Personal Data Ownership Act

As society rapidly advances into the digital era, the concept of personal property is evolving beyond physical assets to encompass the vast amounts of data generated by individuals. In an age where browsing history, clicks, location data, and shopping habits are meticulously collected by corporations, the need to reassess personal property rights in relation to data is more pressing than ever.

The Modern Dilemma: Data as Personal Property

Traditionally, personal property rights have been well-defined, encompassing physical goods and real estate. However, the rise of digital technology has introduced a new dimension of personal assets: data. Every interaction online—whether it’s a search query, a social media post, or a purchase—generates data that companies eagerly collect and analyze. This data is valuable, often forming the basis for highly profitable business models.

Yet, despite its intrinsic value, individuals typically have little control over their own data. Companies accumulate vast quantities of personal information, using it to target advertisements, influence purchasing decisions, and even make critical business decisions. This imbalance raises a fundamental question: Shouldn’t individuals have ownership over their own data?

The Right to Control and Profit

The argument for data ownership is grounded in the principles of personal autonomy and property rights. Individuals should have the absolute right to review, edit, or delete any information that corporations collect about them. This control ensures that personal data remains accurate and secure, reducing the risk of misuse or exploitation.

Furthermore, individuals should have the right to profit from the sale or transfer of their data. Just as one can sell a physical asset, personal data should be treated as a commodity that individuals can monetize if they choose. This shift would not only empower individuals but also foster a more equitable digital economy where the benefits of data collection are shared.

Proposed Legislative Framework

To address these concerns, a comprehensive legislative framework is needed to safeguard data ownership rights. The proposed “Personal Data Ownership Act” aims to establish clear guidelines for data control:

Title: Personal Data Ownership Act

Section 1: Short Title and Alternate Title

1. Short Title: This Act shall be known as the “Personal Data Ownership Act.”
2. Alternate Title: This Act may also be referred to as the “I Own Me” Act.

Section 2: Purpose The purpose of this act is to return ownership of data collected about a person to the person who’s data is being collected.

Section 3: Definitions

1. Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to biometrics, physical location history, internet browsing history, shopping history, Personally Identifiable Information (P.I.I.) as defined in other statutes, associations with other persons, video and audio recordings, and other biometric and DNA information. Collecting data from a device, that can be associated to a data subject, is the same as collecting data from a person (ie: personal data).
2. Data Collector: Any entity, public or private, that collects, processes, or stores Personal Data.
3. Data Subject: An individual whose Personal Data is collected, processed, or stored by a Data Collector.
4. Electronic Device: Any electronic device that can be used for the collection of data on an individual, including but not limited to computers, smartphones, tablets, wearables, and IoT (Internet of Things) devices.

Section 4: Personal Data Ownership

1. Ownership Rights: Every individual shall have personal ownership of all Personal Data collected about them, regardless of the nature of their relationship with the Data Collector. Ownership rights include:
   • History of location.
   • History of search activity.
   • History of clicks, actions, motions, or scrolls, or any other device measurements.
   • Personally Identifiable Information (P.I.I.) as defined in other statutes.
   • Video and audio recording information.
   • Other biometric and DNA information.
2. Control Rights: Data Subjects shall have the authority to review, edit, or remove their Personal Data, in whole or in part, at any time.

Section 5: Right to Review and Edit

1. Access to Data: Data Collectors must provide Data Subjects with access to all Personal Data collected about them upon request.
2. Correction of Data: Data Subjects shall have the right to demand correction of inaccurate or incomplete Personal Data.
3. Deletion of Data: Data Subjects shall have the right to demand the deletion of their Personal Data, in whole or in part, except as provided in Section 6.
4. Non-Retaliation: A Data Collector, or a company that contracts with a Data Collector, may not cancel a person’s membership or ability to use a service due to a person requesting that their information be removed.

Section 6: Data Collection and Usage

1. Transparency: Data Collectors must inform Data Subjects about the collection and use of their Personal Data, including the purposes for which it is collected.
2. Consent: Data Collectors must obtain explicit consent from Data Subjects before collecting or processing their Personal Data.
3. Parental Consent: No data may be obtained about a person under the age of 13 without parental consent.

