Do we own our personal data? If we don’t, who does? Or should we ask, rather, whether it’s appropriate to think of personal data as a commodity in the first place?

In an article titled “Selling Your Bulk Online Data Really Means Selling Your Autonomy,” Evgeny Morozov argues that

[w]e shouldn’t unquestionably accept the argument that personal data is just like any other commodity and that most of our digital problems would disappear if only, instead of gigantic data monopolists like Google and Facebook, we had an army of smaller data entrepreneurs. We don’t let people practice their right to autonomy in order to surrender that very right by selling themselves into slavery. Why make an exception for those who want to sell a slice of their intellect and privacy rather than their bodies?

Striking a similar note, in a brief video titled “On Personal Data, Forgiveness, and the Right to Be Forgotten,” philosopher Luciano Floridi reflects that there are

roughly two ways of looking at personal data. One is in terms of the philosophy of economics. Your data are yours as in ‘My data, my house, my car: I own it… and if you trespass, you are trespassing the boundaries of my property.’ … Then there’s another way of looking at personal information, that’s got to do not with the philosophy of economics—broadly understood—but with the philosophy of mind—the philosophy of personal identity. My data, or my personal memories, are more like my hand, my liver, my lungs, my heart. It’s not that they are mine because I own them; they are mine because they constitute me. .. Making a copy of my data [is] not taking away that data, but there’s something about cloning here, and being intrusive, that’s got nothing to do with trespassing, but more like kidnap.

It has become common to argue that the provision of various “free” services on the internet represents, in fact, transactions within which users “pay” for those services with their personal data. However, if personal data is not a commodity but something constitutive of us as human beings, does that make those transactions more akin to organ donations?

If so, these would be “donations” preceded by remarkably poorly informed consent. Most people don’t understand what data is being collected on them by the companies providing the “free” services—let alone what those companies may do with such data. Detailing the findings of a January 2016 study on Americans’ attitudes toward privacy and information sharing, the Pew Research Center notes, “One of the most unsettling aspects of privacy issues to many of the focus group participants is how hard they feel it is to get information about what is collected and uncertainty about who is collecting the data.”

Sure—giving up some personal data is not the same as giving up a kidney. Still, if we accept that personal data falls somewhere between vital organs and “commodities,” one conclusion to draw would be that we need, at a minimum, much better informed consent for the “harvesting” of that data, and for the purposes that such data could be used for.

(A version of this appeared as “Do We ‘Own” Our Personal Data?”—a post in the blog “Internet Ethics: Views from Silicon Valley.”)

Discussion Questions:

Since some entities (like corporations) do treat personal data as a commodity, for now, should we still demand that individuals be given a way to share in the distribution of the material benefits from the use/selling of such data? Or should we demand a change in the underlying practice of data commodification?

Would you “donate” personal data about yourself for some specific purposes (say, medical research), even if you are not willing to do so for others (say, targeted advertising)? What are the ethical considerations underlying such a decision? Before answering the latter, please review A Framework for Ethical Decision Making.

Irina Raicu is the director of the Internet Ethics program at the Markkula Center for Applied Ethics.