Giving it away
The centralisation of our online data, the state’s role in protecting us, and how decentralised social media could change the state itself.
We’re worth more together. Much of our data’s commercial value does not exist in isolation, but is created from combining it with other people’s data. Analysing our data alongside that of many others allows search and social networking platforms to see what our friends or similar kinds of people (or at least those with some similar interests) are interested in. This lets companies like Google and Facebook target us more effectively with the adverts that generate the bulk of their revenues.
Even with the wealth of user data to aim adverts that internet platforms have success is not guaranteed. Monetising the data therefore depends on having a large number of people on the platform, as this allows the richest understanding of the users, and so that even if a limited proportion respond to the adverts this will be commercially viable overall.
If much of our online information’s commercial value arises from it being combined with other people’s, does that mean our individual data is valueless or unimportant? Absolutely not. The extent to which our data is variously accessible by friends, family, acquaintances, companies, or worse, is very important. It can affect our careers, our relationships, our exposure to crime and may increasingly affect our access to finance and the prices we pay. In certain instances we may also be granting rights to content we have created to the internet platform, rights which could subsequently be valuable.
Most people signing terms and conditions online, even if they read them, realistically do not have the legal expertise to understand what they are signing. Indeed, given the comparative newness of much of the information we are generating about ourselves online, it is arguable that nobody fully understands its implications and in so far as anyone does it is the internet platforms themselves. Without wishing to impugn the motives of search and social media providers, there is therefore a role for government to ensure appropriate safeguards are in place.
The concentration of large volumes of data in the hands of few companies also raises competition issues. While having a high market share is not necessarily a problem in competition law, it can be if it results in anti-competitive behaviour e.g. if a dominant platform restricts access to data to make it harder for companies to enter markets or for consumers to switch to competitors.
In light of the increasing interaction of data/consumer protection and competition policy, and the fact that the European data protection regime has not been overhauled since 1995, the European Data Protection Supervisor (EDPS) has recently published its initial thinking on the future of data protection in the EU. In the UK itself data protection is supervised by the Information Commissioner’s Office (ICO), which has the power to levy fines of up to £500,000 for serious breaches of the Data Protection Act. The ICO also provides guidance on data protection issues raised by technological changes such as cloud computing and social media.
Taking it back (Collective action)
The revelations of the past year have though, at least in the UK and the US, cast a shadow over the state’s role in data protection. Perhaps we should not be entirely surprised. What did people think GCHQ were doing in Cheltenham exactly, crossword puzzles? However, questions have clearly been raised on the oversight of the intelligence services, and regardless of the legality of what has happened it has probably not done much for people’s trust in the state or in those internet platforms that allegedly cooperated with or were hacked by it.
It has been argued that more radical collective action is needed. An information revolution where we take back our data from the internet platforms. Now there have been attempts at building decentralised social network platforms, such as Diaspora the social network where people’s information is held on their own decentralised server as opposed to being centrally managed by the platform. However, it is fair to say that none have yet reached the scale of their commercial equivalents.The lack of take up reflects the pull of the network effects of existing social media (‘but all my friends are on Facebook’) and the information, and economic resources, that existing platforms can access to improve their offering due to their centralised access to platform data. Decentralised social also networks raise technical challenges of their own. How do you delete a post on someone else’s page for example or keep the data of users with varying levels of security expertise safe?
While there are difficulties to establishing decentralised social networking platforms, there may be a role for the technologies they have spawned in an area where dedicated online platforms have yet to be established: people’s relationship with the state itself. The democratic process has advanced since elections consisted of property-owning men raising their hands in a field, but it has not kept pace with technology. Perhaps digital tools such as decentralised social networking, crowdsourced legislation platforms and voting mechanisms can be used to increase people’s trust and engagement in democracy. Uniting people in large scale collaboration, and lowering their cost of engagement in a decentralised, and secure, way.
There are undoubtedly challenges in this, but there is only one way to find out its full potential. The Nesta managed D-CENT project is exploring using these technologies to get citizens and social movements in Europe more involved in democracy through a series of pilot projects and experiments. D-CENT is drawing on existing open source codebases and on a set of open standards specifications that will be released by the World Wide Web consortium (WW3C). Projects like D-CENT can help show the scope for new decentralised and privacy aware technologies to empower us and may change our conception of politics. Moving us towards a society where collective deliberation, decision and action are a central part of democratic life: a Networked Democracy.
Acknowledgements: The author would like to thank Francesca Bria and Juan Mateos-Garcia for their comments and help with this post.
 The business model of many search and social media platforms is often what is known as a two-sided market where a product is provided to one side of the market free to get large volumes using the platform, who can then be sold on to the other side of the market, in this case advertisers.
 As susceptibility to advertising probably varies across the population, some of us are, indirectly, likely to be disproportionately funding the free online services we use and the returns to the platforms owners.
 EDPS (2014), ‘Preliminary Opinion of the European Data Protection Supervisor’.
 ICO (2012), ‘Social networking and online forums - when does the data protection act apply?’ and ICO (2012) ‘Guidance on the use of cloud computing’ See: http://ico.org.uk/for_organisations/data_protection/topic_guides/online
 The budget of GCHQ is not publicly published, but is thought to be a significant proportion of the UK’s annual budget for the intelligence services of around £2billion (HMT, Spending round 2013, p54). The ICO in 2013/14 had a budget of £20 million of grant in aid from the Home Office for its Freedom of information act work. It is also estimated for 2013/14 to receive of £16 million of fee income from organisations registering as data controllers (i.e. as those who process personal data) which it uses to fund its data protection work. http://ico.org.uk/about_us/our_organisation/key_facts
 For a discussion of the issues in the use of social media data by the police and intelligence services see ‘#Intelligence’ by Demos. http://www.demos.co.uk/files/_Intelligence_-_web.pdf?1335197327
 The call for a decentralised approach to information holding predates the Snowdon releases see Moglen,E. ‘Freedom in the cloud’ (2010) which inspired the formation of Diaspora. http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html
 For more detail on the technological aspects of the D-CENT project, see D-CENT ‘D4.2 – Technical Requirements and Specification of Platform and Pilots’ http://dcentproject.eu/wp-content/uploads/2014/04/D4.2-.pdf