Data is all around us in everything we do and in every object that we use. In the information age, there is no person or object that does not generate data and since we are all connected, there is nothing to stop each of us from accessing all of it. If there is no limit to the amount of data that exists and no additional marginal cost to the creation of new data, surely it stands to reason that the value of data should be zero.

The reality, however, is quite different. Data is one of the most valuable resources of the modern economy and among the many debates it has sparked, is the question of who actually owns it and is entitled to claim its value.

If you think about it, data actually has no value unless someone decides that it is worth being collected. Even after a data collector decides to invest time and effort in collecting and processing it, any individual item of data only actually becomes valuable when it is aggregated with others like it into truly large data sets. It is in this state that data has any value at all.

As much as we may want to believe that data has value from the get go, the fact of the matter is that without the efforts of the data collectors, no data would have had any value. Very few data collectors actually say this out loud as this is not a statement that would go down well. In today’s data rich world, data subjects genuinely believe that they are and rightly should be the owners of their data and the last word in what can or cannot be done with it. They believe that data is valuable in the aggregate, and therefore that there must exist some appropriate fractional value attributable to each data element solely by reason of it having individually contributed to the whole.

This is the tension that frustrates all attempts to regulate data in the traditional way. On the one hand, data collectors argue that had they not put in the effort to collect and organize data or develop algorithms to extract insights out of the large volumes of data they hold, there would be no value whatsoever. Data subjects, on the other hand, argue that since it is they who have provided the information and who will be affected when this information is used, the ability to exert ownership rights over how it is eventually used should vest with them.

The reason why we are even having this debate in the first place is because we believe we need to think of data in terms of who owns it. We have operated on the assumption that the secret to effective data governance is identifying the owner of a given item of data so that we can impose upon them a set of rules as to what they can and cannot do with it. This approach hasn’t worked so well for us. Ownership leads to monetization and eventually to fraught questions as to who deserves to benefit from it. Perhaps we need to a new approach.

One alternative that has been suggested is to conceptualize the issue in terms of data trusts—constructs that treats data as a pooled resource, aggregating them so that the sum of discrete elements of data have value greater than any individual item. Trusts allow data to be shared, breaking down silos that place data under the exclusive control of a data collector and instead sharing them between data collectors and/or data subjects to allow the value flow across a larger group of users without cleaving to traditional notions of ownership.

There are broadly two distinct types of data trusts that are spoken about—collector-centric and subject-centric. Collector-centric data trusts are established by data collectors so that they can establish the terms under which the data they have collected can be pooled into a common resource. This pooling allows them to share the benefits of the larger data set without having to negotiate transfer arrangements between each other. By encouraging sharing across collectors who would have otherwise kept this data siloed and apart, collector-centric data trusts ensure greater data sharing than would otherwise have taken place. However since collector-centric trusts only benefit incumbent data controllers, they deny new entrants market access resulting in them being easily mistaken for monopolistic constructs that are designed to preserve the advantage that existing data collectors already have.

The second type of data trust allows data subjects to pool their data into the trust and then make this pooled data available to collectors on terms negotiated by the trust on behalf of the contributing data subjects. By banding data together in a single pool, data subjects are able to aggregate their data assets so that the pool has more value than any individual element of data ever could. With a sufficiently large number of data subjects, the entire trust is in a far better negotiating position than if each of them had to deal with data controllers on an individual basis. Subject-centric trusts vest in trustees the responsibility to deal with the data in the best interests of the members of the trust—as opposed to the data collectors—making it one of the few constructs designed to work for data subjects.

As India gets to the final stage of conceptualizing its data protection future, it would do well to examine these alternate models and facilitate its inclusion into the law. The world has tried data ownership and it hasn’t worked. Perhaps its time to try something different.

Rahul Matthan is a partner at Trilegal and author of ‘Privacy 3.0: Unlocking Our Data Driven Future’

Close