This policy brief proposes ways in which G7 governments can achieve an active market role for citizens, shifting the regulatory paradigm towards an individual-empowered, human-centered data governance regime. In short, this could be achieved by:
1․ Adopting a multi-tiered definition for personal information with different policy requirements for each tier. We propose three types of personal data (Snower & Twomey, 2022):
- O-Data („Official Data“) is the sort of data normally required for entering a contract or satisfying government or major institution identity requirements. O-Data is controlled by the data subject, but authenticated by trusted third parties.
- P-Data is “privy data” related to individuals which is not collective and does not require authentication by third parties. This data may be divided into “first-party data” (such as photographs) generated by the data subject, and “second-party data” generated by a second party (such as location data from smartphones or past purchase records) or inferred about the data subject from existing data (such as psychological data deduced from web searches).
- C-Data is “collective data,” which data subjects agree to share within a well-defined group for well-defined collective purposes.
2․ Ensuring that long-standing rules in the offline economy to protect the vulnerable from manipulation by those holding data on them (e.g doctor-patient) also apply online. The offline test is that such data should be used in the best interests of the data subject.
3․ Applying the lessons from existing large scale, data management systems to improve the cybersecurity around individuals’ O-Data and reduce fraud to business, citizens and government.
On this basis, we propose the following four policy guidelines:
Proposals 1: Control over O-Data
- Proposal 1a: O-Data must receive official (Generally Trusted Source) authentication and this is to
- be the only legal source of this data
- Proposal 1b: Give individuals genuine control over use of their O-Data through easy-to-use
- technical tools and supporting institutions.
Proposals 2: Control over P-Data
- Proposal 2a: The data subject is to be the only legal source of first-party P-Data.
- Proposal 2b: Give individuals genuine control over use of their first-party P-Data, through the
- above-mentioned technical tools and supporting institutions.
- Proposal 2c: Use second-party P-Data exclusively in the interests of the data subjects.
Proposals 3: Control over C-Data
- Proposal 3a: Create legal structures to support the establishment of ‘data commons’ for C-Data.
- Proposal 3b: Ensure that C-Data are under the control of effective, trustworthy and competitive
- organizations that promote the benefits of data subjects and the broader society.
- Proposal 3c: Ensure that the data commons are permitted to use data only for specified purposes and that its use, like that of P-Data, be transparent and accountable.
Proposals 4: Addressing Digital Power Asymmetries
- Proposal 4a: Provide effective rights of association for digital users.
- Proposal 4b: Provide effective legal protection for vulnerable digital users.
- Proposal 4c: Ensure that competition in the online world is analogous to that in the offline world.
- Proposal 4d: Provide GAAP-like oversight to data traffickers with regard to protecting the data they hold.
We propose models for how the data could be securely held and accessed and also possible business ecosystems which would build non-existing technologies. (Snower & Twomey, 2022)
These proposals have far-reaching implications:
Consumer protection – addresses opaque and asymmetrical data collection and exploitation, including in non-contractual relationships; creates greater ability for true data portability and interoperability – increasing competition and effective markets and creating opportunity for challenger firms – and directly addresses the use of data for commercial and political manipulation.
Containment of Pandemics – this proposal materially addresses the trust and coordination issues that hamper data collection, sharing and use to address COVID-19 and other public health emergencies, and the ongoing under-provision of public goods in the form of health data.
Taxation of Digital Goods and Services – addresses challenges of Base Erosion and Profit Shifting (BEPS) that are exacerbated through the digital economy and generates new sources of tax revenue, arising from the new informational markets that the proposals above create.
Fundamental Rights – protects and upholds fundamental human rights that are threatened by the current model, in particular, rights to dignity, freedom, equality, solidarity, citizens’ rights and justice.
Our proposals aim to mitigate these problems while retaining the wide-ranging benefits of the current digital system. There are various channels whereby the proposals aim to achieve these ends.
- Giving individuals control over their O- and P-Data would create markets in these domains and thereby enable the price system to generate incentives for data provision and data manipulation, promoting economic efficiency through all the well-known channels, both in static terms (gains in matching existing supplies and demands) and dynamic terms (gains in the acquisition of human and physical capital).
- Individual control over O- and P-Data also permits addressing digital power asymmetries analogously to those in the offline world, thereby mitigating existing inequities.
- Individual control over O- and P-Data, along with support for the establishment of data commons, would significantly enhance the enforcement of data protection rights.
- The use of O-Data and associated use of P- and C-Data would significantly reduce a wide variety of cybersecurity threats.
- The proposals would eliminate the current system of “third-party-financed digital barter” and thereby prevent undermining of the free market system in the allocation and distribution of resources. Thereby the proposals would provide new avenues for ensuring consumer protection, implementing a wider range of digital taxation schemes, and containing pandemics and other collective action initiatives.
- By giving individuals control over O- and P-Data and giving the relevant groups control over C- Data, the digital regimes would become far less vulnerable to political, social and economic manipulation. Clearly, if users have direct control of first-party P-Data and indirect control of second-party P-Data and if the C-Data is set up in accordance with Elinor Ostrom’s Core Design Principles (Ostrom, 1990; Wilson, Ostrom and Cox, 2014), then the users will not exploit their own psychological weaknesses and other agents will not be in a position to do so either.
Finally, the combination of the three sets of proposals would become a straightforward and powerful bulwark against threats to fundamental human rights in the digital realm, including the rights to the integrity of the person, non-discrimination, equality before the law, protection of personal spaces, association, consultation, and access to documents.
The upshot of these proposals is to put control over personal data into the hands of individuals or their freely chosen social groups and to reduce the power asymmetries in digital markets. The proposals do not undermine the important benefits generated by the current digital service providers, but rather enable the users – rather than the third-party funders – drive the ongoing development of digital services.