Power with Control
Giving consumers traction in the world of ‘push’ data
By Irene Ng and Ivan Mortimer-Schutts
The old Pirelli advertisement wryly highlighted that “power is nothing without control”. As consumers and ‘Users’ in the world of digital platforms and e-commerce, we are – or should be – constantly reminded of this distinction. The internet is running on our data; we are the ‘data subjects’ that have the power to click ‘accept’ or ‘refuse’, as we trudge through protective layers that organizations put up to guard themselves against legal risks. But with the playing field tilted in the favour of corporations and with few realistic alternatives, we click through at speed, demonstrating in fact that we do not have control. Ceding control of our data, we have also unintentionally enabled large platforms and ‘gatekeepers’ to amass outsized market power; this is now the target of many governments as they seek not only to protect consumers but also to spur potential in the fabled data economy.
We are constantly induced by organizations to trust them with our personal data. We are regularly asked to accept new terms and conditions and scroll through pages of legalese without duly inspecting them. Yet security breaches, data misuse, the abuse of market power – and our awareness of them – continue to expand. Consumers ask: How can we trust big organizations when there are constant reports of security breaches? In 2022, over 1,800 data breaches were reported, affecting more than 400 million individuals. But consumers also ask themselves what alternatives they really have.
Why are we in this situation? There are practical reasons for this:
security is complex and threats are constantly evolving;
big companies may have the size and resources needed to protect us and our data and be accountable to government regulation;
companies legitimately need our data to deliver the services and content we want in a world of immediate gratification and hyper-personalisation;
the meaning and value of our data is tethered to the platforms we use.
The organizations that generate and hold our data have market powers over how that data can be used, and they can exercise their commercial freedoms to change those conditions, legally and operationally, more or less at will.
Governments are trying, but still struggling, to adequately address the issue. The internet has brought us waves of deep and valuable innovation and economic transformation. But while not quite a Faustian bargain, we are reminded constantly of the deal we have made: In exchange for access to the digital economy and the many social platforms, networks and services we use every day, we have handed control of our data – our identities and the details of our increasingly digital lives – to what regulators see as ‘gatekeepers’.
From power in principle to power through control
These gatekeepers have not only the power but also the control: they have legal ownership and custody of data as well the operational possession and control of it. Government efforts to strengthen users’ rights are embodied in a growing array regulation and policy interventions. These include not only data protection acts such as the benchmark GDPR but also the creation of national digital identities and data wallets, and data-sharing efforts such as GAIA-X as well as sector specific regulations such as for ‘open banking’. These help to enhance the rights of consumers to control some aspects of their data. But the data often still stays legally with the platforms and organizations. Even with open banking, our data remains with the originator (the bank) and consumers merely enable a third party to access it briefly. Standardization helps (the EiDAS initiative in Europe is a laudable attempt), but it doesn’t change the fact that organizations are holding back the entire data economy from forming legitimately, and safely.
Many companies do not want us to have legal ownership of our data. As long as they own it, they have control over it, and they can determine how to use and monetize it. So they ask us to trust them. It is in the interest of these companies to maintain the upper hand, professing various technical and user-friendly reasons why we need to accord them the role of a trusted custodian or administrator of our data.
Data needs to be legally ‘re-homed’. Data needs to be legally untethered and securely extracted for markets in data to work. Markets function best when economic actors – firms, individuals – can enter into meaningful contracts to trade, use, or exchange things of value. This includes data. And while data has some very unique properties that distinguish it from ordinary goods and services, legal powers over data and its control are essential to unlocking our imagination and agency as users and controllers of our own data.
Once it’s legally in our hands, we decide. We own our data, we control how it's being used, and we determine which pieces of our data to share. We would have the rights to our own data. We can contract on those rights. The market can form. Whether the extraction is tokenized (converting sensitive data into a secure format known as tokens) or acquired by data subjects as legal data ownership, the market for data can now form, because we can now contractually license it.
