In discourses on digitization and the data economy, it is often claimed that data subjects shall be owners of their data. In this paper, we provide a problem diagnosis for such calls for data ownership: a large variety of demands are discussed under this heading. It thus becomes challenging to specify what—if anything—unites them. We identify four conceptual dimensions of calls for data ownership and argue that these help to systematize and to compare different positions. In view of this pluralism of data ownership claims, we introduce, spell out and defend a constructive interpretative proposal: claims for data ownership are charitably understood as attempts to call for the redistribution of material resources and the socio-cultural recognition of data subjects. We argue that as one consequence of this reading, it misses the point to reject claims for data ownership on the grounds that property in data does not exist. Instead, data ownership brings to attention a claim to renegotiate such aspects of the status quo.
Data seem to be produced on unprecedented scales. Sensors, wearables, and devices continuously translate physical movements and states of affairs into data points. When browsing the internet or using social media, analytic tools process each and every click. Shopping interests and behaviours feed into tailor-made adverts and products. Networked cars and autonomous driving rest on large-scale gathering and processing of vehicle and traffic data. Precision medicine aims to search for patterns and correlations in huge sets of patient data, and promises to personalize prevention, diagnostics, and treatments to the specific characteristics and circumstances of individual patients. Industry 4.0 datafies and automates steps in manufacturing and production. The Internet of Things extends digitization, datafication, and networked objects even further. The recurring observation is that data processing will become increasingly pervasive and powerful. Already now, we witness transformations in how we perceive, frame, think, value, communicate, negotiate, work, coordinate, consume, keep information confidential, and make it transparent.
One—if not the—pressing question in the context of digitization is whether foundational rights of individual subjects are respected, and what it takes to safeguard them against interferences. One frequently discussed suggestion is that these questions arise against the backdrop of contested relations of ownership, i.e. the relation between an owner and her property. There is a set of expectations associated with data ownership. “It gives hope to those wishing to unlock the potential of the data economy and to those trying to re-empower individuals that have lost control over their data” (Thouvenin et al. 2017, 113). In this spirit, calls for data ownership demand that data can be property. Yet, commentators caution that “[s]implified versions of ownership […] may create compelling soundbites but provide little direction in practice” (The British Academy and The Royal Society 2017, 32). While data have tangible aspects, such as their relation to technical-material infrastructures, they also seem to differ from ordinary resources and tangible property (Prainsack 2019b, 5). In a digitized and datafied lifeworld, claims to data are indispensable towards claiming fundamental rights and freedoms. These preliminary observations prompt us to clarify what data ownership exactly means, how it is justified, what it tries to achieve, and whether it succeeds in promoting its aims.
The present paper explores the content of claims for data ownership. It has two goals: first, it provides an in-depth analysis of different notions of data ownership and uncovers inherent conceptual tensions and puzzles. As we will argue, a variety of considerations are put forward under the heading of data ownership. The notion is ambiguous and even paradoxical: it used to articulate and taken to support claims that stand in tension and are mutually incompatible.
Second, we argue that all of these dimensions of data ownership matter for informational self-determination, understood as the ability of data subjects to shape how datafication and data-driven analytics affect their lives, to safeguard a personal sphere from others, and to weave informational ties with their environment. Specifically, and drawing on a debate between Axel Honneth and Nancy Fraser, we demonstrate how the meanings of data ownership raise both issues of material ownership (pertaining to the sphere of distribution) and issues of socio-cultural ownership (pertaining to the sphere of recognition). Our proposal is that important entanglements between both spheres get overlooked if we merely focus on one of them. For informational self-determination, both are relevant. Thus, we need to take seriously the full range of dimensions of data ownership in order to understand how data subjects exercise informational self-determination, and how such exercises can be facilitated and promoted. We discuss these challenges under the heading of data sovereignty (German Ethics Council 2017, 2018; Hummel et al. 2018; Hummel et al. 2019, 26–27).
In order to pursue these goals, we begin by briefly considering data ownership from a legal perspective (2.). As we will show, there is a debate about the compatibility between data ownership and current legal frameworks. Moreover, a number of rationales that typically discourage the institutionalization of data ownership are beginning to disintegrate in contemporary big data environments, which we take to suggest that the case for data ownership is worth debating. We then go on to provide interpretative contributions on what it would mean to establish or to maintain data ownership (3.). As it turns out, the substantive demands and goals vary significantly across discussants. We distinguish four dimensions of data ownership. Each of them is debated by reference to a pair of conceptual poles: the institutionalization of property versus cognate notions of quasi-property (3.1), the marketability versus the inalienability of data (3.2), the protection of data subjects versus their participation and inclusion into societal endeavours (3.3), and individual versus collective claims and interests in data and their processing (3.4). We propose that this characterization explains why different proposals on data ownership articulate diverging or even mutually incompatible demands, and helps us to get a grip on what is at stake when the notion is invoked. Drawing on Honneth and Fraser (4.), we go on to argue that all of these dimensions are vital for informational self-determination. Statements on data ownership touch upon and go back and forth between two different spheres: the redistribution of material resources and the socio-cultural recognition of data subjects. In view of our findings, the notion of data ownership can be understood as an expressive resource for articulating and negotiating claims concerning both spheres.
In the following, we use the terms ‘ownership’ and ‘property rights’ as follows: “Property rights […] are the rights of ownership. In every case, to have a property right in a thing is to have a bundle of rights that defines a form of ownership” (Becker 1980, 189–190). ‘Property’ refers to the thing(s) to which property rights apply.
2 Legal Frameworks
The dominant view in legal theory tends to be that data cannot be owned: “Individual ownership of data […] is contrary to well-established legal precedent in the United States, United Kingdom, and many other jurisdictions, which for good reasons do not recognize property interests in mere facts or information” (Contreras et al. 2018). European frameworks like the Convention for the Protection of Human Rights are typically understood as presenting data-related rights as an extension or subset of fundamental human rights, which suggests that they are inalienable and unsuitable for propertization, commodification, commercialization (Purtova 2010, 202–204; Harbinja 2017, 2019, 103–104; Prainsack 2019a, 18). In the US discourse, some commentators have been amenable to data ownership (Purtova 2009). Overall, national legal frameworks differ considerably in the extent to which they leave room for some form of data ownership (Osborne Clarke 2016).
Still, even with regard to the European framework, the nature of rights on data is discussed controversially. Pearce (2018) argues that according to the GDPR, data protection rights could prima facie be regarded as either personal or proprietary rights. Both kinds of rights share their orientation towards economic efficiency, civil liberties and avoidance of unjust interferences. But while proprietary rights do so on the basis of assigning transferable rights in external things, personality rights are internal, not directed at external things, relate to an individual’s personhood, character, and identity, and are inalienable. Pearce points to Victor (2013) who argues that the GDPR treats data very similar to property: data subjects enjoy default entitlements to personal data (against this, cf. Purtova 2015, 88–99) and thus a similar kind of authority that owners have over their property, given that the consent of the data subject is needed for the processing of personal data (Art. 6). Moreover, the individual has rights to access (Art. 15), erasure (Art. 17), and data portability (Art. 20). The latter can be seen as an analogue to owners’ ability to demand their property if it is being used and accessed by others (cf. also Thouvenin 2017, 27). That these rights remain in place even once others gain access to personal data constitutes “one of the most property-like features of the new regime” (Victor 2013, 525). Finally, legal remedies for violations mirror those typically used for property protections. Still, Pearce (2018, 201–202) ends up discarding Victor’s suggestions. He denies that the GDPR assigns default entitlements to data subjects: the GDPR does allow the processing of personal data without consent, e.g. if it is carried out “by a natural person in the course of a purely personal or household activity” (Art. 2 (c)). Moreover, member states can restrict GDPR provisions for the sake of national security (Art. 23). Another serious problem with a proprietary reading is the scope of the term ‘personal’: appropriately for big data contexts in which data sets are de- and recontextualized frequently, the GDPR uses a wide notion in which data that initially appears to be non-personal become personal if it can in principle be related to an individual. But the more expansive ‘personal’ is understood, the less plausible it is that personal data can be owned, commodified, and controlled. Since Pearce also has arguments against a personal rights reading of the GDPR—e.g. personal rights typically cannot exist independently from their owner, whereas the dead do retain certain rights to data protection (Harbinja 2017, 2019)—neither the proprietary nor the personal rights paradigm sits well with the GDPR, and Pearce thus speaks of a “Conceptual Muddle of Data Protection Rights under EU Law” (ibid.).
These observations illustrate some variance in opinions on the question of what present legal frameworks actually make of data ownership. Most authors maintain that current legal frameworks and the idea of data ownership are incompatible. Others claim that these legislations are actually somewhat unclear on the status of the notion. And as we have just seen, some even think that certain frameworks already assign some kind of ownership in data. The latter position might be defended less frequently, but it nonetheless exists and has proponents.
Besides data protection law, there are further legal frameworks that govern data. For example, contract law defines the scope and limitations of contracts that determine the rights of data originators and processors who negotiate access and use of data, e.g. by exchanging services or levying charges. However, while contract law undoubtedly has an important functional role to play, it also leaves certain foundational issues unaddressed. For example, “[contract law] does not settle the question to whom data is being ascribed originally, i.e. who owns them. […] Only those who acquire something that they did not own at the outset can be expected to provide something in return” (Ensthaler and Haase 2016, 1460, our translation). In this picture, contract law presupposes pre-legal ownership relations rather than establishing them. Unlike property law governing tangible objects, intellectual property law does assign ownership rights to entities that—just like data—are non-rivalrous, non-excludable and non-depletable. However, these protections are tied to acts of creation. Data ownership claims are intended to apply even if no act of creation was involved in generating the data (Ensthaler and Haase 2016; Cohen 2018, 212–213).
