On data markets as a means to privacy protection

Abstract

A number of technological developments such as cloud computing and big data analysis have affected the way in which personal data are processed. These developments go coupled with the currently prevalent business model of free online services that are financed through advertisements and an analysis of user data. Based on these developments, it seems that the new requirements have exposed deficits in the current approach to data protection in the European Union. In the debate on this topic, one of the solutions that are discussed is to create market structures in which users can sell personal data to businesses, thereby gaining control over the ways in which their data is used. Such an approach would constitute an alternative way to the protection of privacy, which is different from the current form of data protection. In order to better assess the validity of claims about the effectiveness of such an alternative approach, it therefore is of importance to know the possible effects that data markets would have on the privacy of online service users. This study investigates this question by means of an ethical evaluation. Since the definition of privacy as such is highly contested, it is not straightforward to determine what an impact on privacy would constitute. To this end, a literature review on the different meanings of privacy is conducted first. The conclusion in this regard is that privacy is a cluster of concepts which does not allow for a single definition. However, for an ethical evaluation it is the moral reasons for the protection of privacy that should be in the focus, and the precise definition of privacy is of secondary relevance. Based on this result, an evaluation framework is constructed for use in this study. Another aspect that requires clarification upfront for an ethical evaluation is the question of what specifically constitutes a data market. An investigation of the relevant literature in this regard shows that first instances of data markets are about to appear in practice, but that most proposals only exist in theoretical form. Only secondary markets for personal data --- which are not accessible by users themselves --- exist in practice. First approaches of real data markets seem to emerge, but are in a very early phase that is too premature for the sake of a detailed evaluation. Yet, there are a number of interesting approaches in the literature which propose the concept of a data market in abstract form. This study makes a selection of these proposals and uses them for an ethical evaluation. The outcome of the ethical evaluation shows that there are a number of different effects that could occur if these data market approaches would be implemented. Although some of these effects are indeed positive for the protection of privacy, there are various effects that would be detrimental to privacy. Most importantly, data markets could lead to a loss of individual autonomy and have adverse effects on the societal function of privacy. Striking is also the symbolic change to privacy as a human right that a commodification of personal data might entail. Moreover, it has to be considered that data markets as a regulatory infrastructure would require the collection of additional data for their own functioning. This in turn leads to new questions of privacy protection that would have to be solved. Overall, it can be said that there is not a single and clear impact on privacy, but a wide range of possible effects that are connected in an intricate manner. To which extent these effects would occur is contingent upon the behaviour of users in such markets and the design parameters of possible data market approaches. Central in this regard is the form in which users would gain access to a data market, and in which way they would be concerned with single market transactions that they engage in. Also, the scope of data markets is of relevance. Although detrimental to allocative efficiency, it would be beneficial for the protection of privacy if data markets are restricted in their scope concerning the market participants and the type of data that is traded therein. Furthermore, the specific design of data markets is relevant for the behaviour of users, and thereby the consequences of their actions. The data market proposals that this study analyses are not specific enough in order to assess all of these parameters, but provide useful indications for elements that are of relevance in this regard. Concerning the overall problems with data protection in an age of big data, it is not apparent at all whether data markets would indeed form a better way of protecting the privacy of online service users. Many of the improvements that data markets could bring could likely also be achieved by modifying the existing methods of data protection. Policy makers in the European Union should therefore not focus on the solution of data markets, but strengthen the existing and proven mechanisms for data protection. This entails providing sufficient funds to the supervisory authorities, stimulating research on the existing weaknesses of data protection, and speeding up the process of political decision making concerning data protection issues.