Section 7: Exceptions

1. Device Data Collection: This act does not apply to a device that does not store Personal Data for more than 24 hours or transmit that information to another device for storage.
2. Governmental Data: This Act does not apply to Personal Data collected, processed, or stored by government entities for official purposes.
3. Medical Data: This Act does not apply to Personal Data collected, processed, or stored by medical entities for the purposes of diagnosis, treatment, or healthcare management. This Act does not apply to individuals who are under the medical supervision of another.
4. Employment Data: This Act does not apply to Personal Data collected, processed, or stored by employers for employment-related purposes.
5. Law Enforcement Data: This Act does not apply to Personal Data collected, processed, or stored by law enforcement agencies for the purposes of criminal investigation, incarceration, public safety, or national security.
6. Security of Persons or Property: This Act does not apply to surveillance (video and/or audio) of a person or property conducted to protect against theft, vandalism, or violence.
7. Public Spaces: This Act does not restrict the constitutional right to record (video or audio) individuals in public places where there is no expectation of privacy, as long as such recording complies with applicable laws regarding privacy and consent.
8. Journalistic Exemption: Journalists and media organizations shall be permitted to gather Personal Data on individuals for newsworthy stories that serve the public good, provided that such data collection is conducted in accordance with applicable laws and ethical standards for journalism.
9. Personal and Family Data: This Act does not apply to individuals who collect and store data or documents solely for themselves or their immediate family.
10. Ancestral Information: This Act does not apply to the retention of information related to ancestral or genealogical research.

Section 8: Enforcement and Penalties

1. Enforcement Authority: The designated regulatory authority shall have the power to enforce the provisions of this Act.
2. Penalties for Non-Compliance: Data Collectors found in violation of this Act shall be subject to penalties, including fines and corrective actions as determined by the regulatory authority. An individual may also sue the Data Collector in Civil Court. A plaintiff shall not be required to prove monetary damages to bring a case or have that case adjudicated.
3. Class A Misdemeanor: It shall be a Class A Misdemeanor for any person to collect or store data on an individual without their knowledge.
4. Corporate Responsibility: When the offender is a corporation, the highest officer of that corporation shall be held responsible for the actions of the corporation and subject to penalties as specified for individual offenders.
5. Defense Against Prosecution:
   • It shall be a defense against prosecution if a Data Subject has signed an authorization for the collection of data, provided the data to be collected is plainly spelled out as to what is specifically collected.
   • It shall also be a defense against prosecution if the information collected is public knowledge or readily available from public sources.

Section 9: Transfer or Selling of Data

1. Authorization Required: Data Collectors must seek explicit authorization from the Data Subject prior to transferring or selling their Personal Data to any third party.
2. Disclosure of Terms: Data Collectors must disclose the terms of the sale or transfer, including the nature of the data being transferred and the parties involved, to the Data Subject.
3. Right to Negotiate Compensation: The Data Subject shall have the right to negotiate compensation for the transfer or sale of their Personal Data.
4. Retention of Rights: All other rights of the Data Subject, including the right to review, edit, or remove their Personal Data, shall be retained after the transfer or sale.

Section 10: Effective Date This Act shall take effect six months after the date of enactment.

Section 11: Severability If any provision of this Act is found to be unconstitutional or invalid, the remaining provisions shall remain in effect.

Section 12: Review and Amendment This Act shall be reviewed every five years from the date of enactment and may be amended as necessary to address emerging privacy concerns and technological advancements.

As we navigate the complexities of the digital age, reimagining personal property rights to include data is essential. By granting individuals control over their own data and the right to profit from it, we can create a more equitable and transparent digital landscape. The proposed “Personal Data Ownership Act” serves as a crucial step in this direction, aiming to establish clear and enforceable rights for data subjects, ensuring that personal data is treated with the respect and value it deserves.

References

1. Jurcys, P. (2019). Ownership of User-Held Data: Why Property Law is the Right Approach. Retrieved from Harvard Journal of Law & Technology.
2. Ritter, J., & Mayer, A. (n.d.). Regulating Data as Property: A New Construct for Moving Forward. Retrieved from Duke Law & Technology Review.
3. Global Perspectives on Digital Trade Governance. (2021). Data Ownership and Data Access Rights: Meaningful Tools for Promoting the European Digital Single Market? Retrieved from Cambridge University Press.
4. Grimmelmann, J., & Mulligan, C. (n.d.). Data Property. Retrieved from American University Law Review.
5. Käll, J. (2020). The Materiality of Data as Property. Retrieved from Harvard International Law Journal.
6. Leonard, P. (2020). Beyond Data Privacy: Data “Ownership” and Regulation of Data-Driven Business. Retrieved from American Bar Association.

By considering the proposals and discussions in these resources, we can work towards a legal framework that ensures data ownership rights for all.