You can be forgiven for believing that your personal data is actually yours. After all, it’s your email. Your Fitbit. Your GPS device. Or your tractor. The reality of today’s data-obsessed world, however, is that the minute your data hits the cloud, it’s no longer yours. Not even remotely.
In fact, while it’s long been a truism that if you’re not paying for a product, you arethe product, it’s increasingly the case that your data is someone else’s property even when you are paying. But shouldn’t payment give us the option of privacy?
You Ride The Bike; We Mine Your Data
This fact hit home last week when reading that Strava, the tool I use to track my exercise miles, is now selling its user data to governments to help urban planners understand how and where cyclists use public streets. Oregon is the first customer of the service, called Strava Metro, paying Strava $20,000 to use the data for a year. London; Glasgow; Orlando, Fla,; and Alpine Shire in Victoria, Australia, have also signed up.
While I’ve never made any attempt to keep my Strava data confidential—you can see my full history here if you’re so inclined—I assumed that it was, well, mine.
This would be less troubling if Strava were simply using my data. After all, I’m a free rider on the service. I don’t pay Strava for a premium subscription. I’m the product, right?
But Strava is also using its premium subscriber data for Strava Metro. While the company insists it "processes the data to remove all personal information linked to the user," and goes on to stress that "[t]he data provided through Metro has been anonymized and aggregated to a linear map so that cycling activity cannot be associated with a specific member of Strava’s community," there’s still the question of who owns the data in the first place.
The answer, obviously, is Strava. It peddles what you pedal.
All Your Farm Data Are Belong To Us
Think this is simply a problem for consumer-oriented apps? Think again.
Farmers have been collecting data on their farm operations for at least a decade. Farm equipment increasingly churns out data that is collected on servers, to be used by farmers or the equipment companies. In this scenario, farmers continue to own their data and have the option to opt-out of cloud services provided by the equipment companies.
That was then, this is now. With Monsanto, a giant multinational chemical and agricultural biotechnology corporation, on the scene, buying a data analytics company for nearly $1 billion and kicking off its own agriculture analytics service,farmers increasingly worry who owns their data. Monsanto increasingly collects data on individual farms, leading farmers to worry that this data could end up getting sold to rival farms, provide the basis for price discrimination in commodity markets, and other woes.
In theory, farmers can keep all their data to themselves. In practice, however, they can’t, as data on their land is publicly available, as are some data on crop sales. There’s also the risk that farmers who opt out will be mowed under by competitors who utilize Monsanto’s data services.
Can We Buy Privacy?
In this world, farmers still have some flexibility in how they use their data. But what about kids? Data is also being collected on children within schools, potentially mapping the trajectory of their entire academic careers. Google, for its part, electedto stop scanning student emails for advertising purposes, but only in response to a court case.
While government, school and software executives are quick to point to the security of such academic data, data security is as much a chimera as data privacy. Again and again, hackers find a way into credit card and other data. Academic data is no more secure than any other data.
So perhaps this is the lesson: Get over it. That’s certainly the message from the U.S. Department of Education’s first chief privacy officer, Kathleen Styles, who declares, "The only way to make data totally safe is to not ever use it or keep it. That’s not an option."
But perhaps it should be an option not to sell data for those too young to legally opt into having their data commercialized. It also seems like a fair request to expect our personal data to remain ours when we’re actually paying for a service. If I pay for a product, I shouldn’t have to be the product.
Payment should make my data mine.