Becker (1980, 187) distinguishes three questions about the justification of property. The general question is: why should there be property? The specific question is: what kind(s) of property rights should there be? And the particular question is: who should have a title to a specific kind of property?
Discussions of the different questions about the justification of property often refer Locke:
Though the Earth […] be common to all Men, yet every Man has a Property in his own Person. This no Body has any Right to but himself. The Labour of his Body, and the Work of his Hands, we may say, are properly his. Whatsoever then he removes out of the State that Nature hath provided, and left it in, he hath mixed his Labour with, and joined to it something that is his own and there makes it his Property. (1689, ch. 5, sect. 27)
For Locke, the starting point is the self-ownership inherent to personhood. The result of the person mixing labour with natural resources is that the property in her own person is extended to the product.
There are alternatives to the Lockean starting point for justifying property. For example, Becker (1980, 193) characterizes utilitarian approaches according to which property is beneficial towards human happiness, for example by promoting stability and efficiency. What he calls “Personality Theory” (ibid. 209) regards property acquisition as necessary to maintain and promote personhood. Examples include Aristotle’s suggestion that some virtues presuppose property. And against the backdrop of quite different theoretical frameworks, Kant and Hegel agree that property manifests personhood, agency, and the legal implementation and recognition of freedom (cf. also Radin 1982).
With regard to Becker’s specific and particular questions, the Lockean picture is actually a double-edged sword for data ownership. On the one hand, it can be taken to motivate data ownership as an extension of personal self-ownership (Solove 2008, 26). On the other hand, it also discourages such a view.
Consider the criterion of mixing one’s labour with resources. On reflection, this suggestion undermines the idea that individuals own data about them (e.g. Thouvenin 2017, 25). While I might have “invest[ed] bodily samples” (Montgomery 2017, 83) but no labour (Cohen 2018, 212–213) in biomedical data about me, it is the medical service provider who analyses specimen and data, compiles it into evidence bases, and generates value based on the raw materials I am providing. If labour is any indication, then “[i]f anyone may claim proprietary rights over the information on the labour theory of property, it would seem to be the health professionals or service for which they work” (Montgomery 2017, 84). Similarly, Solove notes that “[p]ersonal information is often formed in relationship with others” (2008, 27), and illustrates that web-browsing data is a joint feat by the user and the service provider.
These observations illustrate some initial challenges with the concept of data ownership. Returning to Becker’s terminology: with a Lockean answer to the general question about property, we could still negate the specific question of whether data should be owned. Even if we affirm it, we might have to answer the particular question in a way that renders data subjects mere co-owners at best. For the moment, we sidestep these issues in order to point out that even if they can be addressed, ambiguities and indeterminacies in the notion of data ownership remain.
Property versus Quasi-Property Rights
Although there are legal provisions that provide data protection and control rights, data do not straightforwardly and undisputedly fall under the categories of property and ownership (2.).
One way to understand calls for data ownership is that they express dissatisfaction with provisions de lege lata. As things stand, legal frameworks fall short of assigning individuals appropriate authority over their data, and perceived shortcomings of the status quo have implications de lege ferenda. For example, in his recent, innovative proposal, Fezer (2017, 2018) argues for the introduction of genuine, sui generis property rights in data. He accepts that individuals do not invest labour in the generation of data, but denies that this affects their entitlement to data ownership. He highlights that what he calls citizen data are behaviour-generated: they are the result of citizen interactions and communication. This applies independently of whether these data are anonymized or personal. Behaviour-generated data do not reduce to mere code but reflect a form of cultural agency, which makes them the appropriate object of dedicated legal governance (rechtserhebliches Kulturhandeln). Human dignity, informational self-determination, cultural significance and expressiveness of data must be the departure points for global discourses on human and foundational rights in digitization. This concerns “nothing less than the civil-societal status of the citizen as a sovereign in constitutional democracy” (Fezer 2018, 27, our translation).
Fezer emphasizes that property is the legal institutionalization of personal rights to freedom: it provides a legally mediated space to enact freedom (“freiheitlicher Gestaltungsraum durch Recht” (Fezer 2018, 48)). This functional role of property and its inherent connection to the freedom of its owner should convince us that the notion of property is open and should not be a priori limited to material goods and intellectual property. If circumstances call for it, we need to reflect on new forms of property to secure the sovereignty of citizens. In particular, he proposes that future data ownership law should take behaviour-generatedness as the counterpart of acts of creation in intellectual property law. Finally, at the heart of Fezer’s proposal is the suggestion that for pragmatic reasons, citizens’ impact on data governance via data ownership must be representative, i.e. enacted and articulated through macro-level governance bodies. In this way, he arrives at an interesting unification of individual data ownership and the collective representation of data subjects.
