For people, data is property. For companies, data is capital. For nations, data is power. And it’s all the same data. Data’s triple role means we need to rewrite the social contract between people, companies, and governments. Despite a smattering of data-related laws around the world, data remains a largely ungoverned province, while a hodgepodge of interests jockey to define it, and get significant advantages while the getting’s good. This has to change.
People increasingly feel that data about them belongs to them. This has an intuitive appeal because it’s their unique actions or attributes that are being observed. For there to be any history of browsing behavior, a person first has to take the time and effort to open a browser and visit sites. For there to be any record of a milk run, a person has to first take the time and effort to go to the store. These are the personal resources expended in personal activities, irrespective of whether any money changes hands or whether they are getting online using a friend’s phone or their own, or taking an Uber or driving their own car.
But the observers have an equally intuitive claim on the observations their systems capture. If companies (and sometimes government agencies or non-profits) hadn’t created the services or technologies people use, there would be no website to visit, door-to-door ride service, or in-car navigation. These overlapping claims to the same observations are compelling governments to create new data privacy regulations. Europe’s GDPR, which in many respects leads the way globally in data regulation, assigns rights and responsibilities to both the observer and the observed over observations that can be tied back to a specific individual.
And while the law describes some cases where one party’s rights supersedes the other’s—the right to deletion, for example, r—it dodges the question of whether data is property or not, and, if so, who has primary ownership. We’re in the early days of data regulation. And the pressure to make that determination is likely to increase as both people and companies realize just how much data is worth to commercial organizations.
Companies are coming to grips with the fact that data is an intangible asset, a kind of capital. It’s a necessary input, or what economists call a factor of production (like, land, labor, and other kinds of capital) in digital goods and services. The World Economic Forum has called data a new asset class, despite the fact that accounting rules prevent it from being treated as such on balance sheets. The Economist declared data the world’s most valuable asset. And more than half of the top 10 most valuable firms by market capitalization are data-rich, tangible-asset-light companies like Google and Facebook.
Governments have long recognized the importance of data for maintaining power. This includes everything from careful tallies of natural resources (used for calculating expected tax revenue) to detailed census counts (used to draw voting districts for political advantage). National governments now also see the value of data as a determining factor in economic competition, trade, and intellectual property development – not to mention the hard power of AI-augmented weapons.
All this means that the days of treating data as merely a record of what happened, a side-effect of some real-world process or event, are over. Data will be one of the most valuable, and therefore one of the most contested assets of the 21st century. The world needs a new approach to data rights management that improves the integrity, transparency, and auditability of data assets.
Companies and governments will need technologies that treats any individual piece of data like an individual piece of currency. Each piece of data will have to have full lineage and impact analysis from the moment it’s born until it’s deleted, in a way that proves it is irretrievably destroyed. In addition, we’ll need smart contracts that control where and how a piece of data can be used to maintain compliance with jurisdictional controls. And all of this will have to be delivered in a fully auditable way that shows the multiple stakeholders for a piece of data that all laws were followed, and that the data was not tampered with.