Dr Milkau presents his paper ‘The GDPR: Halfway between consumer protection and data ownership rights’ (available here). An interesting reading reflecting on the necessity to develop data ownership rights, which could provide certainty to all actors along the data value chain.
Dear Dr Milkau, what was the reason for you to write this paper and what is the message your paper aims to deliver?
In 2017, the European Commission published a communication on ‘Building a European Data Economy’ stating that Europe is not tapping into the potential of data as one production factor in the 21st-century economy. Digital data will be an essential resource for economic growth, competitiveness and innovation. Consequently, one frequently hears that ‘data is the new oil’, e.g. by former European Commissioner Meglena Kuneva and German Chancellor Angela Merkel.
If this is right – which is undisputed – and data is an essential production factor, one issue remains open: who owns data – and especially personal data? Legally defined ownership rights have always been a cornerstone of our free market economy. The General Data Protection Regulation (GDPR) was a milestone towards the harmonisation of data protection in Europe. However, data protection is not data ownership! The GDPR defines ‘data subjects’ and ‘data controllers’ but obviously, this is a point of view focussed on the (technical) processing of data. The concept of data as valuable asset in a digital economy goes beyond such a process perspective: how to protect consumers’ personal data?
Additionally, the metaphor of ‘data as the new oil’ points to a second open issue. The value has to be generated by a number of steps of production, from crude oil to energy and refined materials. Therefore, it is not data alone, but one has to apply an end-to-end perspective. The 1996 Database Directive pointed in this direction, as it defined ‘sui generis rights’ for the actual contents of the database due to the substantial investment in either the obtaining, verification or presentation of the contents to prevent extraction and/or re-utilisation of the whole or of a substantial part. In my opinion, this underlines that the GDPR is an achievement, but only halfway of the development of actual data ownership rights.
Could you please explain the idea that you have in mind of developing data ownership rights?
In a recent result conference call of Facebook Inc. on 30 October 2018, Mark Zuckerberg made an interesting remark: ‘Public sharing will always be very important, but people increasingly want to share privately, too ... People feel more comfortable being themselves when they know their content will only be seen by a smaller group an when their content won’t stick around forever.’ It’s good to hear that people around the world – and not in Europe alone – develop more awareness, about what happens to their personal data. However, the business model of digital platforms like Facebook is not ‘sharing’ but the monetisation of aggregated customer data, especially for tailored advertisement. If ‘data is the new oil’, then digital platforms are the 21st-century refineries and production facilities.
Therefore, ‘data ownership rights’ are a vibrant discussion, and a recent white paper by Van Asbroeck et al. (written within the European Union TrustwOrthy model-awaRE Analytics Data platform ‘TOREADOR’ project) elaborated on the context of a ‘data value chain’, in which certainty as to the ownership of the data is needed for all stakeholders along this chain. Similarly, Prof. Karl-Heinz Fezer’s paper on ‘Data Ownership of the People. An Intrinsic Intellectual Property Law Sui Generis Regarding People's Behaviour-generated Informational Data’ is going in this direction. In other words, my ideas are part of a whole development to get the right balance, how ‘the new oil’ can provide benefits to all stakeholders.
Where and how should co-operative banks position themselves in the digital data economy?
Co-operative banks always worked on behalf of their members and customers and have been ‘custodians’ for the assets of members and customers – for money, securities, personal data or even identity information. However, the discussion about ‘Open Banking’ and the requirement of the PSD2 to provide ‘access-to-account’ for third-party providers without any contractual relationship with the banks diluted that role in recent years. From my point of view, co-operative banks should clearly take a position in the ‘data value chain’ as a ‘digital custodian’ of data. Nevertheless, an ownership right on data would be more than supportive for banks to help members and customers in the future digital data economy.