Unlike Fezer, other calls for data ownership do not necessarily demand the introduction of new forms of ownership, but something rather different. To see why, note that ownership can be taken as a proxy for certain access, usage and control rights. For example, in his seminal discussion, Honoré describes 11 rights and duties which he takes ownership to comprise: “the right to possess, the right to use, the right to manage, the right to the income of the thing, the right to the capital, the right to security, the rights or incidents of transmissibility and absence of term, the prohibition of harmful use, liability to execution, and the incident of residuarity” (Honoré 1961, 370). Honoré himself regards these rights and duties to be jointly sufficient for ownership, but maintains that they need not be individually necessary. Satisfying all of them would give rise to full ownership. But perfect satisfaction of all these conditions is not necessary to speak of (less-than-full) ownership, which can already result if only some of these conditions are satisfied to some degree. Consequently, less-than-full ownership can come in different forms as it can comprise a range of different rights and combinations thereof.
This leads to the following three observations. First, ownership is compatible with varying degrees of satisfying Honoré-style conditions. Instead of necessitating unconditional and unrestricted control, control and usage rights can be constrained, e.g. by collective rules, public institutions, and state agencies. Ownership thus conveys only inexact information on how much control the owner has over her resource. Waldron (2017, ch. 1) illustrates that one might own a building in a historic district. While this confers entitlements to control and to use the resource, restrictions apply. The owner could not, for example, tear it down and replace it with a skyscraper. In a similar vein, Evans (2011, 79–80) points out that even if health data were patient-owned, the state would maintain certain rights to access it non-consensually, for example if such access is in the legitimate interest of the public. Ownership is not a single right but comprises a bundle of rights, and it is helpful to be clear about which right is being ascribed and asserted in a given case.
Second, the question arises what exactly is put forward in calls for data ownership. It is possible that the point of these calls is not so much the demand that Honoré-style conditions are satisfied to a degree that entitles us to speak of ownership, let alone full ownership. The point of these calls could be these particular conditions themselves. For some, it might be a vital question whether in a given case, we have enough of these conditions preserved to speak of ownership. But for others, the question of ownership might be moot. What matters is whether enough of these conditions is preserved to promote certain ends, including but not limited to the integrity of persons, self-determination, and participation in social endeavours. For example, Thouvenin highlights the pragmatic question whether data ownership should be introduced alongside existing regulation or replace it. The former option could yield inconsistencies between old and new regimes, the latter far-reaching transformations, e.g. of data protection principles. Thouvenin thus prefers a more cautious governance of small steps: not a full-blown introduction of data ownership, but more reflection on transferability and admissible contractual agreements between individuals and private industry on data access and use—while maintaining a systematic place for a personal sphere that cannot be affected by contractual agreements. He thus cares about the particular conditions typically implicated by ownership, not about ownership itself, which he rejects for largely pragmatic reasons.
This directly leads to a third suggestion. Calls for data ownership are not only focused on Honoré-style rights. They are also put forward with an eye on the outcomes that assigning such rights to data owners will promote. As a point in favour of this suggested reading, note that criticisms of data ownership deny that it succeeds in bringing about certain ends better than alternative governance designs. For example, Evans argues that status quo regulations (in her case: US federal regulatory protections) and proposed data ownership models do not differ much with regards to balancing privacy with public access and non-consensual data use: “Creating property rights in data would produce a new scheme of entitlements that is substantively similar to what already exists, thus perpetuating the same frustrations all sides have felt with the existing federal regulations” (Evans 2011, 75). She concludes: “The right question is not who owns health data […]. Instead, the debate should be about appropriate public uses of private data and how best to facilitate these uses while adequately protecting individuals’ interests” (Evans 2011, 77).
As we have just seen, ownership does not necessarily confer unconditional control. Sometimes, what matters are the particular rights typically implicated by ownership, not ownership per se. And sometimes, it is primarily outcomes that are negotiated and criticized by means of ownership terminology. We thus put forward the following conciliatory suggestion in view of the reservations and scepticism against data ownership. One possibility is to shift the focus away from legally codified ownership and towards the desideratum that discussants pursue: ownership in the sense of gaining and maintaining control over one’s data. To this end, we understand quasi-ownership as the relation that supervenes on components of a Honoré-style bundle while leaving it conceptually open whether enough of them is instantiated for ownership, let alone full ownership. Quasi-ownership would primarily seek to put individuals in a position to distribute, retract, shield, but also share their data for a variety of purposes, including but not limited to personalized medicine, algorithmic applications, biomedical research, and their own clinical care within a patient-centred health system. In other words: what is initially framed as data ownership concerns primarily controllability, i.e. the availability of effective means for data subjects to exercise control over her data.
