Taking control of personal data is about your rights, not owning it
The new General Data Protection Regulation (GDPR) gives us more control over personal data. The Open Data Institute believes that this control will come from our rights over this data, not our ownership of it.
Personal data is information about us such as where we study or work, what we like and who we spend our time with.
Data is collected, shared and used a lot in our day-to-day lives.
When we go to a shop and use a contactless card to pay, the shop collects and can use data about us, such as what we bought and how much we spent.
It’s the same for online services we use too, including shopping and social media sites.
Lots of people are currently talking about personal data and how it’s used and shared.
People feel uncomfortable when it’s used in ways that can cause us harm or affect us in ways we’re not happy about.
Some people say we need to own ‘our’ data to take more control over how data about us is used.
This feels instinctively right.
It's data about me, therefore surely it's my data?
At the Open Data Institute, however, we believe that data does not belong to any one person. We think this for a few reasons.
Data is often about multiple people
Data can also be created by multiple people.
Your school or college record could describe your friends and other pupils, as well as members of your family and the teachers or lecturers that you’ve come into contact with.
Therefore the choices you make about how personal data is used or shared can have an impact on other people too. What does ‘owning’ data really mean if the data about you is also about multiple people?
Isn’t it important that we consider their opinions about how that data is used too?
Our rights are fundamental
While privacy is a fundamental human right, and we need to find a way to fairly share the benefits created by data, giving individuals exclusive control of data about them also means that wider society can’t benefit from it.
Data gathered through national censuses help governments keep us healthy and safe, and future gathering of data could help us to tackle challenges like climate change through scientific research.
Data can be permanent
Data about us now can also be about us forever.
When someone sells or gives away something they have owned, like a mobile phone, it no longer belongs to them.
The new owner can do anything they want with it and it won’t affect the person that had it before.
Personal data isn’t like that. It’s always going to be about someone and the way it’s used could always affect them.
This doesn’t mean that we shouldn’t make data about us available for good purposes.
We should have the power to donate data about us to charities and researchers if we want to, so they can do things with it to benefit our communities and societies.
It does mean that we should be careful about who we trust with data about us and our friends, and what they are going to use it for.
We should also be careful of words related to ownership like “my data” or “your data”, as they don’t really do a good job of describing the complexity of the rights and controls we and others have over data about us.
The new General Data Protection Regulation (GDPR) gives us more control over personal data.
It strengthens the rights we have to control how data about us is used. This includes the right to share data with - or donate data to - organisations we trust.
At the Open Data Institute we hope that these new rights allow us all to benefit from better use of data while being protected from any harmful impacts.