One primary reason for legal scholars to be critical of data ownership is that there are important differences between data and paradigm cases of property (Zech 2012, 117–119). First, unlike tangible entities, possession of data does not imply that one is the sole possessor and exclusive user. Data can be duplicated, and several people can use it at once. Second, it is difficult if not impossible to exclude third parties. Unless one manages to keep data secret, it can be duplicated and used by others. Due to being non-rival and non-excludable, data are public goods (as the term is used in economic theory, and contrasts with private goods, club goods, and common-pool resources). Moreover, data are non-depletable: they can be used more than once without losses in quality. Because of these disanalogies, Zech argues that possession or ownership of data are misnomers that presuppose tangibility. For information, access is the right category.
Intellectual property does pertain to a resource that is prima facie non-rival and non-excludable (prior to propertization). In principle, it could thus serve as a fruitful blueprint for data ownership. However, this would raise at least two challenges: first, data ownership concerns data that relates to individuals, but unlike intellectual property, such data are typically not created or invented by them. Second, there is a debate within legal theory whether intellectual property is or should be genuine property, or actually just confers monopoly rights (e.g. Lessig 2004; Hughes 2005; Lemley and Weiser 2007). If so, similar reservations would apply to data ownership proposals.
If one decides to protect information, this can happen at a variety of levels (Lessig 2002a, 23; Wiebe 2016, 67–68; Specht 2016, 290–291; Thouvenin et al. 2017, 120–121): first, at the syntactic level or code layer which refers to the code that expresses it; second, at the semantic level or content layer which refers to the meaning of the data; third, at the structural level or physical layer which refers to the physical embodiment of information; fourth, at the pragmatic level which refers to the effects, uses, and purposes of information. These distinctions raise the need for specifying which level a proposed ownership right in data would govern. Moreover, they bring out that de lege lata, certain aspects of these different layers are already protected. For example, across different legislations, data protection law contains provisions pertaining to personal data and hence relate to the semantic level.
Regarding the question whether besides existing legal mechanisms, new provisions should be introduced, one point of interest for legal scholars is whether such introduction would help to alleviate market failures and thus contributes towards more efficient allocations (Becker 1980, 193). For example, we might expect that people are better off when resources are governed by property regimes. Otherwise, exploitation of resources looms, whereas assigning property sets an incentive for owners to plan and to maintain them. This helps to avoid a tragedy of the commons as coined by Hardin (1968), although his influential discussion has also been criticized for conflating commons and open access regimes (e.g. Ostrom 1990; Rieser 1999). Either way, both legal scholars and economists maintain that the burdens of introducing and enforcing additional legal mechanisms to govern resources should be proportional to the societal benefits these mechanisms generate. This rationale is discussed for data ownership as well (Murphy 1996; Solove 2001, 1445–1455; Purtova 2009, sect. 3.1; Thouvenin 2017). As one example for a critical take on this issue, Thouvenin et al. (2017, 115–116) distinguish a market failure in a narrow sense from a market failure in a wider sense. In a narrow sense, a market failure arises if the good would not be produced or used unless there were property titles in it. In a wider sense, a market failure arises if the transaction costs are not as low and allocations not as efficient as they could be. Thouvenin et al. argue that data ownership is not necessary to address market failures in the narrow sense; even without data ownership, data would be produced, used, licenced, traded, etc. And with regards to market failure in the wider sense, they complain about insufficient empirical and conceptual evidence about the superiority of the ownership paradigm.
Such criticisms of data ownership often involve the following two premises. First, data are non-rivalrous (for an overview, cf. Purtova 2015, 101). Second, this speaks against the idea that data can be the property of individuals.
Against the second claim, note with Moore and Himma (2017, sect. 4.2) that the inference of a requirement of maximal access from the supposition of non-rivalry is dubious. Sensitive personal information, but also content like snuff films, obscene pornography, or information related to national security are non-rivalrous. Yet, moral claims to maximal access are unreasonable. This does not establish that individuals can or should have information as property, but it does challenge the suggestion that mere non-rivalry of information speaks against data ownership.
As per the first claim, data is typically seen as non-rivalrous in the sense that one agent’s access does not prevent others from accessing and using the very same data, too. Nevertheless, proponents of virtual property argue that there are examples of immaterial goods that are rivalrous and thus deserve distinctive legal mechanisms beyond intellectual property law (Berberich 2010). Fairfield discusses the examples of “domain names, URLs (uniform resource locators), websites, email accounts, and entire virtual worlds” that are rivalrous and persistent, i.e. “do not go away when you turn your computer off” (Fairfield 2005, 1049), and people can interact with them. These resources thus “mimic physical properties” (Fairfield 2005, 1053) of tangible goods (for criticism, cf. Glushko 2007; Nelson 2009).
Purtova (2015, 107–109) argues that rivalry is still a matter of concern for the simple reason that there is competition and rivalry amongst the platforms which extract data. Focusing on individual data points and finding no rivalry in their access and use is short-sighted. Google, Microsoft, Facebook and the like require large-scale ‘user livestock’ to extract meaningful quantities of information. There is rivalry in the sense that once such ‘user livestock’ is gathered by a ‘digital giant’, this information cannot be used by other organizations or individuals. That is, rivalry exists at the structural level of the ways in which data is harvested. According to Purtova, it is here where grave power imbalances will be generated and reinforced unless ownership regimes are implemented.
We need not fully subscribe to Fairfield’s and Purtova’s analyses to recognize that they highlight important respects in which purely legal perspectives on data ownership could reach their limits. Data might be rivalrous or not, and have or fail to have further features that matter with regards to whether law can currently encode property titles in data. What becomes apparent, however, is that these questions are not solely answerable from within law or legal theory. Whether data or its usage are persistent, scarce, or rivalrous, and which significance this should have for justified ownership claims, are questions that have implications for law and relate to legal frameworks, but that importantly go beyond legal inquiry and discourse.
Finally, their analyses demonstrate that a debate on data ownership concerns much more than just data. Both Fairfield and Purtova highlight that data have real-world impacts on the lives of data subjects. There might not be rivalry when accessing and using the good itself; I can use my data even if someone else does, too. But consequences and inferences from someone else’s usage can affect my individual freedom and the options I enjoy in social space. The flow of sensitive information can have implications on employment, insurance status and eligibility, or the prospects to receive fair, unbiased treatment in courts and trials. What this suggests is that data ownership need not be motivated primarily by considerations about the effective management of the resource of data—a suggestion that would appear to be undercut if all data were non-rivalrous. If anything, the resource to be managed efficiently by institutions of data ownership is not only the resource of data itself, but societal resources of justice, privacy, self-determination, fairness, inclusion, and the like. On this view, it is the significance of data in our lifeworlds that motivates the institution of data ownership as a way to exercise control over fundamental categories of coordination in datafied societies. This, in turn, suggests that doubts about the existence of data ownership relative to existing legal frameworks should not prevent us from exploring the notion in further detail.
3 Aspects and Indeterminacies of Data Ownership
Becker (1980, 187) distinguishes three questions about the justification of property. The general question is: why should there be property? The specific question is: what kind(s) of property rights should there be? And the particular question is: who should have a title to a specific kind of property?
Discussions of the different questions about the justification of property often refer Locke:
Though the Earth […] be common to all Men, yet every Man has a Property in his own Person. This no Body has any Right to but himself. The Labour of his Body, and the Work of his Hands, we may say, are properly his. Whatsoever then he removes out of the State that Nature hath provided, and left it in, he hath mixed his Labour with, and joined to it something that is his own and there makes it his Property. (1689, ch. 5, sect. 27)
For Locke, the starting point is the self-ownership inherent to personhood. The result of the person mixing labour with natural resources is that the property in her own person is extended to the product.
There are alternatives to the Lockean starting point for justifying property. For example, Becker (1980, 193) characterizes utilitarian approaches according to which property is beneficial towards human happiness, for example by promoting stability and efficiency. What he calls “Personality Theory” (ibid. 209) regards property acquisition as necessary to maintain and promote personhood. Examples include Aristotle’s suggestion that some virtues presuppose property. And against the backdrop of quite different theoretical frameworks, Kant and Hegel agree that property manifests personhood, agency, and the legal implementation and recognition of freedom (cf. also Radin 1982).
With regard to Becker’s specific and particular questions, the Lockean picture is actually a double-edged sword for data ownership. On the one hand, it can be taken to motivate data ownership as an extension of personal self-ownership (Solove 2008, 26). On the other hand, it also discourages such a view.
Consider the criterion of mixing one’s labour with resources. On reflection, this suggestion undermines the idea that individuals own data about them (e.g. Thouvenin 2017, 25). While I might have “invest[ed] bodily samples” (Montgomery 2017, 83) but no labour (Cohen 2018, 212–213) in biomedical data about me, it is the medical service provider who analyses specimen and data, compiles it into evidence bases, and generates value based on the raw materials I am providing. If labour is any indication, then “[i]f anyone may claim proprietary rights over the information on the labour theory of property, it would seem to be the health professionals or service for which they work” (Montgomery 2017, 84). Similarly, Solove notes that “[p]ersonal information is often formed in relationship with others” (2008, 27), and illustrates that web-browsing data is a joint feat by the user and the service provider.