This marks an important dialectical point: the terminology of ownership is dispensable; what matters are the particular conditions that ownership typically advances. If so, maybe calls for data ownership should actually eschew the language of ownership and property for the sake of clarity. Instead, proponents could make explicit that they are concerned with certain (bundles of) rights, regardless of whether or not these qualify as property rights, let alone give rise to full ownership. This would even build on some common ground in the debate. For example, opponents of data ownership argue that all that this view can charitably be taken to mean is “property-like rights through contract” (Contreras et al. 2018). Proponents could take this as a cue to highlight that whether contractual or not, it is precisely such rights pertaining to access, usage, and exclusion that are important. Moreover, Pearce (2018, 205–208), after deeming EU data protection law conceptually muddled (2.), proposes that it fits best with quasi-property rather than a personal rights or full-blown property paradigm, for example because the exclusionary rights specified by the GDPR are not unconditional and contingent on interactions that establish “a data subject/data controller relationship” (Pearce 2018, 207).
Sceptics could still object that even quasi-property will constrain data access because individuals can restrain others from accessing their data, which might “result in less-effective research and flawed health policy” (Contreras et al. 2018). For example, Rodwin cautions that “patient data appear to be an example of private ownership that preclude downstream inventions and benefits for individual owners and society” (Rodwin 2009, 87). Patient data ownership is akin to private industry organizations owning patents in gene sequences: such ownership constrains access to building blocks for innovation and “monopolizes raw material needed for research” (ibid.).
On the one hand, regardless of whether property or quasi-property in data is in question, such effects on research, development, and policy form important considerations. However, as a proposed reason to reject data ownership proposals, we can confront these lines of thinking with at least two challenges. First, framing the issue as a choice between data ownership and efficient research presents a false dilemma. It remains to be demonstrated that considerations about the availability of data for research speak against data (quasi-)ownership tout court, or whether they primarily urge us to design research processes in the right ways. Whether research will be hampered is not only a function of whether data ownership is in place, but also of how easily and effectively data owners can share their data, whether data interoperability is achieved, and whether individuals trust research processes. If data owners can control data flows, contribute data to research, but also retract it if necessary or desired, then the hypothesis that individuals would consistently withhold their data is hardly plausible, both empirically (Mikk et al. 2017) and conceptually (Hummel et al. 2019).
Second, suppose we were convinced that (quasi-)ownership comes at a cost for research. Even then, serious questions remain about whether an ethical rationale for systematically bypassing the informed will of the individuals whose data is channelled into research and development could withstand scrutiny. Rodwin- and Contreras-style considerations might well be the outcome of a normative debate in which they are evaluated in the light of public benefits that are allegedly undercut. But they cannot preempt such a debate. Individuals are not isolated, independent and unaffected subjects, but always find themselves embedded in social contexts in which datafication and analytics, while being able to generate benefits and efficiencies, can drive inferences that constrain self-determination. Negotiating claims to data (quasi-)ownership could be one step towards safeguard these spaces.
To recap the foregoing, we have suggested that calls for data ownership might have less to do with property rights or full ownership than it appears. None of the components of Honoré’s bundle are individually necessary for ownership, and there can be ownership without instantiating each and every component of the bundle. Are these calls aiming at ownership or merely quasi-ownership? Our constructive proposal is: it might be merely the latter. If these are de lege ferenda claims at all, they are much less drastic than Fezer’s proposal. And we have argued that debating them is timely and essential for ethically sound data governance. Data (quasi-)ownership is a live option and deserves to be taken seriously.
Marketability versus Inalienability
Amongst the components in a Honoré-style bundle is the right to transfer one’s property to somebody else, usually in return for another good, such as money or services. The conviction that such transfers involving data should be possible is one important motivation of data ownership regimes. “The raison d’etre of property is alienability” (Litman 2000, 1295). Indeed, while data are hailed as the ‘new oil’ and the most important resource of the 21st century, no straightforward mechanisms for attributing and transferring data exist (Thouvenin 2017, 26). Data ownership could address this gap by enabling data subjects to introduce usage and access rights to their data into the market. Ideally, this facilitates transactions and results in more efficient allocations. For example, with regard to ownership of health data, Kish and Topol believe that “[w]ithout ownership, there can be no trusted exchange. […] To build a truly thriving health data economy, we need to harness the power of data ownership” (2015, 923).
