In the third of a series of articles, political economist Eben Wilson (St Andrews) explores how law can support economic principle in the world of big data to help protect consumers. The importance of seeing our identity as a property leads to a proposal for a new statutory institutional form.

Power Through Dispersed Knowledge

In my previous articles I showed that data has value but that its value as a property is not well defined or controlled. Present data regulation does not meld well with economic principles that promote the productive use of assets in a way that satisfies or protects consumers. There is also a market power imbalance between consumers and digital platform owners.

Law can be a tool of good economics if it adheres to good principles. If we then apply this perspective to how one might develop legal institutions there is a way forward that protects our power as consumers in the face of huge demand for data about us.

The property right is in the use of data about us for commercial gain – the fungible asset. We do not need to define either the type of commercial transaction or the potential gain – it's the fact of use that matters. This is why the Data Protection Act and, now GDPR as a tightening of the DPA, target usage of data.

Transaction processing

Prices in markets are allocated at the moment of exchange. When is this moment? At the point when our data is used; something that we as consumers do not know today. What we therefore need to do is find a method through which each exchange moment is recorded. In fact, such a method exists. Rather confusingly, it involves something called a "transaction" along, happily, with events called "touching".

In computer science, the term "transaction" means something specific. Transaction processing is information processing that is divided into individual, indivisible operations, called transactions. There is, in addition, a second concept of "touching" a file. A file contains not only content data but what is called a header; think of this like a tag on a cow's ear, it tells the transaction processing system that that file exists; and when "touched" that "transaction event" is real and recordable.

Each time a transaction touches a data file about a person – it is possible to create a log about that event. We then introduce one more element from our digital world – the presence of the internet as a wide area network that is easily accessible. It is relatively easy to disperse those log files away from the data using organisation. And yes, there is possibly a role here for the dispersed ledger techniques used by block chain technologies.

This dispersion of log files showing the touching of our identify offers us all a way to counter the power of the data aggregating tech companies. We can take back control over the ownership of our personal data.

Securing personal identity

By creating dispersed log files of data usage, we have a way to watch the data aggregators as they collect and manipulate data about us. What we need next is an institution that does the watching for us to the extent we want it to do; that is, we take ownership of access to our data. In legal institutional form, we need a Privatization of Personal Identity Act and Personal Identity Banks.

Under a Personal Identity Act, ownership of our personal identity data would become a property right. Access to that data would require data users to contract through Personal Identity Banks – legal entities created by statute to protect our data under the Personal Identity Act. The banks become managing agents for our identity – our property. More than this, that would be mandated to be their singular purpose. It would be ultra vires for these banks to do anything other than in support of that purpose.

Central government as a monopoly

Note the word "personal". If there is one entity we do not want to be in charge of our personal data it is central government as a monopoly. History tells us that they are hopeless at looking after it; they have been observed to leave laptops on trains, release data inadvertently, and frequently share it thoughtlessly. It is also clearly tempting for governments to aggregate and conjoin it for its own interests and purposes – all at great cost to the taxpayer. We should not give them that power. In any case, the government already contracts data administration out to private entities; we don't need the state as an extra layer of administration, doing what the Personal Identity Banks would do.

And again, note the plural. As Jo Grimond said, "state owned monopolies are among the greatest millstones round the neck of the economy". And he was only following Adam Smith who said:

In general, if any branch of trade, or any division of labour, be advantageous to the public, the freer and more general the competition, it will always be the more so.

To widen the market and to narrow the competition is always the interest of the dealers...The proposal of any new law or regulation of commerce which comes from this order, ought always to be listened to with great precaution.

There is no reason that a well written statute could not release competitive players to create a market for Personal Identity Banks; they would be legislatively constrained entities and with well written statutory constitutions they could be self-regulating, with criminal law strictures against malpractice. If we own a property and our managing agents give it to others, that's theft.

In my next article I will expand on the practical methods through which our Identity Banks would operate.

Privatising personal identity – part one – the Value of Data

Privatising personal identity – part two – Who Owns Personal Data

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.