Corporate Law

My Data is Mine: Data Control & the GDPR

Binit Agrawal

The GDPR will bring an end to the Corporates’ casual attitude towards data by treating it as a factor of production

Screen Shot 2018-06-14 at 15.34.17.png

image source: IMEInfo

In this post, I will prove that the General Data Protection Regulation (GDPR) of the European Union (EU) treats Data as what it really is: a factor of production. To sustain this claim, I will first characterize data as a factor of production. I will then analyse the changes brought about by the GDPR via this framework. Finally, I will inspect the economic implications of adopting this outlook towards data.

Data as a Factor of Production

There are some essential features which a good must have in order to be considered a Factor of Production (FoP):

1. An FoP when combined with another should produce other goods. This holds true for data, which together with hardware and infrastructure comprising of cables, silicon chips, and power has formed the world’s leading industry.

2. An FoP must have a factor price, and sources of supply/demand. Cambridge Analytica is a good example to prove that Data has a healthy price tag. Further, we also know that data has a distinct source of supply (public at large) and demand (corporates).

3. An FoP should have an organized factor market. This holds true for data given the existence of the Knowledge Industry, which forms an important part of the world economy.

4. Finally, an FoP should have a diminishing factor contribution, i.e., when more of one FoP is added to a mix of FoPs there should be increasing returns till a given point, followed by a dip, until more of other FoPs are added. It might seem that this doesn’t hold true for data, given the fact that most companies love all kinds of data that they can get their hands on. But diminishing returns are apparent when you look at the range of irrelevant ads Facebook displays because of an overloaded algorithm. (The reason for this is excess data which results in false and misleading correlations. Read more on Correlation and Causation here.)

Thus, data can clearly be classified as a Factor of Production. It must now be seen who owns this FoP, and how it is controlled.

 Ownership of, and Control over the Factor of Production

It is commonly accepted that an FoP is controlled by its rightful owner(s). In the capitalist system, it is generally considered fair for corporations to exercise a certain degree of control over a worker’s labour, which is an FoP that she is contributing. To be treated in a fair and equitable manner, a worker employed by a corporation should be able to answer two questions:

1. How much labour she is contributing to the firm?

2. At what price does she value this labour?

These two answers will help her in deciding whether to undertake that labour at all. Essentially, she will be able to exercise her agency in contributing an FoP that she owns.

Just like labour, data is an FoP, as has been shown in the previous section. It is, therefore, nothing more than a business input, contributed by humans to corporations. But unlike labour, we have no meaningful control over our data. A simple test to prove this claim is to try and answer the two above questions, by replacing ‘labour’ with ‘data’.

GDPR provides us with greater control over our data

The astonishing lack of control over our data is the very premise on which the EU Directive is based. Consequently, it aims to provide the real owners of data the control over it. It gives data owners (the persons generating that data), under Article 15, a right to summon from data controllers and processors (the firms), any data that they might have on her. Further, the owners will have a right to have this data corrected, i.e., they can ask firms to correct inaccurate information. (Article 16) They can also request firms to erase particular data on themselves. (Article 17) Moreover, Article 12 also requires that the subject of the data shall be apprised of all the information demanded in a concise and readable manner.

As a result, the source of the data can now be truly informed of what data a firm has on her and also suitably alter it. As such the subject will be the real owner of her data and the firms will be mere trustees in this process. Further, the regulation also aids the transfer and erasure of such data. This will lead to the creation of a free and fair supply-demand stream of data. Thus, the GDPR has implicitly treated data as an economic input, which until recently was being exploited by a few corporate giants.

Implications of GDPR on the Economy

Effectuation of the GDPR, however, has been considered by many to be bad for business. It has been argued that it will reduce advertisement revenues, will be very costly for the companies to implement and will reduce the efficiencies of their algorithms. While some of these fears are true, the following cost-benefit analysis shows that the benefits outweigh the costs. The economy, as a whole, will be advantaged.

1. Small firms, particularly those providing specific services will greatly benefit from GDPR. Many might decide that it is not worth giving all the data to monopoly firms like Facebook. One might ask Facebook to erase the data on her music preferences, or her news habits and so on. Hence, these smaller firms, providing services like music and news discovery will end up with specific data, which all-encompassing data monopolies like Facebook might lose. This will mean more ad-revenues for such small players and a level playing field. This transfer of data is also aided by Article 20 of the regulation which provides the subject with a Right to Portability. Under this, a subject can ask the data controller to transfer the data on her to another controller.

2. A uniform law will avoid shock litigations and penalties for the firms. There will be an increased public trust on information companies, therefore, improving user tendency to share data online. Companies will be forced to undertake a clean-up exercise of their data storage, increasing the efficiency of their systems and decluttering them.

3. Lastly, governmental agencies, which hold exponential amounts of data on their citizens, will be forced to put these repositories to efficient uses. GDPR forbids bodies from collecting unnecessary data and makes them accountable for the data they collect. Article 4(8) includes public authorities within the definitions of data controllers and processors. Further, Article 37 also requires them to appoint data protection officers. As such, State bodies with excess data will be forced to creatively use the data they have. This will give a huge impetus to health care, energy, digitization and smart city projects. (Instances of such creative uses can be found here)

Hence, it can safely be concluded that by treating data as a Factor of Production, GDPR will create a cleaner, safer and more efficient digital environment.

5 replies »

  1. I like the post. However IMO if the writer would’ve elaborated a bit more on the mechanism how GDPR enables the control on data ownership to the source then the analysis would’ve been complete.

    Liked by 2 people

    • Hi, thanks a lot for stopping by. We appreciate your review and agree with it. Hence, we have introduced some changes in the article (in the last two sections). We hope it reads and provides better clarity.


  2. In case of public authorities, is there any definition of unnecessary or is it limited by any explanation considering the fact that the public authorities would always say that the information is being used for one or the other purpose?

    Liked by 1 person

    • While unnecessary itself has not been positively defined, requirements as to when and how can public bodies collect data has been given under Article 31. It requires data collection by public bodies to happen only with appropriate legal backing and for defined purposes. Further, the authorities need to disclose what data they are collecting and the uses they are about to be put into (they are also subject to other regulations under the GDPR). While it is easier for public bodies to justify data collection, an extra check has been introduced. This will nudge them towards efficient data utilisation to avoid scrutiny. In addition to this, there is always a fear of high-profile litigations, which often cause heavy damage to these bodies. So, yes, while this won’t be a complete shakeup, any extra check on the administration is welcome.