For a moment, let us sidestep our result above that quasi-ownership might be enough to achieve such ends, and that genuine ownership need not be necessary. The present idea is that propertization and the option to market data enhance the control and power of data subjects: “if the essence of a ‘property right’ is that the person who wants it must negotiate with its holder before he can take it, propertizing privacy would also reinforce the power of an individual to refuse to trade or alienate his privacy” (Lessig 2002b, 261). As Purtova (2015) highlights, losses of control loom in the absence of propertization: access and usage of data will become a matter of mere de facto power of data market participants. Thus, “the right question to ask is not whether there should be property in personal data, but whose property it should be” (Purtova 2015, 84).
Besides control, marketability could also put individuals in a position to gain a share in the economic value that is generated by processing their data. Lanier highlights that private firms do not compensate the individuals whose data drives their business. His proposed solution is to
[p]ay people for information gleaned from them if that information turns out to be valuable. If observation of you yields data that makes it easier for a robot to seem like a natural conversationalist, or for a political campaign to target voters with its message, then you ought to be owed money for the use of that valuable data. It wouldn’t exist without you, after all. […] An amazing number of people offer an amazing amount of value over networks. But the lion’s share of wealth now flows to those who aggregate and route those offerings, rather than those who provide the ‘raw materials.’ A new kind of middle class, and a more genuine, growing information economy, could come about if we could break out of the ‘free information’ idea and into a universal micropayment system. We might even be able to strengthen individual liberty and self-determination even when the machines get very good. (Lanier 2014, 9)
Lanier does not merely demand that data ownership shall get recognized. He is also presupposing certain (non-legal) ownership relations and entitlements when he argues that as of now, people do not receive fair shares of the value their data helps to generate, and that this shall be addressed by means of his proposed micropayment system that compensates individuals appropriately.
The idea that individuals should be able to market their data receives a variety of criticisms. First, it could have undesirable consequences if data subjects were in a position to introduce their data into market transactions. Commercialization of data appears to empower the initial data owner, but could also result in losses of control and participation. Once access and usage rights have been sold or traded against services, individuals cease to have control and authority over their data. Intuitions about entitlements one retains after one’s data has been marketed thus speak against ownership as marketability. As Montgomery points out with regard to personal health data, “information ‘about me’ does not cease to be connected to my privacy when I give (or sell) it to others” (Montgomery 2017, 82). Since even after having sold their data, individuals retain justified claims to privacy, Montgomery takes it to be implausible that data fall under the category of private property. Alienability could further encourage marketization that ends up undermining rather than strengthening privacy. “The concept of alienable ownership rights in personal data is disturbing, because the opportunities to alienate are ubiquitous. […] The market in personal data is the problem. Market solutions based on a property rights model will not cure it; they’ll only legitimize it” (Litman 2000, 1299–1301).
Second, a further worry relates to the attitudes and expectations that are raised by data ownership. Consider what exactly individuals would own if they had property rights in their data. If we abstract from the labour others contribute towards the generation and processing of data, then not much of value is left. “Data propertization proposals fail because patients’ raw health information is not in itself a valuable data resource, in the sense of being able to support useful, new applications. Creating useful data resources requires significant inputs of human and infrastructure services, and owning data is fruitless unless there is a way to acquire the necessary services” (Evans 2011, 75). According to a joint report by the British Academy and the Royal Society, data ownership might “create an expectation of compensation for use of data” even though “value is typically derived from the combination and use of data rather than from individual data points” (2017, 32). The report does acknowledge the economic importance of ownership notions towards “extracting the commercial value of data” and “protecting [data] as an asset and realising its value” (ibid.). But it cautions against misunderstandings that could flow from overly simplistic models of data ownership, transferability, and the value of data.
Third, against data ownership as marketability speaks the insight that data differ from other goods that can be marketed. Unlike paradigm cases of property, transfers of data do not imply that the vendor or donor loses anything. Data can be transmitted but not withdrawn, be possessed simultaneously by many (Solove 2008, 27), and be in several places at the same time (Prainsack 2019b). Floridi notes that acquisition and usage of information are lossless; “contrary to other things that one owns, one’s personal information is not lost when acquired by someone else” (Floridi 2014a, 118). These challenges to marketization might not be insurmountable. For example, one way to accommodate them is to say that rather than transfers of data, what happens upon marketization is simply the suspension of certain privacy claims against a return. Still, data remain an unusual commodity with distinctive characteristics.
These criticisms target data ownership as marketability as undesirable, at odds with privacy intuitions, and unsuitable in view of the features of data. But another strand in the debate takes a different route. It agrees that data ownership—if understood properly—should be recognized, but on these grounds strongly opposes the idea that data should be marketable. Its starting point is the importance of data for the constitution and integrity of persons.