These observations illustrate some initial challenges with the concept of data ownership. Returning to Becker’s terminology: with a Lockean answer to the general question about property, we could still negate the specific question of whether data should be owned. Even if we affirm it, we might have to answer the particular question in a way that renders data subjects mere co-owners at best. For the moment, we sidestep these issues in order to point out that even if they can be addressed, ambiguities and indeterminacies in the notion of data ownership remain.
3.1 Property versus Quasi-Property Rights
Although there are legal provisions that provide data protection and control rights, data do not straightforwardly and undisputedly fall under the categories of property and ownership (2.).
One way to understand calls for data ownership is that they express dissatisfaction with provisions de lege lata. As things stand, legal frameworks fall short of assigning individuals appropriate authority over their data, and perceived shortcomings of the status quo have implications de lege ferenda. For example, in his recent, innovative proposal, Fezer (2017, 2018) argues for the introduction of genuine, sui generis property rights in data. He accepts that individuals do not invest labour in the generation of data, but denies that this affects their entitlement to data ownership. He highlights that what he calls citizen data are behaviour-generated: they are the result of citizen interactions and communication. This applies independently of whether these data are anonymized or personal. Behaviour-generated data do not reduce to mere code but reflect a form of cultural agency, which makes them the appropriate object of dedicated legal governance (rechtserhebliches Kulturhandeln). Human dignity, informational self-determination, cultural significance and expressiveness of data must be the departure points for global discourses on human and foundational rights in digitization. This concerns “nothing less than the civil-societal status of the citizen as a sovereign in constitutional democracy” (Fezer 2018, 27, our translation).
Fezer emphasizes that property is the legal institutionalization of personal rights to freedom: it provides a legally mediated space to enact freedom (“freiheitlicher Gestaltungsraum durch Recht” (Fezer 2018, 48)). This functional role of property and its inherent connection to the freedom of its owner should convince us that the notion of property is open and should not be a priori limited to material goods and intellectual property. If circumstances call for it, we need to reflect on new forms of property to secure the sovereignty of citizens. In particular, he proposes that future data ownership law should take behaviour-generatedness as the counterpart of acts of creation in intellectual property law. Finally, at the heart of Fezer’s proposal is the suggestion that for pragmatic reasons, citizens’ impact on data governance via data ownership must be representative, i.e. enacted and articulated through macro-level governance bodies. In this way, he arrives at an interesting unification of individual data ownership and the collective representation of data subjects.
Unlike Fezer, other calls for data ownership do not necessarily demand the introduction of new forms of ownership, but something rather different. To see why, note that ownership can be taken as a proxy for certain access, usage and control rights. For example, in his seminal discussion, Honoré describes 11 rights and duties which he takes ownership to comprise: “the right to possess, the right to use, the right to manage, the right to the income of the thing, the right to the capital, the right to security, the rights or incidents of transmissibility and absence of term, the prohibition of harmful use, liability to execution, and the incident of residuarity” (Honoré 1961, 370). Honoré himself regards these rights and duties to be jointly sufficient for ownership, but maintains that they need not be individually necessary. Satisfying all of them would give rise to full ownership. But perfect satisfaction of all these conditions is not necessary to speak of (less-than-full) ownership, which can already result if only some of these conditions are satisfied to some degree. Consequently, less-than-full ownership can come in different forms as it can comprise a range of different rights and combinations thereof.
This leads to the following three observations. First, ownership is compatible with varying degrees of satisfying Honoré-style conditions. Instead of necessitating unconditional and unrestricted control, control and usage rights can be constrained, e.g. by collective rules, public institutions, and state agencies. Ownership thus conveys only inexact information on how much control the owner has over her resource. Waldron (2017, ch. 1) illustrates that one might own a building in a historic district. While this confers entitlements to control and to use the resource, restrictions apply. The owner could not, for example, tear it down and replace it with a skyscraper. In a similar vein, Evans (2011, 79–80) points out that even if health data were patient-owned, the state would maintain certain rights to access it non-consensually, for example if such access is in the legitimate interest of the public. Ownership is not a single right but comprises a bundle of rights, and it is helpful to be clear about which right is being ascribed and asserted in a given case.
Second, the question arises what exactly is put forward in calls for data ownership. It is possible that the point of these calls is not so much the demand that Honoré-style conditions are satisfied to a degree that entitles us to speak of ownership, let alone full ownership. The point of these calls could be these particular conditions themselves. For some, it might be a vital question whether in a given case, we have enough of these conditions preserved to speak of ownership. But for others, the question of ownership might be moot. What matters is whether enough of these conditions is preserved to promote certain ends, including but not limited to the integrity of persons, self-determination, and participation in social endeavours. For example, Thouvenin highlights the pragmatic question whether data ownership should be introduced alongside existing regulation or replace it. The former option could yield inconsistencies between old and new regimes, the latter far-reaching transformations, e.g. of data protection principles. Thouvenin thus prefers a more cautious governance of small steps: not a full-blown introduction of data ownership, but more reflection on transferability and admissible contractual agreements between individuals and private industry on data access and use—while maintaining a systematic place for a personal sphere that cannot be affected by contractual agreements. He thus cares about the particular conditions typically implicated by ownership, not about ownership itself, which he rejects for largely pragmatic reasons.
This directly leads to a third suggestion. Calls for data ownership are not only focused on Honoré-style rights. They are also put forward with an eye on the outcomes that assigning such rights to data owners will promote. As a point in favour of this suggested reading, note that criticisms of data ownership deny that it succeeds in bringing about certain ends better than alternative governance designs. For example, Evans argues that status quo regulations (in her case: US federal regulatory protections) and proposed data ownership models do not differ much with regards to balancing privacy with public access and non-consensual data use: “Creating property rights in data would produce a new scheme of entitlements that is substantively similar to what already exists, thus perpetuating the same frustrations all sides have felt with the existing federal regulations” (Evans 2011, 75). She concludes: “The right question is not who owns health data […]. Instead, the debate should be about appropriate public uses of private data and how best to facilitate these uses while adequately protecting individuals’ interests” (Evans 2011, 77).
As we have just seen, ownership does not necessarily confer unconditional control. Sometimes, what matters are the particular rights typically implicated by ownership, not ownership per se. And sometimes, it is primarily outcomes that are negotiated and criticized by means of ownership terminology. We thus put forward the following conciliatory suggestion in view of the reservations and scepticism against data ownership. One possibility is to shift the focus away from legally codified ownership and towards the desideratum that discussants pursue: ownership in the sense of gaining and maintaining control over one’s data. To this end, we understand quasi-ownership as the relation that supervenes on components of a Honoré-style bundle while leaving it conceptually open whether enough of them is instantiated for ownership, let alone full ownership. Quasi-ownership would primarily seek to put individuals in a position to distribute, retract, shield, but also share their data for a variety of purposes, including but not limited to personalized medicine, algorithmic applications, biomedical research, and their own clinical care within a patient-centred health system. In other words: what is initially framed as data ownership concerns primarily controllability, i.e. the availability of effective means for data subjects to exercise control over her data.
This marks an important dialectical point: the terminology of ownership is dispensable; what matters are the particular conditions that ownership typically advances. If so, maybe calls for data ownership should actually eschew the language of ownership and property for the sake of clarity. Instead, proponents could make explicit that they are concerned with certain (bundles of) rights, regardless of whether or not these qualify as property rights, let alone give rise to full ownership. This would even build on some common ground in the debate. For example, opponents of data ownership argue that all that this view can charitably be taken to mean is “property-like rights through contract” (Contreras et al. 2018). Proponents could take this as a cue to highlight that whether contractual or not, it is precisely such rights pertaining to access, usage, and exclusion that are important. Moreover, Pearce (2018, 205–208), after deeming EU data protection law conceptually muddled (2.), proposes that it fits best with quasi-property rather than a personal rights or full-blown property paradigm, for example because the exclusionary rights specified by the GDPR are not unconditional and contingent on interactions that establish “a data subject/data controller relationship” (Pearce 2018, 207).
Sceptics could still object that even quasi-property will constrain data access because individuals can restrain others from accessing their data, which might “result in less-effective research and flawed health policy” (Contreras et al. 2018). For example, Rodwin cautions that “patient data appear to be an example of private ownership that preclude downstream inventions and benefits for individual owners and society” (Rodwin 2009, 87). Patient data ownership is akin to private industry organizations owning patents in gene sequences: such ownership constrains access to building blocks for innovation and “monopolizes raw material needed for research” (ibid.).
On the one hand, regardless of whether property or quasi-property in data is in question, such effects on research, development, and policy form important considerations. However, as a proposed reason to reject data ownership proposals, we can confront these lines of thinking with at least two challenges. First, framing the issue as a choice between data ownership and efficient research presents a false dilemma. It remains to be demonstrated that considerations about the availability of data for research speak against data (quasi-)ownership tout court, or whether they primarily urge us to design research processes in the right ways. Whether research will be hampered is not only a function of whether data ownership is in place, but also of how easily and effectively data owners can share their data, whether data interoperability is achieved, and whether individuals trust research processes. If data owners can control data flows, contribute data to research, but also retract it if necessary or desired, then the hypothesis that individuals would consistently withhold their data is hardly plausible, both empirically (Mikk et al. 2017) and conceptually (Hummel et al. 2019).
