Should we get paid for our data? By Anne J. Flanagan

Anne Josephine Flanagan works at the World Economic Forum in San Francisco, California, where she engages with stakeholders globally – businesses of all sizes, governments, leading academics and civil society organizations - to codesign holistic policy solutions for technology governance.

As Data Policy Lead, she manages projects specifically on data policy and governance, "everything from looking at data as a valuable backbone of the new global economy, to issues around data protection and privacy, to how technology itself can offer solutions to the challenges of data governance".

Why do we need public policies for data governance?

Data is no longer a niche issue and it’s no longer about just technology companies. The way data is being used and the implications thereof are far reaching and often beneficial – think cancer research and climate mitigation – but sometimes harmful.

Issues such as personal privacy, the security of information, and who gets to control what is effectively important for everyone, especially because of the technologies we use on a day to day basis, such as our smart devices.

On top of that, we also have innovation itself including recent technologies such as blockchain, artificial intelligence, the Internet of Things, and advances in mobility which are all data-powered. That means every company is potentially a data company and every person is a data subject.

The implications for societies are profound and public policy can help ensure that data governance evolves in an equitable and responsible manner that puts people first.

How can data collection by the public sector and its optimized governance improve the lives of citizens? Can you mention a success case study?

Public sector innovation is an area where governments have the opportunity to take the best innovations from both the private and public sectors and improve the lives of people by developing data-powered services.

Access to citizen services in countries such as Finland and Estonia are seamless and unrivalled, resulting in greater trust between government and people, and increased efficiencies. In parallel, countries which have clear data laws offer greater certainty to businesses, resulting in increased investments and associated jobs.

We are currently working with the City of Helsinki on empowering societies through improving data availability and this will be piloted later this year. Good data governance is transparent data governance and always puts people at the centre. We apply this human-centric lens to all of our data governance work.

Are tech companies outpacing governmental action as far as data extraction is concerned and what are the consequences thereof?

The scale and ubiquity of data collection by companies is unprecedented. This is simultaneously daunting and exciting. When we think of how we engage with technology on a day to day basis, much of it is now seamless, with targeted services and content. While this brings convenience to our lives we also sometimes struggle to understand how our data is being used. That’s not completely our fault.

Right now the default is that we click on a screen of terms and conditions which we likely don’t take the time to read and which ask our permission to use our data in ways we may or may not fully comprehend. 

Clarity in this area is not only beneficial to people but also to companies as it helps them ensure they are following rules and accountable to consumers.

The challenge that regulators face in managing this type of scenario is that data can come from different sources and be used in different ways. We believe that it takes all stakeholders stepping forward to take greater responsibility in this increasingly complex space to ensure that regulation, when it happens, is proportionate without unintended consequences, and achieves greater prevention of harms whilst supporting innovation.

Who owns the data extracted by private companies? Should the citizen claim ownership as well as a share of the profits derived from its monetization?

This is a great question and one we think about often as it’s really where we see privacy rights collide with intellectual property rights. Many laws right across the world are silent on the concept of data ownership, especially when it comes to people’s data.

Ownership is a challenging concept when it comes to data about people because if something is owned it implies it can be sold or exchanged, but surely you nor I would want to sell our own identities. Furthermore, data is seldom single use: I can give my data to multiple entities and each could process that same piece of data in different ways.

A better model appears to be rights over data access and use. That includes the rights of people or consumers to have a say as to when and where data about them is used by companies.

As we know however, companies have been able to monetize the data they acquire so the question arises as to why that monetization doesn’t get passed back to the consumer, from where the data originated.

The answer is that the technology to do this isn’t quite there yet, and it is legally challenging, but receiving a dividend for the use of data about yourself will likely be possible at some point in the future.

Think of it like how musical artists are paid dividends every time their songs are played: people would become the paid artists of the data economy.

In the meantime, we receive services that are otherwise free to us in exchange for our data, and of course our time and attention.  Those services are ultimately designed by companies which have rights over their designs. This is where we see the privacy rights of people and intellectual property rights of companies intersect in a really exciting and complex way.

Data misuse by private companies and increasing concerns from citizens about data management in the public sector has triggered government intervention to improve the protection of personal data. Is this the most pressing matter in terms of public policies for data governance at the moment?

Whenever data is misused or is perceived to being misused it creates a gap in trust not just with respect to that company but across the entire data ecosystem, and governments and regulators may feel compelled to step in.  Data misuse is harmful to potentially everyone.

In many cases however, data misuse is in contravention of already existing laws. Governments across the world have prioritized data protection and personal privacy.

Where there is less clarity is in the implementation of these rules, particularly when it comes to how data interacts with newer technologies, and this opacity can lead to ambiguity or provide cover for bad actors.

There are also differences between countries as to how rules (or lack thereof) apply from country to country. Given that the many technologies of the Fourth Industrial Revolution are globally facing, this can also result in lack of clarity for businesses.

I’m currently leading the World Economic Forum’s Taskforce on Data Intermediaries which is investigating when and how a trusted third-party intermediary could solve some of these issues. In this instance an organisation or a piece of technology would sit between the person whose data is being collected, and the company that is processing it; that way there is a trusted gateway to streamline any difficulties at the front end.

In your opinion, which are the countries with the best public policies on data governance and why?

The legal profession has traditionally spearheaded thinking on data policy and governance issues and until recently it was seen as a relatively niche issue.

However, because data governance has the potential to affect everyone, a holistic approach is needed that takes into account the views of a multiplicity of stakeholders beyond just the legal profession, for example engineers, product designers, design thinkers, security practitioners  – and people themselves who have to interact with technology on a daily basis.

When you take a step back you start to see other complementary areas of policy such as data enablement, human-centric data governance, cross-border cooperation and new standards that equally need supportive public policies if data governance is to improve for the good of everyone no matter where in the world you may be.

As to what is working well, in 2018 the EU adopted the General Data Protection Regulation (GDPR). That legislation as we know was a gamechanger worldwide.

The GDPR has extraterritorial reach in certain circumstances and thus it not only became a benchmark standard, but it prompted a wave of conversations in non-EU countries seeking to improve their trade relationships with Europe.

Increased cooperation across all stakeholders will be the key to success.