WORKSHOP • 20 FEBRUARY 2018
“Putting a price on your invaluable private life? Personal data and the values behind”
by Lina Jasmontaite, Brussels Privacy Hub, LSTS, VUB
On 20 February 2018, the Brussels Privacy Hub in collaboration with the European Data Protection Supervisor (EDPS) organised a lunchtime event questioning the pricing of personal data and the values behind such practices. The event was hosted at the EDPS premises and it was followed by 30 participants representing a wide range of stakeholders involved in discussions on data protection, including academics and representatives of the industry, civil society and data protection authorities.
Then, Géraldine Proust (FEDMA) suggested that a progressive move towards data commodification does not go against the protection of fundamental rights of individuals. On the contrary, in her opinion, a better knowledge of purposes and consequences of data processing may increase consumers’ understanding of value exchange for the service received in exchange of their personal data. She suggested that this consequently can strengthen data protection of an individual. Building on an Acxiom study analysing what the consumer really thinks about data privacy, she noted that consumers are incentivized to exchange their personal data for loyalty points, discounted products or services as well as access to exclusive events or content. Proust also pointed out that consumers prefer clear communication of purposes of data collection and that consumers are looking for incentives, such as a direct monetary reward for sharing their data. Then she argued that even though many consumers make pragmatic choices regarding data sharing and are willing to trade their data for a certain gain, the industry still has not worked out ways to demonstrate and communicate the value of this exchange in a balanced and satisfactory way. Proust suggested that for individuals to approach their personal data as an asset, the industry needs to respect and implement principles stemming from the GDPR, such as transparency, fairness, accountability, the use of appropriate safeguards and a risk based approach in their communication practices (i.e., information notices). She concluded her contribution with a statement that introducing additional regulation without giving time to implement the GDPR may undermine the objectives of the data protection reform.
The following speaker, Agustín Reyna (BEUC) discussed conceptual considerations that need to be taken into account when contemplating about personal data as an asset that can be traded. He pointed out that the current legal framework does not invoke the legal status of personal data. The law governs the processing of personal data and provides a possibility to access, rectify and delete such data. He noted, explaining this means that in principle the ownership of personal data is not possible and so ‘licensing’ of personal data is problematic. He argued that the Digital Content Proposal takes this debate further as it defines personal data as an element of an exchange. This idea of counter-performance, in his opinion, implies indirect recognition of personal data as an asset, which so far has been alien to data protection law because counter-performance typically concerns the exchange of tangible goods or services. Reyna argued that direct assignment of proprietary nature to personal data by means of recognition of data as a counter-performance will not make personal data a disposable asset. He added that while certainly there is an added value in expanding protection of personal data by provisions concerning contract law, the legal regulation has to be carefully drafted. B2C contracts should not allow deviation from the GDPR, which in practice would mean that companies shouldn’t impose conditions in B2C contracts that would oppose requirements and principles stemming from the GDPR. In general, Reyna welcomed the Digital Content Proposal, which aims at adding a new layer of protection to individuals from the contract point.
Sari Depreeuw (Daldewolf) in her contribution reflected on the possibility to recognize personal data as an asset from the Intellectual Property Rights (IPRs) perspective as the latter concerns immaterial goods. She argued that the most relevant IPR in this regard is copyright, which has a long tradition of international and EU harmonization. Copyright is interesting because it contains two elements, namely economic rights and moral rights, she explained, adding that the latter category is closer to personality rights and concern the protection of the author (e.g., authorship, integrity, first publication). Depreeuw noted that both elements are considered when concluding a contract. She explained that in order to ease the challenges of applying the general contract law to immaterial goods, the regulator has awarded authors with additional protection. Authors are considered to be a weaker party when negotiating with commercial players (e.g., publishers or music labels) by law. Depreeuw said that, in principle, there are no limitations on the transfer of economic rights, whereas it is not possible to transfer or sell your moral rights. It is only possible to refrain from exercising your moral rights under certain conditions. Then she added that in case of an infringement, calculation of material damage is easier to evaluate than the moral one. Evaluation of moral damage is based on the license price or a bono appreciation. When considering analogies that could be drawn on the copyright example, Depreeuw suggested considering that in case of a copyright infringement there is more transparency about it in comparison to an infringement of personal data use. She claimed that often consumers are left in dark about internal processes and value creation resulting from their data sharing. Finally, Depreeuw observed that provided that copyright offers an individualistic approach (i.e., it relates to one person), collective enforcement actions could be a more appropriate solution for launching complains for infringements of data protection law.
During the debates that followed the four presentations, it was reiterated that the idea of remuneration for personal data might not be entirely appropriate as the value of personal data is difficult to estimate and it may fluctuate. As part of the discussion, the speakers agreed that although personal data certainly have value for the many companies that process them, the current legal framework does not allow determining clearly their value. This is due for instance to a restricted understanding of ‘price’ as an expression of a monetary value and little guidance for the evaluation of personal data as an economic asset in the context of mergers. Looking forward, the participants called for further discussions concerning the evaluation of personal data and its implications.
Copyright © Brussels Privacy Hub