Blair Currie
Jul 01, 2013

Is it time for a data bill of rights?

Brands should recognize the growing rights of consumers over data and act accordingly.

Is it time for a data bill of rights?


In this age of “Big data” our online and offline activities are tracked to help marketers craft better products and services for us through Customer Relationship Management (CRM) and advertising. While this can lead to more targeted recommendations and better choices for consumers, data has become a one way flow from consumers to brands.
Although most brands treat this data with respect, an imbalance of power has developed where consumers opt-in for one thing with their data, and is used and resold for purposes well beyond the initial agreement.  This imbalance is attracting attention from consumer groups, governments and regulators.
Considering that consumers can increasingly fight back with social media, blogs and with online advocacy groups, smart brands need to better understand the dynamics at play so they can act proactively, before legislation and regulations is put in place that limits what they can and cannot do with consumer data.
A. Problems associated with consumer data.

While some see data as being the “New oil” fueling the “Information economy”, the data industry has grown faster than the regulations can be written to govern it. Some of the unsolved problems that have resulted from an unregulated business include:  

1.) Filter bubbles.

Search engines are becoming filters on what they think we might want to see, based on our past browsing history. Eli Pariser calls this phenomenon a “Filter Bubble ”, where machines feed us information based on what we had done historically, not necessarily what we want today.  While this has advantages, machine based filtering makes it difficult to find new things, an in a sense traps us in a digital bubble, than can be very biased.  For example, Bing could drive users solely to Microsoft products while Google could do the same for its product ranges. Given the huge influence tech companies can have over our choice of products and services, regulation needs to be part of the equation of checks and balances.

2.) Limited control over data collection and usage.

The data that is collected on consumer behaviour is not always adequately protected, as noted by the many high profile hacks of social media. Consumer data is also sold or leased to third parties including data brokers, includingAxciom , Datalogix, Equifax, Experion, Rapleaf, Spokeo and Transunion, without the informed consent and/or knowledge of the consumer.  

The operative word here is “informed” because consumers generally opt-in for specific uses of data and are forced through adhesion contracts to forego their subsequent rights to the data. Once these brokers secure copies of the data, consumers have simply no control over what is done with it.

3.) Vendor relationship management.

Consumers are only starting to oppose the unauthorized use of their data, as they begin to learn of its value.  Doc Searls, co-author of The Cluetrain Manifesto ,  has written extensively about this move to “small data” or Vendor Relationship Management (VPM) in his book “The Intention Economy .  VRM is essentially a counterbalancing force to CRM, whereby consumer data in stored a personal locker in the cloud and leased to vendors who want to use this data.VRM shifts the control over personal data back to consumers.

4.)  Is unfair compensation for data use part of a larger problem?

Taking this thinking to an extreme, Jaron Lanier claims, in his recent book “Who owns the future ”, that  the unpaid use of online and offline data is the main cause decline in the middle class in developing countries.  While this argument has some merits it is certainly an exaggeration of the economic impact of Big Data. That said, Lanier’s ideas that consumers be given micropayments for how their data is used by others both immediately and long into the future, is interesting.

B. Consumer Groups and Government action

Governments and consumer groups are starting to pick up on changes in consumer sentiment over big data, and are starting to debate consumer rights over data. As “Rights movements” tend to start in Europe or the United States - because of the traditions in these markets – it’s useful to start with these countries to get an idea where data rights are headed.  (This by no means is meant to downplay the work done elsewhere; but it is meant to illustrate where the thinking on Data Rights has progressed the most.)

1.European Union (EU).

As far back as 1995 the EU put in place the Data Protection Directive to define what can be done relating to the processing and movement of personal data. Knowing that Big Data had moved on dramatically through Web 1.0 and Web 2.0, the EU proposed an overhaul to these initial rights, in January 2012.

To quote EU Justice Commissioner Viviane Reding, the Commission’s Vice-President . "The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data.My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation."

This directive has teeth in that the EU would charge companies that violate this rule to pay up to 2% of their global revenues in penalties. That is an incredible deterrent but puts tremendous onus on the EU because the rest of the world, do not have such stringent measures in place.

2. The United States .

The United States (US) has less uniform protections than the EU. On the one hand is has the Federal Trade Commission (FTC) which is a government entity that prevents business practices that are anticompetitive or deceptive or unfair to consumers.  Examples of where the FTC gets involved with data and information is its June 2013 ruling to 17 Search engines including Bing, Google and Yahoo! that they must more clearly differentiate search results from advertising.