Floridi’s account of personhood rests on an “informational interpretation of the self. The self is a complex informational system, made of consciousness activities, memories, and narratives. From such a perspective, you are your own information” (Floridi 2014a, 69). He goes on to defend the view that the primary importance of privacy flows from our status as “informational organisms (inforgs), mutually connected and embedded in an informational environment (the infosphere)” (Floridi 2014a, 94). Because of the significance of information for the self-constitution of inforgs, privacy breaches infringe upon their identity. This picture, however, leads Floridi to reject an ownership-based interpretation of privacy according to which “[a] person is said to own his or her information […] and therefore to be entitled to control its whole life cycle, from generation to erasure through usage” (Floridi 2014a, 116). Agents do not just own information; they are constituted by it. Floridi thus calls for “understanding a breach of one’s informational privacy as a form of aggression towards one’s personal identity” (2014a, 119). As a result,
one may still argue that an agent ‘owns’ his or her information, yet no longer in the metaphorical sense just seen, but in the precise sense in which an agent is her or his information. ‘Your’ in ‘your information’ is not the same ‘your’ as in ‘your car’ but rather the same ‘your’ as in ‘your body’, ‘your feelings’, ‘your memories’, ‘your ideas’, ‘your choices’, and so forth. It expresses a sense of constitutive belonging, not of external ownership, a sense in which your body, your feelings, and your information are part of you but are not your (legal) possessions. (Floridi 2014a, 121)
In other words, Floridi would criticize language of data ownership only to emphasize that it actually concerns instances of self-ownership in the most literal sense. Because of this intimate entanglement between information and the informational organisms it constitutes, Floridi demands that the protection of information shall be grounded directly in the normative status of the latter. For us, this means that
[t]he protection of privacy should be based directly on the protection of human dignity, not indirectly, through other rights such as that to property or to freedom of expression. In other words, privacy should be grafted as a first-order branch to the trunk of human dignity, not to some of its branches, as if it were a second-order right. (Floridi 2016, 308)
One upshot of this is that data becomes unsuitable for market transactions. Indeed, Floridi suspects that if he is right that “personal information is […] a constitutive part of someone’s personal identity and individuality, then one day it may become strictly illegal to trade in some kinds of personal information” (Floridi 2014a, 122).
Overall, the relation between data ownership and marketability is complicated. On the one hand, some call for data ownership in order to allow individuals to market their data. On the other hand, others worry that data ownership would open the door to stripping individuals of something inalienable, and that data are so ingrained with individual personhood that ownership is too external to capture this relation. From the perspective of the individual, the resource is indispensable. Data ownership properly understood thus precludes rather than motivates alienability and marketization.
Protection versus Participation
Other calls for data ownership share the conviction that certain fundamental resources need to be available to individuals for self-constitution, forming and implementing life plans, and participating in communal lifeforms. They also agree that data ownership is vital towards articulating claims to access these basic resources. But they differ in their understanding of which kinds of resources are needed.
On one end of the spectrum, data ownership can be a merely defensive, protective concept. Individuals are in need of a sphere of secrecy, and authority over access and use of their data is what allows them to protect this sphere from the state, corporations, and others. For example, consider Lessig’s position that property rights and rhetoric are instrumentally valuable since they promote and reinforce privacy: if my data was my property, it would become intuitively clear how taking, using, or selling it without my consent is wrong. “If people see a resource as property, it will take a great deal of converting to convince them that companies like Amazon should be free to take it. Likewise, it will be hard for companies like Amazon to escape the label of thief” (Lessig 2002b, 255). Property rights can be used to delineate a personal sphere that others may not interfere with. “Property talk is often resisted because it is thought to isolate individuals. It may well. But in the context of privacy, isolation is the aim. Privacy is all about empowering individuals to choose to be isolated” (Lessig 2002b, 257). Similarly, Westin’s claim that “personal information, thought of as the right of decision over one’s private personality, should be defined as a property right” (Westin 1967, 324) seems to rest on an instrumental claim: rather than an end in itself, propertization is an effective means. Its value derives from its function of facilitating and enabling individual control and the ability to safeguard privacy.
Besides such instrumental claims, we could further consider an explanatory proposal: breaching privacy is wrong because of ownership. For example, Thomson (1975) argues that the right to privacy consists in a cluster of more specific rights, such that.
the wrongness of every violation of the right to privacy can be explained without ever once mentioning it. […] Someone looks at your pornographic picture in your wall-safe? He violates your right that your belongings not be looked at, and you have that right because you have ownership rights—and it is because you have them that what he does is wrong. (Thomson 1975, 313)
Along these lines, we could imagine that at least for some privacy breaches, e.g. the ones Lessig is referring to, data ownership is what explains their wrongness. Admittedly, one initial challenge is that Thompson speaks about tangible objects like pictures in a wall-safe, whereas data, as mentioned earlier (2.), differ in important respects from such objects. But suppose we are willing to entertain the suggestion that data can be owned, and that such ownership can ground privacy claims. Thompson’s discussion then leads to a second challenge: we can think of alternative normative resources to motivate privacy. It seems to be up for debate whether it is ownership that explains the wrongness of privacy breaches. For example, taking up Thomson’s own cue, we could instead focus on personal rights:
Someone uses an X-ray device to look at you through the walls of your house? He violates your right to not be looked at, and you have that right because you have rights over your person analogous to the rights you have over your property—and it is because you have these rights that what he does is wrong. (ibid.)
