Data, a way of connecting resources throughout the web by having a uniform resource location (URL) for each piece of data, and explicitly stating how each piece of data is related to each other.⁴¹^⁴²

Conclusion

There are many issues in our current data privacy climate.

For many consumers, there is a desire for more control over how business and services share their data with third parties, and the ability to receive remuneration for sharing their data with businesses.⁵^⁷^⁸^⁹^¹⁰

This reality has led to consumers adopting a data pragmatist approach to sharing their data with businesses, wherein they give up control over the usage of their data in exchange for access to technologies and services provided by businesses.⁵

For businesses, this has led to a great opportunity to cash in on user-generated data without remunerating users, but also has led to a rapid increase in the number and severity of data breaches.¹⁵

This grim outlook has led to the rise of a privacy-centric market of businesses, technologies and services that share the same views as consumers on data privacy, and hope to provide a feasible alternative to the status quo.²³

This new market is occupied by a new data governance framework that understands and respects the consumer’s need for data autonomy, and even satisfying the consumer desire for remuneration.³⁵^²³^²⁶

Specifically, this new data governance framework and outlook has led to the rise of data cooperatives such as Savvy Coop and Driver’s Seat, distributed data storage providers such as AXEL Network, and personal data storage technologies such as SoLiD.²⁵^²⁹^³⁵^⁴¹^⁴²

Rather than waiting for regulatory reform (especially in the USA) to hold companies more accountable, consumers can take more control over their personal information by integrating privacy-centric businesses, technologies and services into their daily lives.²⁰

Companies Mentioned

AXEL Network

Driver’s Seat Cooperative

DuckDuckGo

Filecoin’s IPFS

Filecoin

Inrupt

Savvy Coop

SoLiD at MIT

Author

Charles Adjovu is a Director & Researcher at Ledgerback Research Institute. Charles Adjovu is an attorney based in Las Vegas, Nevada, who is interested in intellectual property, emerging technologies, cybersecurity and data privacy, and social enterprises.

Ledgerback Research Institute is an independent research center promoting knowledge development and innovation for decentralized and open (“DeOp”) transformation.

Ledgerback Research Institute is part of the greater Ledgerback Network, a virtual and physical network of organizations and individuals striving to develop and support DeOp individuals, communities, and organizations.

The Ledgerback Network is always willing to support DeOp individuals and communities through:

research, education, consulting, promotion, knowledge exchange, and incubation.

You may find Ledgerback’s Substack here.