Decentralised personal control – introducing CheckD
It is time to legally extract and store our own data. The technology is now ready for us to own our data and also appoint agents and services to enable us to use it, like with the CheckD Data Wallet. This was the vision of 10 major research universities in creating the open-sourced HAT Microserver. At Dataswyft, we took steps to advance that vision by creating a service and a data infrastructure platform with portability protocols to enable this phase of market evolution towards secure commerce and data movement. The goal is to decentralize control of data (legally untethering) by re-homing it to data subjects – consumers and organizations. Distributing data and control actually enhances security, reducing the incentive to hack because hacking one person’s HAT Microserver will only yield access to one person’s data. The goal is to redistribute a key market resource back to ourselves. The goal is to keep markets free.
Solutions will fuse the best of decentralized and centralized architectures. The path to unlocking data-driven growth and greater societal wellbeing is likely to sit between centralized and decentralized systems of market coordination. There should be some data that we can store for ourselves and some that companies should keep for us. When these companies wish to use and share it, they need to ask for our permission. When we choose to use it, we ‘push’ data.
Data’s value is enhanced through its use and enrichment. The good news about data is that its ‘non-rivalrous’ economic property allows for the same copy of the data to be kept on both sides, without any loss to the company. In fact, not only can the companies that generate the data still keep it for the original purposes intended, they could even be rewarded every time we ‘push’ it to be used by other parties. This can also incentivize the company to maintain the technical link with the data we hold and ensure it is up to date and applicable.
Paths to unlocking value
If data is stored with us (the users), we choose and we control who gets it. Unlocking the value of data can therefore come from data usage that is both permissioned and pushed. (If you’re an economist, you probably can guess that push data will form different markets from permissioned data. But that is a topic for another day).
Push data has the potential to unlock real market power value for users. We have seen the payments markets transformed by push transactions, driven by consumers that initiate a transfer rather than passively waiting for a merchant to send them a validation request. Agency and control is powerful for incentivizing consumers and building trust. This can also happen in the realms of data, and will expand when the market enables usage to drive the price discovery mechanism to reveal the value and utility that different types of data assets have for different users. Some will have higher value with a low volume of push transactions (e.g. risk or credit scores) and some will have low value with a high volume of push transactions (e.g. age validation). As more of us legally own our ‘own’ data – a class of data we call “self-sovereign data” – we will also achieve greater collective bargaining power to ask for more to be available.
Putting ‘markets’ back into the debate. Alongside debate about rights, utilities, and blockchains, the market and the consumers that drive it are the missing part of the conversation about data market regulation. Until users have agency, until they can experience the means to legally own their data, they will not be able to control and exercise their power. And without agency over data, markets will not form and value cannot be easily realized. This is the element of the current conversation that seems to be missing when regulators and tech companies talk data.
From our perspective, whether permission- or push-driven, data markets are good for the economy. Push data is inevitable, as it happened with the $2.3 trillion push payments economy. Now the questions become:
Which country will be the first to benefit from their citizens’ self-sovereign data safely and legally untethered from the source?
Which data asset will take the lead in forming the market?
We will be thinking about these questions as we guide the early adoption of CheckD through this shift towards user-owned, self-sovereign data markets.
Irene Ng is a Professor of Marketing and Service Systems at University of Warwick and Group CEO of Dataswyft
Ivan Mortimer-Schutts is the Policy Advisor to Dataswyft.
The CheckD Data Wallet is a sophisticated digital tool designed for managing and sharing information. Wallet users fully own of their data and use them by applying their data onto customizable “badges”. Badges enable users to use their data to fill forms, register attendance or verify their identity (eg memberships), information (eg. prescription) or activities (eg shopping behavior) seamlessly. Due to the individual being the data owner, controller and processor of their data in their data wallet account, CheckD is able to conduct on-demand, cross border sharing of PII (personal identifiable information), fully compliant with global data regulations. The technology was built and supported by over USD$50 million in research grants and collaboration with 10 universities in the U.K.
Want to read more? Check out the academic publications behind the Dataswyft Data Infrastructure Platform here.