WS14

WORKSHOP

SUMMARY

WORKSHOP • 20 FEBRUARY 2018

LUNCHTIME WORKSHOP:

“Putting a price on your invaluable private life? Personal data and the values behind


by Lina Jasmontaite, Brussels Privacy Hub, LSTS, VUB

SUMMARY


On 20 February 2018, the Brussels Privacy Hub in collaboration with the European Data Protection Supervisor (EDPS) organised a lunchtime event questioning the pricing of personal data and the values behind such practices. The event was hosted at the EDPS premises and it was followed by 30 participants representing a wide range of stakeholders involved in discussions on data protection, including academics and representatives of the industry, civil society and data protection authorities.


After a welcome by the chair of the event Romain Robert (EDPS), research Professor Gloria González Fuster (VUB) contextualized the debates concerning the pricing of personal data. She suggested that a very idea of attaching value to personal data has morphed out of a discussion on data ownership. Pointing out the challenge of legal complexity surrounding the debate, she invited Damian Clifford (KU Leuven) to explain the key features of the relevant legal framework. In his presentation, Clifford identified the key provisions of the Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content (Digital Content Proposal) that need to be considered in relation to the General Data Protection Regulation (GDPR) and the Directive on unfair terms in consumer contracts. He noted that by differentiating between active and passive data provision, in particular concerning the use cookies and IP addresses, in the Digital Content Proposal, the European Commission (EC) somewhat creates undesirable categorization of personal data and contradicts its own approach taken in other legislative measures and the case law of the Court of Justice of the EU (CJEU). For example, the ePrivacy Directive (as well as the proposal for the Regulation repealing it) requires controller to obtain consent for the use of cookies and the CJEU has recognized that under certain circumstances IP addresses can be considered to be personal data. Clifford suggested that the personal data is used as a counter-performance in business-to-consumer (B2C) contracts probably due to the lack of harmonization of contract formation at EU level. To aid the current situation, the EU legislature should better consider the implications of the proposed text. According to the Digital Content Proposal, B2C contracts would be concluded on consent and this consequently requires re-examination of consent elements (e.g., ‘freely given’, Article 7.4 of the GDPR).

Then, Géraldine Proust (FEDMA) suggested that a progressive move towards data commodification does not go against the protection of fundamental rights of individuals. On the contrary, in her opinion, a better knowledge of purposes and consequences of data processing may increase consumers’ understanding of value exchange for the service received in exchange of their personal data. She suggested that this consequently can strengthen data protection of an individual. Building on an Acxiom study analysing what the consumer really thinks about data privacy, she noted that consumers are incentivized to exchange their personal data for loyalty points, discounted products or services as well as access to exclusive events or content. Proust also pointed out that consumers prefer clear communication of purposes of data collection and that consumers are looking for incentives, such as a direct monetary reward for sharing their data. Then she argued that even though many consumers make pragmatic choices regarding data sharing and are willing to trade their data for a certain gain, the industry still has not worked out ways to demonstrate and communicate the value of this exchange in a balanced and satisfactory way. Proust suggested that for individuals to approach their personal data as an asset, the industry needs to respect and implement principles stemming from the GDPR, such as transparency, fairness, accountability, the use of appropriate safeguards and a risk based approach in their communication practices (i.e., information notices). She concluded her contribution with a statement that introducing additional regulation without giving time to implement the GDPR may undermine the objectives of the data protection reform.

The following speaker, Agustín Reyna (BEUC) discussed conceptual considerations that need to be taken into account when contemplating about personal data as an asset that can be traded. He pointed out that the current legal framework does not invoke the legal status of personal data. The law governs the processing of personal data and provides a possibility to access, rectify and delete such data. He noted, explaining this means that in principle the ownership of personal data is not possible and so ‘licensing’ of personal data is problematic. He argued that the Digital Content Proposal takes this debate further as it defines personal data as an element of an exchange. This idea of counter-performance, in his opinion, implies indirect recognition of personal data as an asset, which so far has been alien to data protection law because counter-performance typically concerns the exchange of tangible goods or services. Reyna argued that direct assignment of proprietary nature to personal data by means of recognition of data as a counter-performance will not make personal data a disposable asset. He added that while certainly there is an added value in expanding protection of personal data by provisions concerning contract law, the legal regulation has to be carefully drafted. B2C contracts should not allow deviation from the GDPR, which in practice would mean that companies shouldn’t impose conditions in B2C contracts that would oppose requirements and principles stemming from the GDPR. In general, Reyna welcomed the Digital Content Proposal, which aims at adding a new layer of protection to individuals from the contract point.

Sari Depreeuw (Daldewolf) in her contribution reflected on the possibility to recognize personal data as an asset from the Intellectual Property Rights (IPRs) perspective as the latter concerns immaterial goods. She argued that the most relevant IPR in this regard is copyright, which has a long tradition of international and EU harmonization. Copyright is interesting because it contains two elements, namely economic rights and moral rights, she explained, adding that the latter category is closer to personality rights and concern the protection of the author (e.g., authorship, integrity, first publication). Depreeuw noted that both elements are considered when concluding a contract. She explained that in order to ease the challenges of applying the general contract law to immaterial goods, the regulator has awarded authors with additional protection. Authors are considered to be a weaker party when negotiating with commercial players (e.g., publishers or music labels) by law. Depreeuw said that, in principle, there are no limitations on the transfer of economic rights, whereas it is not possible to transfer or sell your moral rights. It is only possible to refrain from exercising your moral rights under certain conditions. Then she added that in case of an infringement, calculation of material damage is easier to evaluate than the moral one. Evaluation of moral damage is based on the license price or a bono appreciation. When considering analogies that could be drawn on the copyright example, Depreeuw suggested considering that in case of a copyright infringement there is more transparency about it in comparison to an infringement of personal data use. She claimed that often consumers are left in dark about internal processes and value creation resulting from their data sharing. Finally, Depreeuw observed that provided that copyright offers an individualistic approach (i.e., it relates to one person), collective enforcement actions could be a more appropriate solution for launching complains for infringements of data protection law.


During the debates that followed the four presentations, it was reiterated that the idea of remuneration for personal data might not be entirely appropriate as the value of personal data is difficult to estimate and it may fluctuate. As part of the discussion, the speakers agreed that although personal data certainly have value for the many companies that process them, the current legal framework does not allow determining clearly their value. This is due for instance to a restricted understanding of ‘price’ as an expression of a monetary value and little guidance for the evaluation of personal data as an economic asset in the context of mergers. Looking forward, the participants called for further discussions concerning the evaluation of personal data and its implications.



Connect with us


Brussels Privacy Hub

Law Science Technology & Society (LSTS)

Vrije Universiteit Brussel

Pleinlaan 2 • 1050 Brussels

Belgium

info@brusselsprivacyhub.eu

@privacyhub_bru

Stay informed


Keep up to date of our activities and developments. Sign up to our newsletter:

My Newsletter

Copyright © Brussels Privacy Hub