A new narrative for digital data

We have a new essay published by Deloitte InsightsA new narrative for digital data,1Evans-Greenwood, Peter, Deen Sanders, and Rob Hanson. “A New Narrative for Digital Data.” Deloitte Insights, March 22, 2023. https://www2.deloitte.com/us/en/insights/topics/digital-transformation/data-ownership-protection-privacy-issues.html. a collaboration between the Centre for the Edge, Deloitte Integrity, and the Australian Data Standards Body that picks apart some of the continuing challenges with data privacy. It seems that every week the is a new announcement where the personal information for millions of individuals leaked to some fraudster. This essay compares Western and Indigenous Australian framings of this problem to argue that our Western focus on property rights might be the problem, rather than the solution.

If data privacy were a country then we would consider it a fail state. Every week we hear of some new incident where the personal data for millions of people is ‘stolen’. Governments pass ever more onerous regulations in an attempt to halt, or at least slow, these thefts. This doesn’t seem to be working though, and the rate of data theft appears to be unaffected. International norms seem to be disintegrated to the point that the basic conditions we (the community) expect are no longer functioning properly.

Data privacy is commonly framed as a problem of property rights. Data that concerns us should be ours to control. Their benefit of this approach is that we can apply the tools developed to manage property rights to data privacy. If one’s personal data is one’s private property, then problems can be managed by passing laws managing the protection and handling of this private property.

The problem with this approach is that data and physical property are different. Data is easy to copy, where with physical property copying is hard. There’s a one-to-one relationship between physical property and owner that we can enforce. Data can refer to someone, anyone, or no-one, preventing the enforcement of a simple one-to-one relationship. Indeed, the crime behind what we consider data theft is fraud. No data was stolen, it was copied. The criminal used the data to miss represent themselves and so file a false tax return, claim benefits they are not entitled to, or tricked someone into mistakenly handing over cash. The affected individual, the person who’s data was used, was not involved in the original crime and so they should not be involved in the solution.

Our focus on data as property stems from our framing the problem as a question of rights: who has the right to use and control the (personally identifying data). An alternative framing is to start from responsibilities, rather than rights. In Western thought, rights are required to supports an individual’s inherent agency. Indigenous Australian communities approach the problem from the opposite direction: one’s agency emerges from meeting one’s responsibilities.

We might, for example, imagine a right to potable water. This, unfortunately, says little about protecting the water source, which is why the tragedy of the commons is such a difficult problem to address in modern Western thought (other than via enclosure, making someone or some organisation the owner of the water source). Alternately we can imagine a responsibility to support and protect the water source—not taking too much, nurturing catchment areas, not dumping waste, etc.—which, if meet, means that there will be plentiful water to drink. It’s easy to imagine a similar approach with data. An organisation using personal data would be responsible for the fraudulent actions, not the individual. Similarly, they are liable if they send erroneous data to a credit bureau, or if they provide data or another organisation which then misuses it.

A new narrative for digital data explores this idea in depth.