The wrongness of privacy breaches could also consist in the right of persons not to be harmed, or not to be treated merely as a means. Once this becomes clear, the question arises whether data ownership is necessary and appropriate for a normative grounding of privacy. A related objection is levelled by Scanlon (1975), who argues that the relevance of ownership is actually merely incidental. It happens to convey information about the conventional boundary of our zone of privacy. But even without any ownership involved in the wall-safe case, there would be rights and interests in play which determine and motivate justified privacy claims—which shows that reference to ownership is dispensable. For our purposes, we need not take a stance in this debate. We merely note that ownership can in principle be taken to motivate protective rights that exclude others from an individual’s personal informational sphere.
Even then, a third challenge looms: which claims to data ownership, if any, are justified? Recall that the Lockean labour criterion suggests: not the ones Lessig thinks. If labour is any indication, it is not clear whether data subjects and not data processors should be regarded as data owners. Here, we would like to propose a possible response to this challenge, which to our knowledge has not been noted in the literature. Interestingly, when discussing Locke in connection with data ownership, commentators appear to assume that labour is the only Lockean criterion for ownership. Locke, however, proposes the labour criterion in the context of a discussion of original acquisition, i.e. acquisition of a resource that was previously unowned. This raises two questions towards authors who refer to the labour criterion to claim that data subjects do not (or should not) have data ownership.
First, the Lockean criterion for original acquisition is compatible with there being further criteria that are subsequent to original acquisition, such as inheritance, reparation for injuries, alienation through gift, sale, or trade, and especially an individual’s entitlement to the surplus of the good of others if this is necessary for the satisfaction of her basic needs (Simmons 1992, 224–225, 327–328).
As Justice gives every Man a Title to the product of his honest Industry, and the fair Acquisitions of his Ancestors descended to him; so Charity gives every Man a Title to so much out of another’s Plenty, as will keep him from extream want, where he has no means to subsist otherwise; and a Man can no more justly make use of another’s necessity, to force him to afford to the wants of his Brother, than he that has more strength can seize upon a weaker, master him to his Obedience, and with a Dagger at his Throat offer him Death or Slavery. (Locke 1689, I, 42.)
There is some debate amongst Locke interpreters about the significance of need and charity for property rights, for example whether subsistence must be provided through property, or whether Locke is in fact neutral on how subsistence is guaranteed (Waldron 1988, 139). What matters for our purposes is that there are other Lockean criteria besides labour. The insight that not the individual but corporations, states, or hospitals invest labour and resources into generating and processing data then falls short of determining data ownership. In particular, if we are inclined to justify privacy via ownership, and note that certain levels of privacy can be seen as a basic need, a fundamental presupposition for leading a fulfilled life, then the relevant forms of ownership might not depend on labour.
Second, emphasizing that the labour criterion concerns original acquisition, and the mutual shaping between Locke’s view and the colonial policies of his times (Arneil 1996), remind us of the significance of who owns what in the status quo. Indeed, Zuboff in her recent and rich analysis of societal and economic consequences of digitization compares the relation between contemporary large private-sector data processors and data subjects to the relation between sixteenth century conquerors and indigenous populations. Like the conquerors who purported to embody the authority of God, the pope, and their king, and on these grounds claimed indigenous lives and land, the large players of surveillance capitalism “claim human experience as raw material free for the taking”, and purport to possess a “right to own the behavioural data derived from human experience”—declarations that effectively render the age of surveillance capitalism “an age of conquest” (Zuboff 2019, ch. 6). The analogy is Zuboff’s, not ours, and we are not assessing its adequacy or possible limitations. What matters for our purposes is the suggestion that it might be misguided to regard consumer data as unoccupied territory. Like the conquerors, large private-sector organizations claim resources they falsely presume to be unowned, and neglect claims that precede their acquisition. Thus, in order to clarify whether the labour that data processors invest into the generation of data confers ownership, we must know more about antecedent claims that frame this process. Before data are generated, they might not be owned by anyone because they do not exist. What does exist, however, are the lives, behaviours, and features of data subjects, including their claims to have these processes protected, and to shape them autonomously in ways that allow them to participate in societal endeavours. How these claims are weighed against subsequent claims by data processors is a question whose answer a labour criterion does not by itself address.
