Should We Be Able to Buy and Sell our Personal Financial and Medical Data?
Friday, May 19, 2006 at 06:18AM When I first heard about USA Today breaking the NSA domestic phone spying scandal involving the major long distance phone companies, I wasn't surprised. I won't even be surprised when, in the next few months, word leaks out that Federal agencies are also involved in non-court-approved electronic screening of domestic call traffic looking for specific words and word combinations.
That's the world we live in and why we are having a debate about balancing privacy against security. It's a good debate to bring out in the open.
Instead of outrage my first reaction, instead, was, "What, you're selling data about my calls and not giving me a piece of the action?"
Let me explain. One of the areas that interests me is the impact of technology on intellectual property rights. Last year I started thinking about what might happen if concepts like copyright and intellectual property ownership were extended to cover personal data such as personal medical and financial details. I wrote about some of my early ideas here, here, and here. The idea is that you own your personal data and you alone have the right to make it public and to earn money from business transactions based on that data. You should even be able to auction off to the highest bidder your most intimate and personal details, if you so desire.
Or you should also be able to maintain total and complete privacy and control over your personal data, no matter how much someone wants to pay for it.
Admittedly, the thought that you should be able to draw a "privacy bubble" around you and your family -- a bubble that you can control for your own personal and monetary benefit -- flies in the face of much of what's happening today, not only in terms of what the government says it has the right to do with your communication habits but also in terms of what financial institutions, insurance companies, credit bureaus, and others have grown to manipulate for their own benefit.
Add to that the increasing willingness of so many people to publicize details of their personal lives on blogs and on social networking tools such as Facebook. You can already see the lobbyists lining up outside the doors of senators and congress people to write legislation protecting "the free and unfettered exchange of personal data necessary for the conduct of commerce," or something like that.
Still, if somebody is going to make money from selling something about me, I think I should be able to benefit directly AND know when my data is being bought and sold.
Let me know what you think by leaving a comment below.
View Printer Friendly Version
Email Article to Friend
Reader Comments (7)
The key factor is trust - whoever you turn over all of your info to is someone you have to trust. That type of org does not exist yet. Especially if you are willing to consolidate all of your info in one place.
But the time will come to find another way to do this. We have some thoughts on it and are working on the theory part right now. I will try to keep you updated on the results.
____________________
(response from Dennis)
Paul-
This is one of those cases where trust is a necessary but insufficient ingredient of the solution -- the technology is going to have to be pretty good, too, since the people we trust change over time!
Thanks for the comment!
- Dennis
If anything, this would be a sui generis right, seeing as by definition of the Copyright Act (and the Constitution), one's personal information is not "an original work of authorship."
From the Copyright Office:
"Copyright does not protect facts, ideas, systems, or methods of operation, although it may protect the way these things are expressed."
Personal information is nothing more than a fact about you. That it's monetizable does not necessarily mean that it is an asset that you can propertize, per se. As an example: If you get into a car accident, and I am a reporter and report on that accident, I may be earning revenue from detailing the facts of the event (presumably by selling papers/advertisement), but you have no 'property' interest in the event.
That being said, one does have a limited right to protect one's private information, in some contexts, but I don't think it thus far includes a right to monetize that private information. I could be wrong.
State-based rights of publicity/privacy tend to be all over the map, but reason and logic tend to suggest that even the most robust of them (California being a good example) don't afford a right to create an exclusionary zone around your personal information. Most laws tend to provide a best-practices approach, and penalize companies that fail to meet that minimum.
From a purely practical, non-legal standpoint, your idea is impossible.
For example: What do you monetize? If they're just transferring information on my name, do I get a cut of the pie? What if its just my phone number, but not my name? Or my Last name, and SSN? Ignoring the practical issues (e.g., Which John Smith are you referring to?), you have a huge problem with enforceability. Thousands of bits of information get exchanged about an individual over the course of days or weeks. Who keeps track of that?
Furthermore, the concept of having to consent/approve of each and every use of one's information would create a system where the entire structure of our economy would grind to a halt. Not to mention a gigantic headache for everyone.
Finally, even if 'rights' were granted in one's personal information, smart companies would simply dissolve these rights by way of a contract, just as they do with our existing rights.
I agree - current law does not cover this. Current law would have to be changed.
As far as practicality is concerned, I would establish a licensing organization so that individual rights and permissions transactions could be standardized and automated. There is precedent for that.
As an inducement to participate I would provide a method by which individuals could significantly augment publicly available data with data that are usually private. That would increase the economic value of the data to be licensed and it might also provide some justification for the database to contain an "original work of authorship."
- Dennis
As for the database idea, you miss the fact that copyright ownership in a database is almost always an ownership based in the aggregate. Individual supplementation of otherwise factual data _does not create a copyright interest_, because the 'original' elements in the database aren't the data, but the selection, arrangement and organization of that data.
If you want more information, go read FEIST PUBLICATIONS, INC. v. RURAL TELEPHONE SERVICE CO., 499 U.S. 340 (1991):
"In summary, the 1976 revisions to the Copyright Act leave no doubt that originality, not “sweat of the brow,” is the touchstone of copyright protection in directories and other fact-based works. Nor is there any doubt that the same was true under the 1909 Act. The 1976 revisions were a direct response to the Copyright Office's concern that many lower courts had misconstrued this basic principle, and Congress emphasized repeatedly that the purpose of the revisions was to clarify, not change, existing law. The revisions explain with painstaking clarity that copyright requires originality, § 102(a); that facts are never original, § 102(b); that the copyright in a compilation does not extend to the facts it contains, § 103(b); and that a compilation is copyrightable only to the extent that it features an original selection, coordination, or arrangement, § 101."
All you'd create under your hypothetical is a copyright interest (at best) for the owner of the database--a right which already exists (Think the databases owned by Choicepoint or Thomson).