Second, suppose we were convinced that (quasi-)ownership comes at a cost for research. Even then, serious questions remain about whether an ethical rationale for systematically bypassing the informed will of the individuals whose data is channelled into research and development could withstand scrutiny. Rodwin- and Contreras-style considerations might well be the outcome of a normative debate in which they are evaluated in the light of public benefits that are allegedly undercut. But they cannot preempt such a debate. Individuals are not isolated, independent and unaffected subjects, but always find themselves embedded in social contexts in which datafication and analytics, while being able to generate benefits and efficiencies, can drive inferences that constrain self-determination. Negotiating claims to data (quasi-)ownership could be one step towards safeguard these spaces.
To recap the foregoing, we have suggested that calls for data ownership might have less to do with property rights or full ownership than it appears. None of the components of Honoré’s bundle are individually necessary for ownership, and there can be ownership without instantiating each and every component of the bundle. Are these calls aiming at ownership or merely quasi-ownership? Our constructive proposal is: it might be merely the latter. If these are de lege ferenda claims at all, they are much less drastic than Fezer’s proposal. And we have argued that debating them is timely and essential for ethically sound data governance. Data (quasi-)ownership is a live option and deserves to be taken seriously.
3.2 Marketability versus Inalienability
Amongst the components in a Honoré-style bundle is the right to transfer one’s property to somebody else, usually in return for another good, such as money or services. The conviction that such transfers involving data should be possible is one important motivation of data ownership regimes. “The raison d’etre of property is alienability” (Litman 2000, 1295). Indeed, while data are hailed as the ‘new oil’ and the most important resource of the 21st century, no straightforward mechanisms for attributing and transferring data exist (Thouvenin 2017, 26). Data ownership could address this gap by enabling data subjects to introduce usage and access rights to their data into the market. Ideally, this facilitates transactions and results in more efficient allocations. For example, with regard to ownership of health data, Kish and Topol believe that “[w]ithout ownership, there can be no trusted exchange. […] To build a truly thriving health data economy, we need to harness the power of data ownership” (2015, 923).
For a moment, let us sidestep our result above that quasi-ownership might be enough to achieve such ends, and that genuine ownership need not be necessary. The present idea is that propertization and the option to market data enhance the control and power of data subjects: “if the essence of a ‘property right’ is that the person who wants it must negotiate with its holder before he can take it, propertizing privacy would also reinforce the power of an individual to refuse to trade or alienate his privacy” (Lessig 2002b, 261). As Purtova (2015) highlights, losses of control loom in the absence of propertization: access and usage of data will become a matter of mere de facto power of data market participants. Thus, “the right question to ask is not whether there should be property in personal data, but whose property it should be” (Purtova 2015, 84).
Besides control, marketability could also put individuals in a position to gain a share in the economic value that is generated by processing their data. Lanier highlights that private firms do not compensate the individuals whose data drives their business. His proposed solution is to
[p]ay people for information gleaned from them if that information turns out to be valuable. If observation of you yields data that makes it easier for a robot to seem like a natural conversationalist, or for a political campaign to target voters with its message, then you ought to be owed money for the use of that valuable data. It wouldn’t exist without you, after all. […] An amazing number of people offer an amazing amount of value over networks. But the lion’s share of wealth now flows to those who aggregate and route those offerings, rather than those who provide the ‘raw materials.’ A new kind of middle class, and a more genuine, growing information economy, could come about if we could break out of the ‘free information’ idea and into a universal micropayment system. We might even be able to strengthen individual liberty and self-determination even when the machines get very good. (Lanier 2014, 9)
Lanier does not merely demand that data ownership shall get recognized. He is also presupposing certain (non-legal) ownership relations and entitlements when he argues that as of now, people do not receive fair shares of the value their data helps to generate, and that this shall be addressed by means of his proposed micropayment system that compensates individuals appropriately.
The idea that individuals should be able to market their data receives a variety of criticisms. First, it could have undesirable consequences if data subjects were in a position to introduce their data into market transactions. Commercialization of data appears to empower the initial data owner, but could also result in losses of control and participation. Once access and usage rights have been sold or traded against services, individuals cease to have control and authority over their data. Intuitions about entitlements one retains after one’s data has been marketed thus speak against ownership as marketability. As Montgomery points out with regard to personal health data, “information ‘about me’ does not cease to be connected to my privacy when I give (or sell) it to others” (Montgomery 2017, 82). Since even after having sold their data, individuals retain justified claims to privacy, Montgomery takes it to be implausible that data fall under the category of private property. Alienability could further encourage marketization that ends up undermining rather than strengthening privacy. “The concept of alienable ownership rights in personal data is disturbing, because the opportunities to alienate are ubiquitous. […] The market in personal data is the problem. Market solutions based on a property rights model will not cure it; they’ll only legitimize it” (Litman 2000, 1299–1301).
Second, a further worry relates to the attitudes and expectations that are raised by data ownership. Consider what exactly individuals would own if they had property rights in their data. If we abstract from the labour others contribute towards the generation and processing of data, then not much of value is left. “Data propertization proposals fail because patients’ raw health information is not in itself a valuable data resource, in the sense of being able to support useful, new applications. Creating useful data resources requires significant inputs of human and infrastructure services, and owning data is fruitless unless there is a way to acquire the necessary services” (Evans 2011, 75). According to a joint report by the British Academy and the Royal Society, data ownership might “create an expectation of compensation for use of data” even though “value is typically derived from the combination and use of data rather than from individual data points” (2017, 32). The report does acknowledge the economic importance of ownership notions towards “extracting the commercial value of data” and “protecting [data] as an asset and realising its value” (ibid.). But it cautions against misunderstandings that could flow from overly simplistic models of data ownership, transferability, and the value of data.
Third, against data ownership as marketability speaks the insight that data differ from other goods that can be marketed. Unlike paradigm cases of property, transfers of data do not imply that the vendor or donor loses anything. Data can be transmitted but not withdrawn, be possessed simultaneously by many (Solove 2008, 27), and be in several places at the same time (Prainsack 2019b). Floridi notes that acquisition and usage of information are lossless; “contrary to other things that one owns, one’s personal information is not lost when acquired by someone else” (Floridi 2014a, 118). These challenges to marketization might not be insurmountable. For example, one way to accommodate them is to say that rather than transfers of data, what happens upon marketization is simply the suspension of certain privacy claims against a return. Still, data remain an unusual commodity with distinctive characteristics.
These criticisms target data ownership as marketability as undesirable, at odds with privacy intuitions, and unsuitable in view of the features of data. But another strand in the debate takes a different route. It agrees that data ownership—if understood properly—should be recognized, but on these grounds strongly opposes the idea that data should be marketable. Its starting point is the importance of data for the constitution and integrity of persons.
Floridi’s account of personhood rests on an “informational interpretation of the self. The self is a complex informational system, made of consciousness activities, memories, and narratives. From such a perspective, you are your own information” (Floridi 2014a, 69). He goes on to defend the view that the primary importance of privacy flows from our status as “informational organisms (inforgs), mutually connected and embedded in an informational environment (the infosphere)” (Floridi 2014a, 94). Because of the significance of information for the self-constitution of inforgs, privacy breaches infringe upon their identity. This picture, however, leads Floridi to reject an ownership-based interpretation of privacy according to which “[a] person is said to own his or her information […] and therefore to be entitled to control its whole life cycle, from generation to erasure through usage” (Floridi 2014a, 116). Agents do not just own information; they are constituted by it. Floridi thus calls for “understanding a breach of one’s informational privacy as a form of aggression towards one’s personal identity” (2014a, 119). As a result,
one may still argue that an agent ‘owns’ his or her information, yet no longer in the metaphorical sense just seen, but in the precise sense in which an agent is her or his information. ‘Your’ in ‘your information’ is not the same ‘your’ as in ‘your car’ but rather the same ‘your’ as in ‘your body’, ‘your feelings’, ‘your memories’, ‘your ideas’, ‘your choices’, and so forth. It expresses a sense of constitutive belonging, not of external ownership, a sense in which your body, your feelings, and your information are part of you but are not your (legal) possessions. (Floridi 2014a, 121)
In other words, Floridi would criticize language of data ownership only to emphasize that it actually concerns instances of self-ownership in the most literal sense. Because of this intimate entanglement between information and the informational organisms it constitutes, Floridi demands that the protection of information shall be grounded directly in the normative status of the latter. For us, this means that
[t]he protection of privacy should be based directly on the protection of human dignity, not indirectly, through other rights such as that to property or to freedom of expression. In other words, privacy should be grafted as a first-order branch to the trunk of human dignity, not to some of its branches, as if it were a second-order right. (Floridi 2016, 308)
One upshot of this is that data becomes unsuitable for market transactions. Indeed, Floridi suspects that if he is right that “personal information is […] a constitutive part of someone’s personal identity and individuality, then one day it may become strictly illegal to trade in some kinds of personal information” (Floridi 2014a, 122).
Overall, the relation between data ownership and marketability is complicated. On the one hand, some call for data ownership in order to allow individuals to market their data. On the other hand, others worry that data ownership would open the door to stripping individuals of something inalienable, and that data are so ingrained with individual personhood that ownership is too external to capture this relation. From the perspective of the individual, the resource is indispensable. Data ownership properly understood thus precludes rather than motivates alienability and marketization.
3.3 Protection versus Participation
Other calls for data ownership share the conviction that certain fundamental resources need to be available to individuals for self-constitution, forming and implementing life plans, and participating in communal lifeforms. They also agree that data ownership is vital towards articulating claims to access these basic resources. But they differ in their understanding of which kinds of resources are needed.