The foregoing was primarily concerned with negative, protective claims that keep others outside one’s personal informational space. However, stances on the role of data ownership can be informed further by one’s theory of selves—what constitutes them, and whether we regard them primarily as occupying social roles as citizens or members of particular communities. The hint we can then take from Floridi is twofold. On the one hand, his notion of the self highlights the importance of protecting information pertaining to the personal sphere and the integrity of persons. On the other hand, he can also be taken to suggest that shielding is important but not enough. Individuals qua inforgs are deeply interwoven with their personal information and its embeddedness in the infosphere. Since inforgs weave informational ties across the infosphere, we might argue that controllable, localized retentions of the shielding of information are what allows them to interact with others and to participate in communal and societal activities.
This means that data ownership will not always be tied to presumed entitlements and mechanisms to constrain data flows. Sometimes, individuals will claim their data and seek to share them in certain ways (Hummel et al. 2018). For inforgs, data ownership as isolation cannot be enough. It must also allow participation in societal endeavours mediated through the infosphere. As mentioned, proponents of data ownership as marketability (3.2) argue that the relevant form of participation is receiving one’s share in the generation of economic value that is driven by the processing of individuals’ data. But beyond seeking economic returns, individuals are shaped by ascriptions of recognition of and to others. The intention to contribute to a common good can lead them to redistribute parts of their informational resources through giving and donating data (Hummel et al. 2019). It is a platitude that I can only legally give what is mine, and thus one potential aporia of donating and sharing data is that these attitudes seem to presuppose some form data ownership that legal frameworks might not recognize (2.). But drawing on our earlier suggestion (3.1), the ‘mine’ in the platitude need not signify genuine ownership, but can take the form quasi-ownership. Insisting on not only protective but also participatory ways of making use of one’s data thus need not rest on presumptions that are unattractive or unfounded from a legal perspective.
Individual versus Collective Claims and Interests
There are different frameworks for distinguishing kinds of property. For example, Waldron (1988, 38–42; 2017, ch. 1) defines: in private property, the resource is under the decisional authority of particular individuals (or families or firms). In collective property, governance proceeds “by reference to the collective interests of society as a whole” (Waldron 1988, 40), with these interests determined through mechanisms of collective decision-making. Common property refers to a resource being governed by rules whose point is to make them available for use by all or any members of a society. Here, Waldron explicitly links common property with conceptions of justice: “In the case of finite resources, or resources which cannot be used simultaneously by everyone who wants to use them, the operation of a system of common property requires procedures for determining a fair allocation of use to individual wants. This is the task of a theory of justice” (Waldron 1988, 41). Both collective and common property typically involve governance by the state.
As these distinctions illustrate, conceptualizations of different kinds of property have a variety of parameters on which they can encode substantive commitments. To begin with, they call for specifications of who the owner is. Property need not be owned by single individuals. A multitude of individuals can own a resource. Moreover, in some cases, the agent(s) authorized to govern the particular good or resources by setting rules and restricting access might be the de facto owner(s), but actually remain(s) answerable to certain claims. For example, on the one hand, the state’s governance of collective property is “the effect of a decision by a sovereign authority” (Waldron 1988, 41). On the other hand, the state is answerable to society’s claim to access for everyone. Moreover, different kinds of property reflect different goals and principles that shall guide governance, e.g. whether the point of property is making it accessible to everyone, to preserve it, or to govern it in accordance with collective decision-making. Last but not least, implicit in notions of commonality and collectives is a presumption of membership relations. Those not standing in these relations are outsiders from the perspective of the group or society in question. Crucially, these membership relations are linked with usage entitlements to the respective resource.
Besides highlighting the question of who is plausibly regarded as the data owner, these points demonstrate the importance of terminological clarity of which kind of property is envisioned. Waldron’s definitions are certainly not the only way to conceptualize different kinds of property, but they demonstrate that merely calling for data ownership is an underspecified demand. If there is—or should be—data ownership, the question immediately arises who owns which data, and what the point of such ownership is.
As outlined, one first response is that individuals shall have their data as private property. This sense of data ownership is put forward when it is proposed that patients shall have ownership over their health data (Kish and Topol 2015; Mikk et al. 2017), when individuals shall be able to market their data (Lanier 2014), and also when legal frameworks are perceived to assign proprietary rights to data (2.).