That said, the US tends to rely on sector regulation and more self regulation by each industry. This lack of “Blanket policy” that is found in the EU,  has led to battle over data rights among consumer groups, politicians and lobbyists from the big data companies in the United States.

To solve this, President Obama and The White House, introduced a “Privacy Bill of Rights ” in February 2012,  as a comprehensive blueprint to match the EU initiatives in protecting consumer privacy yet keeping in mind the vital role that big data has in driving today’s knowledge economy.  This Privacy Bill of Rights is now trying to fight its way up the agenda of the many issues that President Obama faces in rebuilding the United States.

3. EU and APEC (Asia Pacific Economic Cooperation) Discussions

While a discussion of the various data and privacy rights discussions across Asia Pacific is beyond the scope of this paper, APEC has been meeting with the EU to discuss how to bring the best of its ideas to Asia. In mid July 2013 a workshop on APEC Privacy Enforcement will be held in Auckland, New Zealand, to discuss this further.

Given consumer pressure and subsequent global action by governments and regulators, smart brands will understand that data is a “moving target”. The data protections in place today are clearly not keeping up with the changes in the market and legislations is coming to better protect consumer rights.

Smart brands should anticipate the changes and proactively establish data rights for consumers.

C. Data Bill of Rights

Given this backdrop of impeding Data Rights legislation, the following provides a list of line items that might be included in this Data Bill of Rights:

1.Data permission

Individuals should give an informed consent regarding the data that is collected and used, related to their online and offline activities. This consent should be given in a simple, easy-to-understand document, not in a complicated “Adhesion contact ” or Standard form contract, which is indecipherable, on-sided and requires one to accept pages of legalese or be denied service.   This contract should outline the terms and conditions of data usage, some of which are listed below.

2.)Data use.

Individuals should have full knowledge of all the purposes for which their data is used and for how long this will take place.  Further there should be guarantees and/or restrictions for data use or misuse.  The EU penalties are harsh but there need to be penalties in place to deter misuse of data.

3.)Data security.

Individuals must be given assurances and protection that their data will be protected from 3rd parties gaining access to their data.  These assurances should include state of the art firewalls and encryption to help protect the privacy of the data.

4.) Data privacy and anonymity.

Data on individuals should be kept physically separate until a decision is needed. Apart from that it should be made anonymous so that it protects individuals in the event of a breach in security.

5.) Data transparency.

Individuals must have full access to the data collected on them from the companies that collect, analyze and use the data. This can be tricky given that companies can collect data from a number of sources e.g., online behavior, social media, and credit history.  That said brands need to be transparent about what they have on consumers and consumers should have rights over how this data is used.

6.)Data editing.

Individuals must have the right to examine, clarify and correct any inaccuracies in the data stored by companies.

7.)Data portability.

Individuals must have the right to take their data from one service provider to another, the way telephone numbers can be transferred from one wireless carrier to another.  This option will of course require that industries develop standards for data banks and data quality.

8.)Data value.

Individuals must have the right to lease or sell their data to the highest bidder.Further, if personal data is sold to a 3rd party then the individuals should be given the right to refuse and/or the right to be compensated for this data.

9.)Data destruction.

Individuals must have the right to ask that their data is destroyed when they no longer want it used.

Please let me know if you would like to add to this list.

D. Conclusion

With the growth of Big Data, consumers who were previously stalked without being able to defend themselves also have the power to fight back. They can employ social media and increasingly draw on the support of governments and regulators who are more interested in Data Rights and Responsibilities.

While industry, governments and individual can all understand that Big data can bring benefits to consumers and the market place, the growing number of cases of abuse, indicate that there is an imbalance of power and controls need to be put in place to protect individual rights.

Self regulation has advantages over government regulation, which is why this post suggests that brands start by introducing a Data Bill of Rights when interacting with consumers.

The Rising Sun

June 30, 2013

The article first appeared on


Campaign India

Related Articles

Just Published

40 minutes ago

Kurkure creates unlimited love for limited offerings

Watch the film conceptualised by Wunderman Thompson here

6 hours ago

At Amul, we don’t check if our advertising is ...

At the AFAA's Inspiration series, GCMMF’s (Amul) MD speaks about how the company engaged in brand building during the lockdown last year by continuing to advertise

8 hours ago

Riteish and Genelia Deshmukh vouch for Snapdeal ...

Watch the campaign conceptualised by All things small, EO2 here