On one end of the spectrum, data ownership can be a merely defensive, protective concept. Individuals are in need of a sphere of secrecy, and authority over access and use of their data is what allows them to protect this sphere from the state, corporations, and others. For example, consider Lessig’s position that property rights and rhetoric are instrumentally valuable since they promote and reinforce privacy: if my data was my property, it would become intuitively clear how taking, using, or selling it without my consent is wrong. “If people see a resource as property, it will take a great deal of converting to convince them that companies like Amazon should be free to take it. Likewise, it will be hard for companies like Amazon to escape the label of thief” (Lessig 2002b, 255). Property rights can be used to delineate a personal sphere that others may not interfere with. “Property talk is often resisted because it is thought to isolate individuals. It may well. But in the context of privacy, isolation is the aim. Privacy is all about empowering individuals to choose to be isolated” (Lessig 2002b, 257). Similarly, Westin’s claim that “personal information, thought of as the right of decision over one’s private personality, should be defined as a property right” (Westin 1967, 324) seems to rest on an instrumental claim: rather than an end in itself, propertization is an effective means. Its value derives from its function of facilitating and enabling individual control and the ability to safeguard privacy.
Besides such instrumental claims, we could further consider an explanatory proposal: breaching privacy is wrong because of ownership. For example, Thomson (1975) argues that the right to privacy consists in a cluster of more specific rights, such that.
the wrongness of every violation of the right to privacy can be explained without ever once mentioning it. […] Someone looks at your pornographic picture in your wall-safe? He violates your right that your belongings not be looked at, and you have that right because you have ownership rights—and it is because you have them that what he does is wrong. (Thomson 1975, 313)
Along these lines, we could imagine that at least for some privacy breaches, e.g. the ones Lessig is referring to, data ownership is what explains their wrongness. Admittedly, one initial challenge is that Thompson speaks about tangible objects like pictures in a wall-safe, whereas data, as mentioned earlier (2.), differ in important respects from such objects. But suppose we are willing to entertain the suggestion that data can be owned, and that such ownership can ground privacy claims. Thompson’s discussion then leads to a second challenge: we can think of alternative normative resources to motivate privacy. It seems to be up for debate whether it is ownership that explains the wrongness of privacy breaches. For example, taking up Thomson’s own cue, we could instead focus on personal rights:
Someone uses an X-ray device to look at you through the walls of your house? He violates your right to not be looked at, and you have that right because you have rights over your person analogous to the rights you have over your property—and it is because you have these rights that what he does is wrong. (ibid.)
The wrongness of privacy breaches could also consist in the right of persons not to be harmed, or not to be treated merely as a means. Once this becomes clear, the question arises whether data ownership is necessary and appropriate for a normative grounding of privacy. A related objection is levelled by Scanlon (1975), who argues that the relevance of ownership is actually merely incidental. It happens to convey information about the conventional boundary of our zone of privacy. But even without any ownership involved in the wall-safe case, there would be rights and interests in play which determine and motivate justified privacy claims—which shows that reference to ownership is dispensable. For our purposes, we need not take a stance in this debate. We merely note that ownership can in principle be taken to motivate protective rights that exclude others from an individual’s personal informational sphere.
Even then, a third challenge looms: which claims to data ownership, if any, are justified? Recall that the Lockean labour criterion suggests: not the ones Lessig thinks. If labour is any indication, it is not clear whether data subjects and not data processors should be regarded as data owners. Here, we would like to propose a possible response to this challenge, which to our knowledge has not been noted in the literature. Interestingly, when discussing Locke in connection with data ownership, commentators appear to assume that labour is the only Lockean criterion for ownership. Locke, however, proposes the labour criterion in the context of a discussion of original acquisition, i.e. acquisition of a resource that was previously unowned. This raises two questions towards authors who refer to the labour criterion to claim that data subjects do not (or should not) have data ownership.
First, the Lockean criterion for original acquisition is compatible with there being further criteria that are subsequent to original acquisition, such as inheritance, reparation for injuries, alienation through gift, sale, or trade, and especially an individual’s entitlement to the surplus of the good of others if this is necessary for the satisfaction of her basic needs (Simmons 1992, 224–225, 327–328).
As Justice gives every Man a Title to the product of his honest Industry, and the fair Acquisitions of his Ancestors descended to him; so Charity gives every Man a Title to so much out of another’s Plenty, as will keep him from extream want, where he has no means to subsist otherwise; and a Man can no more justly make use of another’s necessity, to force him to afford to the wants of his Brother, than he that has more strength can seize upon a weaker, master him to his Obedience, and with a Dagger at his Throat offer him Death or Slavery. (Locke 1689, I, 42.)
There is some debate amongst Locke interpreters about the significance of need and charity for property rights, for example whether subsistence must be provided through property, or whether Locke is in fact neutral on how subsistence is guaranteed (Waldron 1988, 139). What matters for our purposes is that there are other Lockean criteria besides labour. The insight that not the individual but corporations, states, or hospitals invest labour and resources into generating and processing data then falls short of determining data ownership. In particular, if we are inclined to justify privacy via ownership, and note that certain levels of privacy can be seen as a basic need, a fundamental presupposition for leading a fulfilled life, then the relevant forms of ownership might not depend on labour.
Second, emphasizing that the labour criterion concerns original acquisition, and the mutual shaping between Locke’s view and the colonial policies of his times (Arneil 1996), remind us of the significance of who owns what in the status quo. Indeed, Zuboff in her recent and rich analysis of societal and economic consequences of digitization compares the relation between contemporary large private-sector data processors and data subjects to the relation between sixteenth century conquerors and indigenous populations. Like the conquerors who purported to embody the authority of God, the pope, and their king, and on these grounds claimed indigenous lives and land, the large players of surveillance capitalism “claim human experience as raw material free for the taking”, and purport to possess a “right to own the behavioural data derived from human experience”—declarations that effectively render the age of surveillance capitalism “an age of conquest” (Zuboff 2019, ch. 6). The analogy is Zuboff’s, not ours, and we are not assessing its adequacy or possible limitations. What matters for our purposes is the suggestion that it might be misguided to regard consumer data as unoccupied territory. Like the conquerors, large private-sector organizations claim resources they falsely presume to be unowned, and neglect claims that precede their acquisition. Thus, in order to clarify whether the labour that data processors invest into the generation of data confers ownership, we must know more about antecedent claims that frame this process. Before data are generated, they might not be owned by anyone because they do not exist. What does exist, however, are the lives, behaviours, and features of data subjects, including their claims to have these processes protected, and to shape them autonomously in ways that allow them to participate in societal endeavours. How these claims are weighed against subsequent claims by data processors is a question whose answer a labour criterion does not by itself address.
The foregoing was primarily concerned with negative, protective claims that keep others outside one’s personal informational space. However, stances on the role of data ownership can be informed further by one’s theory of selves—what constitutes them, and whether we regard them primarily as occupying social roles as citizens or members of particular communities. The hint we can then take from Floridi is twofold. On the one hand, his notion of the self highlights the importance of protecting information pertaining to the personal sphere and the integrity of persons. On the other hand, he can also be taken to suggest that shielding is important but not enough. Individuals qua inforgs are deeply interwoven with their personal information and its embeddedness in the infosphere. Since inforgs weave informational ties across the infosphere, we might argue that controllable, localized retentions of the shielding of information are what allows them to interact with others and to participate in communal and societal activities.
This means that data ownership will not always be tied to presumed entitlements and mechanisms to constrain data flows. Sometimes, individuals will claim their data and seek to share them in certain ways (Hummel et al. 2018). For inforgs, data ownership as isolation cannot be enough. It must also allow participation in societal endeavours mediated through the infosphere. As mentioned, proponents of data ownership as marketability (3.2) argue that the relevant form of participation is receiving one’s share in the generation of economic value that is driven by the processing of individuals’ data. But beyond seeking economic returns, individuals are shaped by ascriptions of recognition of and to others. The intention to contribute to a common good can lead them to redistribute parts of their informational resources through giving and donating data (Hummel et al. 2019). It is a platitude that I can only legally give what is mine, and thus one potential aporia of donating and sharing data is that these attitudes seem to presuppose some form data ownership that legal frameworks might not recognize (2.). But drawing on our earlier suggestion (3.1), the ‘mine’ in the platitude need not signify genuine ownership, but can take the form quasi-ownership. Insisting on not only protective but also participatory ways of making use of one’s data thus need not rest on presumptions that are unattractive or unfounded from a legal perspective.
3.4 Individual versus Collective Claims and Interests
There are different frameworks for distinguishing kinds of property. For example, Waldron (1988, 38–42; 2017, ch. 1) defines: in private property, the resource is under the decisional authority of particular individuals (or families or firms). In collective property, governance proceeds “by reference to the collective interests of society as a whole” (Waldron 1988, 40), with these interests determined through mechanisms of collective decision-making. Common property refers to a resource being governed by rules whose point is to make them available for use by all or any members of a society. Here, Waldron explicitly links common property with conceptions of justice: “In the case of finite resources, or resources which cannot be used simultaneously by everyone who wants to use them, the operation of a system of common property requires procedures for determining a fair allocation of use to individual wants. This is the task of a theory of justice” (Waldron 1988, 41). Both collective and common property typically involve governance by the state.