However, we have also seen that one salient alternative is to affirm that data can be property, but to deny that individual data subjects are the owners. First, as consideration of the Lockean position indicates, private-sector organizations, too, can articulate justified claims to ownership of the data they generate and process (e.g. Ensthaler and Haase 2016, 1460–1461). Second, we can even dispute whether private property in Waldron’s sense is applicable to data. For example, Montgomery argues that if we really want to regard genetic and genomic information as property, it should not be considered private: “it is perhaps more convincing to consider individual genetic information as a form of common property belonging simultaneously to a group of people but with outsiders excluded” (Montgomery 2017, 85). He also endorses “[p]ublic ownership of genomic information” (ibid.), whereas private property would implausibly enable patients “to appropriate to themselves material that is biologically common to others” (ibid.).
There are further authors who call for data ownership and envision the owner to be a collective, society, or mankind as a whole, for example when recognition and protection of a data commons is being demanded. For Prainsack, a data commons could be key to address power asymmetries between data subjects and data processors, typically large private sector organizations, provided careful reflection is devoted to dynamics of inclusion and exclusion surrounding this pool of resources. Inclusion involves being able to enter data into the digital commons, to use information from the commons, to enjoy benefits from the commons, and to participate in its governance (Prainsack 2019b, 8). Across these instances, exclusion need not always be unjust, but prompts further consideration of how the respective individuals and populations are affected by it. In the end, harm mitigation mechanisms (McMahon et al. 2019) are necessary for both those who incur damages due to their inclusion, and those who incur damages from being excluded.
In these proposals, data ownership held by populations, society or mankind need not preclude further ownership or control rights at the individual level. However, tensions and competition between individual and collective as well as local and global interests are conceivable. For example, consider Cohen’s view (2018, 212–216) that healthcare data can be shared and processed for the public good without patient consent because her healthcare data is not her property. In this case, a denial of data ownership is tied to a denial of entitlements to control and consent to data processing, or in Cohen’s words, a “duty to share healthcare data” (2018, 209). He seems to assume that ownership is a necessary condition for control, whereas amongst our points above (3.1) was that we could conceive of control rights independently of whether or not they constitute ownership. At any rate, his reasoning demonstrates that there is an interplay and between individual and collective claims; if they are in tension or opposition, then discounting one can be perceived as strengthening the comparable plausibility of the other.
Considerations promoting the common good undoubtedly carry some normative weight particularly against the background of an interdependent relation between self and other. But how are we to think of the coexistence of individual and collective interests when algorithms informing litigation are fed with information on a particular defendant, when data of a particular individual is used to tailor marketing content that taps into her needs, desires, and preferences, when an individual’s credit application is assessed on the basis of ratings derived from data sets harvested across different domains, or when health data is tracked by wearables and subsequently shared with insurers, employers, and other third parties, thereby giving a variety of lifestyle decisions of an individual? The point is not merely that conflicts can arise between individual and collective interests. The point is also that it is up for debate what counts as a concordance of both, which considerations take priority in particular cases of conflict, and which compromises of individual interests and freedom count as sufficiently valuable additions to the data commons and provide public value and enhancements of the common good.
Just as prioritizing the common good can constrain individual self-determination, individual interests might involve delimiting the authority of others and enforcing claims against them, potentially with the consequences that Rodwin, Contreras, and others who are concerned about impediments to research fear for the common good. Our suggestion is not that there is a zero-sum game between individual and collective interests, i.e. that promotions of one are only to be had at the expense of the other. It is just that there are interdependencies and sometimes trade-offs between both domains. For this reason, it is an oversimplification to suggest that we can seamlessly envision individual control rights alongside collective-level ownership. Attributing data ownership to the public and maintaining a data commons will inevitably interact with individual freedom, and claims for data ownership gesture towards the need for an inclusive societal debate on how these two poles are being harmonized and mediated.
We have suggested that calls for data ownership position themselves along four dimensions, specified by four pairs of poles: property versus quasi-property, marketability versus inalienability, protection versus participation, and individual versus collective claims and interests. These results are presented in Table 1. For the respective positions on these dimensions, different claims turned out to be relevant. The first dimension concerns incidents of (quasi-)property. These are expected to enable (quasi-)owners to control data flows and to impact the outcomes of data processing. The second dimension focuses on the individual’s relation to data. It asks whether or not there is, or should be, an entitlement of the data subject to market her data. Ideally, this allows her to benefit from her resource. However, it could also amount to the alienation and commercialization of certain core aspects of her as a self or subject. The third addresses the significance of the resource for individual constitution, flourishing, and integrity, and negotiates which combination of protection and participation is needed to advance them. The fourth pair of poles concerns the interplay between individual and collective interests, needs, and preferences, and raises the questions how these could be harmonized and aligned. The proposed scheme is not intended to present an antecedently determined standard on what a comprehensive call for or against data ownership shall cover. Neither is it intended to exhaust all possible meanings. Instead, it is inductive as it rests on inferences from specific, paradigmatic instances of discussions of data ownership.