TOC Habeas Data Your Turn

March 13, 2011

The World Economic Forum and Bain & Company, we argued last week, fell short in their acknowledging personal data to be a new asset class. As they refused to recognize the person behind the personal data as its legal owner, they fatally tainted its value as a bankable asset.

Despite being held to be "persons", corporations may be denied by the US Supreme Court the right to legal protection against "unwarranted invasion of personal privacy" as Adam Liptak recently reported (*). Yet companies can share our data, we better not share their information.

Still, eprivacy rights in society should not be absolute. Short of mouthing mindless mantras, we must show them to be both useful and practical.

From this perspective, the authors of "Personal Data: The Emergence of a New Asset Class" (1) propose an excellent framework by categorizing profile data as "volunteered", "observed" and "inferred" according to its mode of discovery.

Granted, "volunteered" is a misnomer as most profile information is only "disclosed" under duress, the infamous practice of bundling an unfavorable data transaction with another, whose fulfillment does not require it but which the consumer finds desirable. "Disclosed", if not "volunteered", this type of personal data is part of a transaction. As shown last week, this mode of acquisition entails possession but should clearly transfer no ownership.

In my campaigns for eprivacy (2), I have detailed how "disclosed" data should be made to fall under contract law. Last week, I also explained how parties we wrong by our behavior during a transaction own the very fact of having been wronged by us. And I have taught (3) how to allow for pre-transaction activities, including targeted advertising, in "total privacy", i.e. third parties included, with a personal, confidential, interactive environment.

The case of "inferred" data is more complicated as it implies an independent intellectual activity by another party. The same issue arises in the world of intellectual creation, when copyrighted products are remixed with original contributions. According to Quentin Peel, "no fewer than 286 pages of [German Defense Minister zu Guttenberg]'s PhD thesis [...] contained text [...] copied without attribution from other sources" (**). "Might makes right", the motto of our current plunder economy, is neither morally defensible nor economically sustainable.

Under my proposal, no "inferred data" should be created without a fair negotiation between the creator and the raw data owners, i.e. consumers.

If the creator deems an individual contribution non essential, e.g for market research, she must give the consumer the choice to either withdraw or be paid above a floor set by law, half upfront. If the consumer deems his contribution essential, for instance to be classified in the segmentation defined by the creator, he must give the creator the choice to either drop him or agree to split the future gains, for example from targeted advertisers.

"Observed" data may appear the most troublesome. Set aside cases everyone will admit are an unwarranted invasion of personal privacy, like spying, the truth is we live our lives in public, people cannot fail to observe us and would strongly object if we claimed ownership of their thoughts.

As the border between public and private spheres relentlessly shrinks the latter to the benefit of the former, one might even dismiss protecting "disclosed" data as an irrelevant distraction. Will not what others "observe" soon be more than enough for data aggregators and their clients?

For all these difficulties, the solution remains simple, based as it is on the objective difference between inner thoughts and outer behavior.

Like any of our rights as individuals, eprivacy is limited by the rights of our fellow man in society. Whoever observes my public behavior owns her memories and inferences just like any of her thoughts. But whoever follows me, importunes me, disparages me, either to enrich his "observations" about me or to draw external satisfaction of any kind from his "observations", is violating my rights to privacy by his behavior. It is harassment.

Companies which participate today in targeted advertising abuse either "disclosed" data in their legal possession, on which they should claim no ownership, or the individuals on whom they collect or exploit "observed" data in a systematic way which exposes the true nature of their behavior.

I should control what you do with what you "observe" about me as much as what I "disclose" to you. In practice, Internet based organizations do "observe" users more diligently than they themselves. Why not cooperate by letting such "data furnishers" benefit from this activity as long as they refrain from accumulating their knowledge outside of my control? This is one useful function of the confidential environment I invented (3).

Plunderers of course have a very narrow view of cooperation with their victims. According to Tim Bradshaw (***), "Omnicom, one of the largest marketing services groups, [...] believes its partnerships with the four largest online media owners will enable it to sidestep criticism around privacy because it will not own the data". Will it next be legal to fence stolen art as long as one claims not to take title from the thieves?

Harboring illusions of escape, Virginia Hefferman writes "you think you're reading the Web these days, but it's reading you" only to add "the Kindle {...] brought me the first moment of peace" (****). A bit naive as tethered devices make data collection all the more tempting as it is invisible. See how Scott Thurm and Yukari Iwatani Kane describe "the intrusive effort by online tracking companies" based on smart phones (*****).

Public knowledge cannot be made secret again. The rights of legitimate owners, whether of copyrights or private data, are limited by inevitable leaks and rumors. To be realistic about it, I have suggested the benefits of intellectual creation be capped . This could well be extended to personal data.

On the other hand those who leak should be held liable if they broke their obligations, whether to a person or an organization. Only whistleblowers should be protected when reporting what they "observed" about others to either the authorities or the media. In fact witnesses may be compelled by a judge to revealed what has been "disclosed" to them, an added argument for availing oneself of "total privacy" whenever possible.

Similarly those who exploit the leaks must be held responsible . First both authorities and media are liable to properly investigate a leak before acting on it. If the Renault three have been too hastily fired, given Matthew Saltmarsh writes "the scandal might not be what it initially seemed" (******), Renault's management is at fault. Second media should not themselves incite people to break the law as News of the World is alleged to have done.

This said and assuming the leak is backed by public proof, any receiver of a leak who publishes it acts as a media and should be protected as such. That some will publish even when not in the interest of the public is a price to pay for the capital principle of freedom of speech.

When no public proof is available however, for instance when the source is guaranteed anonymity, whoever publishes personal, confidential data is actually "inferring" it. Short of an efficient redress process (4), why not force media owners, if not to cancel their "inferred" production, at least to share their income from boosted circulation with their victims (5). They may be less eager to play the bully and more to "disclose" their own proofs.

If our pronaocracies were not sold in part to data aggregators, shouldn't they think about adding a right of Habeas Data before it is too late?

Philippe Coueignoux

  • (*) ........... Justices' Ruling Is Wrapped in an English Lesson, by Adam Liptak (New York Times) - March 2, 2011
  • (**) ......... Merkel hit by defence minister's resignation, by Quentin Peel (Financial Times) - March 2, 2011
  • (***) ....... Omnicom in deals to target online ads, by Tim Bradshaw (Financial Times) - March 10, 2011
  • (****) ..... Living Singles, by Virginia Hefferman (New York Times Magazine) - February 27, 2011
  • (*****) ... Your Apps Are Watching You, by Scott Thurm and Yukari Iwatani Kane (Wall Street Journal) - December 17, 2011
  • (******) . Renault Now Has Doubts About Its Industrial Espionage Accusations, by Matthew Saltmarsh (New York Times) - March 5, 2011
  • (1) Personal Data: The Emergence of a New Asset Class, by
    .............................. Professor Klaus Schwab, Alan Marcus, Justin Rico Oyola and William Hoffman (The World Economic Forum)
    .............................. and Michele Luzi (Bain & Company) - February 7, 2011
  • (2) for more details see my submissions to the EU and US bodies concerned by eprivacy.
  • (3) see my US patent portfolio, US Patent Number 6,092,197 and US Patent Applications 2006/0053279 and 2009/0076914.
  • (4) as a redress process, the English libel law has been criticized as unduly stifling the media, not to mention libel victims too poor to sue?
  • (5) for instance based on the number of page views for the article, as verified by an independent auditor.
March 2011
Copyright © 2011 ePrio Inc. All rights reserved.