As these distinctions illustrate, conceptualizations of different kinds of property have a variety of parameters on which they can encode substantive commitments. To begin with, they call for specifications of who the owner is. Property need not be owned by single individuals. A multitude of individuals can own a resource. Moreover, in some cases, the agent(s) authorized to govern the particular good or resources by setting rules and restricting access might be the de facto owner(s), but actually remain(s) answerable to certain claims. For example, on the one hand, the state’s governance of collective property is “the effect of a decision by a sovereign authority” (Waldron 1988, 41). On the other hand, the state is answerable to society’s claim to access for everyone. Moreover, different kinds of property reflect different goals and principles that shall guide governance, e.g. whether the point of property is making it accessible to everyone, to preserve it, or to govern it in accordance with collective decision-making. Last but not least, implicit in notions of commonality and collectives is a presumption of membership relations. Those not standing in these relations are outsiders from the perspective of the group or society in question. Crucially, these membership relations are linked with usage entitlements to the respective resource.
Besides highlighting the question of who is plausibly regarded as the data owner, these points demonstrate the importance of terminological clarity of which kind of property is envisioned. Waldron’s definitions are certainly not the only way to conceptualize different kinds of property, but they demonstrate that merely calling for data ownership is an underspecified demand. If there is—or should be—data ownership, the question immediately arises who owns which data, and what the point of such ownership is.
As outlined, one first response is that individuals shall have their data as private property. This sense of data ownership is put forward when it is proposed that patients shall have ownership over their health data (Kish and Topol 2015; Mikk et al. 2017), when individuals shall be able to market their data (Lanier 2014), and also when legal frameworks are perceived to assign proprietary rights to data (2.).
However, we have also seen that one salient alternative is to affirm that data can be property, but to deny that individual data subjects are the owners. First, as consideration of the Lockean position indicates, private-sector organizations, too, can articulate justified claims to ownership of the data they generate and process (e.g. Ensthaler and Haase 2016, 1460–1461). Second, we can even dispute whether private property in Waldron’s sense is applicable to data. For example, Montgomery argues that if we really want to regard genetic and genomic information as property, it should not be considered private: “it is perhaps more convincing to consider individual genetic information as a form of common property belonging simultaneously to a group of people but with outsiders excluded” (Montgomery 2017, 85). He also endorses “[p]ublic ownership of genomic information” (ibid.), whereas private property would implausibly enable patients “to appropriate to themselves material that is biologically common to others” (ibid.).
There are further authors who call for data ownership and envision the owner to be a collective, society, or mankind as a whole, for example when recognition and protection of a data commons is being demanded. For Prainsack, a data commons could be key to address power asymmetries between data subjects and data processors, typically large private sector organizations, provided careful reflection is devoted to dynamics of inclusion and exclusion surrounding this pool of resources. Inclusion involves being able to enter data into the digital commons, to use information from the commons, to enjoy benefits from the commons, and to participate in its governance (Prainsack 2019b, 8). Across these instances, exclusion need not always be unjust, but prompts further consideration of how the respective individuals and populations are affected by it. In the end, harm mitigation mechanisms (McMahon et al. 2019) are necessary for both those who incur damages due to their inclusion, and those who incur damages from being excluded.
In these proposals, data ownership held by populations, society or mankind need not preclude further ownership or control rights at the individual level. However, tensions and competition between individual and collective as well as local and global interests are conceivable. For example, consider Cohen’s view (2018, 212–216) that healthcare data can be shared and processed for the public good without patient consent because her healthcare data is not her property. In this case, a denial of data ownership is tied to a denial of entitlements to control and consent to data processing, or in Cohen’s words, a “duty to share healthcare data” (2018, 209). He seems to assume that ownership is a necessary condition for control, whereas amongst our points above (3.1) was that we could conceive of control rights independently of whether or not they constitute ownership. At any rate, his reasoning demonstrates that there is an interplay and between individual and collective claims; if they are in tension or opposition, then discounting one can be perceived as strengthening the comparable plausibility of the other.
Considerations promoting the common good undoubtedly carry some normative weight particularly against the background of an interdependent relation between self and other. But how are we to think of the coexistence of individual and collective interests when algorithms informing litigation are fed with information on a particular defendant, when data of a particular individual is used to tailor marketing content that taps into her needs, desires, and preferences, when an individual’s credit application is assessed on the basis of ratings derived from data sets harvested across different domains, or when health data is tracked by wearables and subsequently shared with insurers, employers, and other third parties, thereby giving a variety of lifestyle decisions of an individual? The point is not merely that conflicts can arise between individual and collective interests. The point is also that it is up for debate what counts as a concordance of both, which considerations take priority in particular cases of conflict, and which compromises of individual interests and freedom count as sufficiently valuable additions to the data commons and provide public value and enhancements of the common good.
Just as prioritizing the common good can constrain individual self-determination, individual interests might involve delimiting the authority of others and enforcing claims against them, potentially with the consequences that Rodwin, Contreras, and others who are concerned about impediments to research fear for the common good. Our suggestion is not that there is a zero-sum game between individual and collective interests, i.e. that promotions of one are only to be had at the expense of the other. It is just that there are interdependencies and sometimes trade-offs between both domains. For this reason, it is an oversimplification to suggest that we can seamlessly envision individual control rights alongside collective-level ownership. Attributing data ownership to the public and maintaining a data commons will inevitably interact with individual freedom, and claims for data ownership gesture towards the need for an inclusive societal debate on how these two poles are being harmonized and mediated.
We have suggested that calls for data ownership position themselves along four dimensions, specified by four pairs of poles: property versus quasi-property, marketability versus inalienability, protection versus participation, and individual versus collective claims and interests. These results are presented in Table 1. For the respective positions on these dimensions, different claims turned out to be relevant. The first dimension concerns incidents of (quasi-)property. These are expected to enable (quasi-)owners to control data flows and to impact the outcomes of data processing. The second dimension focuses on the individual’s relation to data. It asks whether or not there is, or should be, an entitlement of the data subject to market her data. Ideally, this allows her to benefit from her resource. However, it could also amount to the alienation and commercialization of certain core aspects of her as a self or subject. The third addresses the significance of the resource for individual constitution, flourishing, and integrity, and negotiates which combination of protection and participation is needed to advance them. The fourth pair of poles concerns the interplay between individual and collective interests, needs, and preferences, and raises the questions how these could be harmonized and aligned. The proposed scheme is not intended to present an antecedently determined standard on what a comprehensive call for or against data ownership shall cover. Neither is it intended to exhaust all possible meanings. Instead, it is inductive as it rests on inferences from specific, paradigmatic instances of discussions of data ownership.
4 Data Ownership and the Prerequisites for Informational Self-determination in Digitization
We conclude from the foregoing that the notion of data ownership is rife with tensions and perplexities. They arise independently of whether or not the reasons for or against data ownership prevail, and concern the question of what it would mean to recognize data ownership.
Some proposals and rejections of data ownership concern genuine property rights, whereas others concern certain control rights regardless of whether these qualify as property rights (3.1). And while some think that the point of data ownership is to put individuals in a position to market their data (3.2), others maintain that the relation between individuals and their data actually motivates the exact opposite: inalienability. Moreover, on some understandings, recognition of data ownership involves assigning protective rights as well as mechanisms to safeguard and to enforce these rights (3.3). But on other proposals, this is insufficient. Data ownership is not restricted to protective rights, but involves much more: to put data owners in a position to enjoy participation and inclusion in societal endeavours. Finally, there is disagreement on whether data is owned by individual data subjects, data processors, and/or collectives like society as a whole (3.4).
These observations illuminate what is at stake when data ownership is being claimed and disputed. So far, our enquiries were descriptive: they focused on what discussants mean with data ownership. But reflecting on these meanings invites an additional, substantive claim: all these dimensions of data ownership are vital to informational self-determination.
In order to develop this suggestion, we turn to a debate between Honneth and Fraser (2003) on the relation between distribution and recognition. Fraser distinguishes two folk paradigms of social justice. On the one hand, social injustice can be rooted in economic structures, taking the form of exploitation, economic marginalization, and deprivation. But it can also be understood as a cultural phenomenon, taking the form of cultural domination, nonrecognition, and disrespect (Fraser 2003, 12–13). She argues that a one-sided economism or culturalism is inadequate and demands that a comprehensive account shall consider and integrate “both the standpoint of distribution and the standpoint of recognition, without reducing either one of these perspectives to the other” (Fraser 2003, 63). Her normative target is “the notion of parity of participation. According to this norm, justice requires social arrangements that permit all (adult) members of society to interact with one another as peers” (Fraser 2003, 36).
Honneth agrees with Fraser that both redistribution and recognition matter for social justice, but further maintains that recognition is “the fundamental, overarching moral category”, while distribution is derivative (Fraser and Honneth 2003, 2–3). In his view, the paradigm of recognition—which he stratifies further into love, respect, and esteem—fits particularly well with the lived experiences of economically marginalized individuals, who not only have unmet material needs but also suffer from disappointed expectations of social recognition. What counts as achievement and work, the relevant targets of recognition as esteem, is always guided by cultural commitments. Economic allocations and principles of distribution are thus not value-free. “It would be wrong to speak, with Luhmann and Habermas, of capitalism as a ‘norm-free’ system of economic processes since material distribution takes place according to certainly contested but nevertheless always temporarily established value principles having to do with respect, with the social esteem of members of society” (Honneth 2003, 142). Instead of aiming directly at parity of participation, Honneth proposes to “move from individual autonomy first to the goal of the most intact possible identity-formation, in order to then bring in principles of mutual recognition as that goal’s necessary presupposition. […] [T]his formulation is equivalent to saying that enabling individual self-realization constitutes the real aim of the equal treatment of all subjects in our societies” (Honneth 2003, 176). Consequently, “[t]he justice or well-being of a society is proportionate to its ability to secure conditions of mutual recognition under which personal identity-formation, hence individual self-realization, can proceed adequately” (Honneth 2003, 174).
For our purposes, we need not take a stance in the debate between Fraser and Honneth. Instead, we avail ourselves of their conceptual tools in order to highlight how the identified dimensions of data ownership (3.1–3.4) emphasize different aspects in the spectrum of redistribution and recognition. Our proposal is: through data ownership, data subjects call for the satisfaction of material needs and entitlements, and thus articulate and negotiate claims on the redistribution of resources. And for social beings for whom a fulfilled life depends on intersubjective prerequisites, data ownership further encodes expectations and demands on the recognition of proclaimed data owners. Both of these spheres need to be considered to grasp claims related to data ownership, and negotiating them is necessary to facilitate informational self-determination of data subjects.
Specifically, when property and quasi-property are discussed, the question concerns the extent to which the redistribution of data resources and power is called for, whether it shall take the form of assigning genuine ownership, or whether—and in which cases—this kind of redistribution stands in tension with commitments on recognition, for example the ascription of achievement to data processors. When marketability and inalienability are claimed, the question becomes what recognition of a person as a person involves and precludes. When protection and participation are addressed, the focus shifts on material and social enabling conditions for the self-constitution of agents, and the question becomes whether a closed-off private sphere suffices, or whether outward strands of connectedness and involvement with others are just as central. When individual and collective claims and interests in data are articulated, the focus shifts towards how recognition and redistribution relate the interests of individual data subjects to the common good. Overall, the dimensions of data ownership articulate stances on—and shift between matters of—distributive justice and cultural recognition.
Even if recognition is conceptually prior to redistribution, surely recognition and self-formation do not unfold in a vacuum. Recognizing others involves acknowledging their entitlements to exercise autonomy. There are material, distributive, and social conditions and structures that set the stage for self-formation and exercises of freedom. In such contexts, autonomy as a fundamental feature of persons can become practical as self-determination, harnessing concrete enabling conditions of autonomy. Within the context of digitization and an onlife world (Floridi 2014b), data form a crucial part of the structural enabling conditions for self-determination, but can also impede it. Through data ownership, discussants refer to and spell out a variety of goals and normative target notions. When debating property and quasi-property, one possible key issue is whether there is a match between the immanent societal values that frame economic processes and the way data resources and rights are actually distributed, allocated, and controlled. Proponents of data ownership argue that redistributions are necessary, whereas opponents maintain that from the cultural perspective of recognition and achievement, status quo distributions are appropriate. When debating whether data shall be marketable or inalienable, the normative reference point appears to be the identity-formation and integrity of persons. When mediating between protective and participatory claims, we seem to be concerned with the agency and (parity of) participation of individuals, reflecting both material and cultural enabling conditions for self-determination. Finally, when individual and collective interests in data are addressed and mediated, the goal appears to be to govern the resource in accordance with social justice as harmonizing individual and common good, and to arrive at rationales for managing potential trade-offs between both spheres.
Data ownership thus expresses stances on the redistribution of material resources and socio-cultural recognition of data subjects in a datafied and data-driven lifeworld. It is mindful of the fact that the perspective of recognition, even if perceived to be prior, is entangled with distributive conditions, on which it can encode commitments as well. According to some critics, marketability and propertization are instances where this dialectic tips in a one-sided manner towards a kind of economization that can raise tensions with constraints from the cultural sphere in which it is embedded. Informational self-determination requires both redistribution and recognition, and the different dimensions of data ownership overlap with and across these spheres.
We have advanced two claims. First, data ownership encodes a variety of different concerns. Our analysis serves a need for conceptual clarification not only because of the somewhat contested legal status of data ownership (2.), but also because commentaries on the topic oscillate between poles that concern primarily pre- or para-legal questions: whether data is rivalrous, whether property is the right category to articulate and recognize the claims of data subjects or whether surrogate notions are more suitable (3.1), whether individuals should be in a position to market their data (3.2), whether and how we shall consider both protective and participatory claims (3.3), and how the claims of individual data subjects relate to collective claims and interests (3.4).
Second, we have proposed an explanation of what unifies this variety of concerns: they articulate and negotiate claims on the relation between redistribution and recognition in an increasingly datafied and data-driven lifeworld. Data ownership marks a domain of self-determination and concerns the full extent of prerequisites that need to be upheld to maintain the integrity of this domain in times of digitization and big data analytics.
What do our results imply in practice? How should data governance be shaped? We have not taken a stance on whether there should be data ownership and in which form. Part of the present paper was the demonstration that significant reconstructive work on the notion is in order first, and that debates so far have proceeded without making key guiding commitments and reference points explicit. Data ownership can come in many different forms and is compatible with a variety of normative targets and background assumptions. Nevertheless, the following demands can be articulated.
First, different understandings of data ownership are unified in calling for a variety of modes to control how data is used. Different conceptual and methodological angles (Table 1) shape how exactly controllability is spelled out and put into practice: as the ability to own data in a (quasi-)property sense, to market or to refrain from alienating intimate core features, to protect data but also to participate in data-driven endeavours, and to use data for one’s own benefit or the benefit of others. But taking any of these understandings seriously requires mechanisms to channel, constrain, and facilitate the flow of data.
Second, with regards to the marketization and commodification of data, ownership has turned out be a double-edged sword (3.2). It can be taken to motivate marketization, to harness the economic potential of data, and to put data subjects in a position to sell their data and thereby to receive a share in the value that gets generated from it. But at the same time, at least some versions of data ownership also pose significant constraints on this undertaking. Two worries are that intimate things are being alienated, and that losses of control loom for data subjects once their data is introduced into the market. As a consequence, care should be taken that marketization aligns with—rather than undercuts—the ideal of controllability.
Third, the poles relating to participation and the common good highlight that data ownership touches upon a dialectic between mine, yours, and ours. The individual as a relational self is dependent on informational ties with others, and its own good cannot be understood in abstraction from the social fabric in which it is embedded. Taking data ownership seriously and recognizing the full extent of the notion thus involves reflection not only on how data subjects could shield their data, but also on how they could share it in suitable ways (3.3).
Fourth, if our reading captures what is at stake, dismissals of data ownership on the grounds that strictly speaking, legal frameworks do not assign property in data to data subjects miss the mark. Some, like Fezer, make an explicit de lege ferenda claim: legal frameworks should change. But others appear to require less (3.1). For them, it might be secondary whether we term the institution that is called for ‘property’, and render individuals ‘owners’ of their data. Data subjects claiming data ownership are sometimes concerned primarily with issues of controlling data flows, inferences drawn about them, and the impact of data processing on their lives. Even if legal frameworks preclude genuine ownership in data, there remains room to debate whether they can and should accommodate such forms of quasi-ownership.
Overall, these distinctions demonstrate how calls for data ownership are less unified than one might hope. Rationales differ, and sometimes the terminology of ownership almost seems to distract from what authors are really concerned about. Besides scoping out the conceptual space and highlighting how the dimensions of data ownership are entangled, we intend the present contribution as an invitation to relate endorsements and rejections of data ownership more explicitly and systematically to the proposed reference points of recognizing data subjects and redistributing resources throughout the datafied and data-driven lifeworld.
There is a further important issue on which we have stayed neutral. Suppose I can and should own my data. Which data is mine? What secures the link between data and owner? Is it the data being about the subject? If so, in what sense? Is the notion of personal data in the GDPR appropriate? Should we instead refer to alternative concepts like Fezer’s behaviour-generatedness? Which difference does and should it make whether the subject is explicitly represented or mentioned in the data? Could differences in explicitness, e.g. anonymized versus personal data, make a difference in ownership rights, and why (not)? While we can highlight these questions as marking potential aporias inherent to the notion of data ownership, our proposal is not intended to preempt a substantive answer. How the relation between data and their owner(s) is specified is precisely what positions on data ownership seek to negotiate.
Arneil, B. (1996). The wild Indian's venison: Locke's theory of property and English colonialism in America. Political Studies, 44(1), 60–74. https://doi.org/10.1111/j.1467-9248.1996.tb00764.x.
Becker, L. C. (1980). The moral basis of property rights. Nomos XXII: Property, 22, 187–220.
Berberich, M. (2010). Virtuelles Eigentum. Tübingen: Mohr Siebeck.
Cohen, I. G. (2018). Is there a duty to share healthcare data? In I. G. Cohen, H. F. Lynch, E. Vayena, & U. Gasser (Eds.), Big data, health law, and bioethics (pp. 209–222). Cambridge: Cambridge University Press.
Contreras, J. L., Rumbold, J., & Pierscionek, B. (2018). Patient data ownership. JAMA, 319(9), 935.
Ensthaler, J., & Haase, M. S. (2016). Industrie 4.0 - Datenhoheit und Datenschutz. In H. C. Mayr & M. Pinzger (Eds.), Informatik 2016. Lecture Notes in Informatics (Vol. - P-259, pp. 1459-1472). Bonn: Gesellschaft für Informatik.
Evans, B. J. (2011). Much ado about data ownership. Harvard Journal of Law & Technology, 25(1), 69–130.
Fairfield, J. A. T. (2005). Virtual property. Boston University Law Review, 85, 1047–1102.
Fezer, K.-H. (2017). Ein originäres Immaterialgüterrecht sui generis an verhaltensgenerierten Informationsdaten der Bürger. Zeitschrift für Datenschutz, 3(2017), 99–105.
Fezer, K.-H. (2018). Repräsentatives Dateneigentum. Ein zivilgesellschaftliches Bürgerrecht. Sankt Augustin und Berlin: Konrad-Adenauer-Stiftung.
Floridi, L. (2014a). The fourth revolution: how the infosphere is reshaping human reality. Oxford: Oxford University Press.
Floridi, L. (2014b). The onlife manifesto. Cham: Springer.
Floridi, L. (2016). On human dignity as a foundation for the right to privacy. Philosophy & Technology, 29, 307–312.
Fraser, N. (2003). Social justice in the age of identity politics: redistribution, recognition, and participation (J. Galb, J. Ingram, & C. Wilke, Trans.). In N. Fraser & A. Honneth (Eds.), Redistribution or recognition? A political-philosophical exchange (pp. 7–109). London and New York: Verso.
Fraser, N., & Honneth, A. (2003). Redistribution or recognition? A political-philosophical exchange (J. Galb, J. Ingram, & C. Wilke, Trans). London and New York: Verso.
German Ethics Council. (2017). Big Data und Gesundheit. In Datensouveränität als informationelle Freiheitsgestaltung. Berlin: German Ethics Council.
German Ethics Council. (2018). Big data and health — data sovereignty as the shaping of informational freedom. Berlin: German Ethics Council.
Glushko, B. (2007). Tales of the (virtual) city: governing property disputes in virtual worlds. Berkeley Technology Law Journal, 22, 507–532.
Harbinja, E. (2017). Legal aspects of transmission of digital assets on death. University of Strathclyde.
Harbinja, E. (2019). Posthumous medical data donation: the case for a legal framework. In J. Krutzinna & L. Floridi (Eds.), The ethics of medical data donation (pp. 97–113). Cham: Springer.
Hardin, G. (1968). The tragedy of the commons. Science, 162(3859), 1243–1248. https://doi.org/10.1126/science.162.3859.1243.
Honneth, A. (2003). Redistribution as recognition: a response to Nancy Fraser (J. Galb, J. Ingram, & C. Wilke, Trans.). In N. Fraser & A. Honneth (Eds.), Redistribution or recognition? A political-philosophical exchange (pp. 110–197). London and New York: Verso.
Honoré, A. M. (1961). Ownership. In A. G. Guest (Ed.), Oxford Essays in Jurisprudence (pp. 107–147).
Hughes, J. (2005). Copyright and incomplete historiographies: of piracy, propertization, and Thomas Jefferson. S. Cal. L. Rev., 79, 993–1084.
Hummel, P., Braun, M., Augsberg, S., & Dabrock, P. (2018). Sovereignty and data sharing (p. 2). ITU Journal: ICT Discoveries.
Hummel, P., Braun, M., & Dabrock, P. (2019). Data donations as exercises of sovereignty. In J. Krutzinna & L. Floridi (Eds.), The ethics of medical data donation (pp. 23–54). Cham: Springer.
Kish, L. J., & Topol, E. J. (2015). Unpatients—why patients should own their medical data. Nature Biotechnology, 33, 921. https://doi.org/10.1038/nbt.3340.
Lanier, J. (2014). Who owns the future? New York: Simon & Schuster.
Lemley, M. A., & Weiser, P. J. (2007). Should property or liability rules govern information? Texas Law Review, 85(4), 783–841.
Lessig, L. (2002a). The future of ideas. The fate of the commons in a connected world. New York: Random House.
Lessig, L. (2002b). Privacy as property. Social Research: An International Quarterly, 69(1), 247–269.
Lessig, L. (2004). Free culture. How big media uses technology and the law to lock down culture and control creativity. New York: The Penguin Press.
Litman, J. (2000). Information privacy/information property. Stanford Law Review, 52(5), 1283–1313. https://doi.org/10.2307/1229515.
Locke, J. (1689). Locke: Two Treatises of Government. Cambridge: Cambridge University Press 1988.
McMahon, A., Buyx, A., & Prainsack, B. (2019). Big data governance needs more collective agency: The role of harm mitigation in the governance of data-rich projects. under review.
Mikk, K. A., Sleeper, H. A., & Topol, E. J. (2017). The pathway to patient data ownership and better health. JAMA, 318(15), 1433–1434.
Montgomery, J. (2017). Data sharing and the idea of ownership. The New Bioethics, 23(1), 81–86. https://doi.org/10.1080/20502877.2017.1314893.
Moore, A., & Himma, K. (2017). Intellectual property. In E. N. Zalta (Ed.), The Stanford Encyclopedia of Philosophy. Metaphysics Research Lab, Stanford University.
Murphy, R. S. (1996). Property rights in personal information: an economic defense of privacy. Georgetown Law Journal, 84, 2381–2417.
Nelson, J. W. (2009). The virtual property problem: what property rights in virtual resources might look like, how they might work, and why they are a bad idea. McGeorge L. Rev., 41, 281.
Osborne Clarke LLP (2016). Legal study on ownership and access to data. European Commission, Directorate-General of Communications Networks, Content & Technology.
Ostrom, E. (1990). Governing the commons. The evolution of institutions for collective action. Cambridge: Cambridge University Press.
Pearce, H. (2018). Personality, property and other provocations: exploring the conceptual muddle of data protection rights under EU law. Eur. Data Prot. L. Rev., 4, 190–208.
Prainsack, B. (2019a). Data donations: how to resist the iLeviathan. In J. Krutzinna & L. Floridi (Eds.), The ethics of medical data donation (pp. 9–22). Cham: Springer.
Prainsack, B. (2019b). Logged out: ownership, exclusion and public value in the digital data and information commons. Big Data & Society, 6(1).
Purtova, N. (2009). Property rights in personal data: learning from the American discourse. Computer Law & Security Review, 25(6), 507–521. https://doi.org/10.1016/j.clsr.2009.09.004.
Purtova, N. (2010). Property in personal data. A European perspective on the instrumentalist theory of propertisation. European Journal of Legal Studies, 2(3), 193–208.
Purtova, N. (2015). The illusion of personal data as no one's property. Law, Innovation and Technology, 7(1), 83–111.
Radin, M. J. (1982). Property and personhood. Stanford Law Review, 34(5), 957–1015. https://doi.org/10.2307/1228541.
Rieser, A. (1999). Prescriptions for the commons: environmental scholarship and the fishing quotas debate. Harv. Envtl. L. Rev, 23, 393–421.
Rodwin, M. A. (2009). The case for public ownership of patient data. JAMA, 302(1), 86–88. https://doi.org/10.1001/jama.2009.965.
Scanlon, T. (1975). Thomson on privacy. Philosophy & Public Affairs, 315–322.
Simmons, A. J. (1992). The Lockean theory of rights. Princeton: Princeton University Press.
Solove, D. J. (2001). Privacy and power: computer databases and metaphors for information privacy. Stanford Law Review, 53. https://doi.org/10.2139/ssrn.248300.
Solove, D. J. (2008). Understanding Privacy. Cambridge, Massachussetts: Harvard University Press.
Specht, L. (2016). Ausschließlichkeitsrechte an Daten – Notwendigkeit, Schutzumfang, Alternativen. Computer und Recht, 32(5), 288–296. https://doi.org/10.9785/cr-2016-0504.
The British Academy, & The Royal Society (2017). Data management and use: governance in the 21st century.
Thomson, J. J. (1975). The right to privacy. Philosophy & Public Affairs, 295–314.
Thouvenin, F. (2017). Wem gehören meine Daten? Zu Sinn und Nutzen einer Erweiterung des Eigentumsbegriffs. Schweizerische Juristen-Zeitung, 113, 21–32.
Thouvenin, F., Weber, R. H., & Früh, A. (2017). Data ownership: taking stock and mapping the issues. In M. Dehmer & F. Emmert-Streib (Eds.), Frontiers in data science (pp. 111–145). Boca Raton: CRC Press.
Victor, J. M. (2013). The EU general data protection regulation: toward a property regime for protecting data privacy. Yale Law Journal, 123(2), 513–528. https://doi.org/10.2307/23744289.
Waldron, J. (1988). The Right to Private Property. Oxford: Clarendon Press.
Waldron, J. (2017). Property and ownership. In E. N. Zalta (Ed.), The Stanford Encyclopedia of Philosophy. Metaphysics Research Lab, Stanford University.
Westin, A. (1967). Privacy and freedom. New York: Atheneum.
Wiebe, A. (2016). Protection of industrial data – a new property right for the digital economy? Journal of Intellectual Property Law & Practice, 12(1), 62–71. https://doi.org/10.1093/jiplp/jpw175.
Zech, H. (2012). Information als Schutzgegenstand. Tübingen: Mohr Siebeck.
Zuboff, S. (2019). The age of surveillance capitalism. London: Profile.
We are grateful to Hannah Bleher, Tabea Ott, Hannah Schickl, Stephanie Siewert, Max Tretter, Ulrich von Ulmenstein for their helpful feedback on earlier versions of this paper. Special thanks to both anonymous reviewers for their thorough comments and critique.
Open access funding provided by Projekt DEAL. This work is part of the research project DABIGO (ZMV/1–2517 FSB 013), which has been funded by the German Ministry for Health, as well as the research project vALID (01GP1903A), which has been funded by the German Ministry of Education and Research.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Hummel, P., Braun, M. & Dabrock, P. Own Data? Ethical Reflections on Data Ownership. Philos. Technol. 34, 545–572 (2021). https://doi.org/10.1007/s13347-020-00404-9
- Data ownership