A conversation about data privacy, ownership, stewardship, and profit
When did I lose control over my data and how do I get it back?
This question is one of the defining questions concerning data privacy and ownership from the consumer² viewpoint.
Unfortunately, the answer to this question is more often than not … no. Once you share your data with a company³, your data tends to get shared with more parties than you can even imagine.⁴
For example, in Geoffrey A. Fowler’s article The spy in your wallet: Credit cards have a privacy problem, the data generated from Fowler’s purchase of a banana with a credit card at Target ended up with multiple third parties unrelated to the transaction (“marketers, Amazon, Google and hedge funds”).⁴
And lest we forget, the constant sharing of consumer data between businesses and third parties is a major catalyst for data breaches.⁴
This is the unfortunate reality of consumer privacy, a world in which consumers need to be pragmatic about their privacy because they have little to no control over how businesses use their data once they have shared their data with them.⁵
Perturbed but defiant, consumers who are unsatisfied with the status quo, who believe that they should have more control over their data, are pursuing alternatives to protect their data.
Luckily for them, many individuals and enterprises share their sentiment (e.g., DuckDuckGo search engine), and are readily available today for them to make the switch.⁶
This article will proceed in two parts. Part One will discuss the status quo for how companies share consumer data and concerns about data breaches. Part Two will discuss alternative services and businesses that empower consumer privacy.
Note: This is the final version of the article
1. The Status Quo
As discussed above, the status quo for data privacy is pretty bleak for consumers, and this is reflected in how consumers view data privacy.
1.A. Consumer’s view data privacy as fundamental in theory, but are willing to give up their data privacy in practice
In general, consumers believe they should have control over how businesses use their data, preferably on an as-needed basis.⁵^⁷^⁸^⁹
Consumers can be categorized into three groups based on Acxiom’s Data privacy: What the consumer really thinks survey:
- “data pragmatists: those who will make trade-offs on a case-by-case basis as to whether the service or enhancement of service offered is worth the information requested
- data fundamentalists: those who are unwilling to provide personal information even in return for service enhancement and
- data unconcerned: those who are unconcerned about the collection and use of personal information about them.”⁵
Based on the responses to the survey, consumers were segmented into the three categories described above, with the majority of Americans being classified as data pragmatists (58%), while 24% were classified as data fundamentalists, and 18% were classified as data unconcerned.⁵
7 of the 9 major takeaways in Acxiom’s survey discussed consumers wanting more control and transparency over how their data is used by businesses (e.g., receiving remuneration for sharing their data with companies, and the need for trust and transparency before exchanging data with companies).⁵
Though consumers believe they should have more control, as discussed above, most consumers are data pragmatists because without giving up autonomy over their data, they cannot access the products and services they desire to use.⁵
Thus, it is not surprising that even though consumer views on data privacy are strongly pro-consumer, their actions differ widely from their views.⁵
Although Acxiom’s survey was reported in 2017 before the Facebook and Cambridge Analytica scandal in 2018, the same principles still hold true in 2019.⁸^⁹
After the scandal, as reported in IBM’s Institute for Business Value survey, more consumers believe that organizations “should face stronger regulations on personal data management,” but that they are still willing to be pragmatic about their data privacy in exchange for access to products and services.⁹^¹⁰
Though, the data pragmatist approach may start dwindling as new data privacy legislation in California and the European Union give consumers more protection over their data.¹¹^¹²
1.B. Most consumers are unaware of how businesses benefit from their data-generating activities
Most consumers do not see the connection between their data-generating activities, especially on purportedly free services (“search online for free, check their free email accounts, post on their free social media accounts and more …”) and how the data generated from those activities are used by businesses.¹³^¹⁴
Two examples highlight the disconnect between how consumers view their data generating activities and how businesses use the data.
First, marketers use the data consumers generated on the free services and platforms discussed above to provide more relevant marketing (i.e., targeted advertisements) to consumers.¹³
Second, businesses, even those that seem unrelated or unaffiliated, share data with each other, such as how Facebook entered into a data sharing agreements with third parties such as Amazon, in which Facebook gave “names and contact information” to Amazon, and in return, Facebook could use Amazon’s data “in its ‘People You May Know’ feature.”¹⁵
2. A Change in the Data Governance Landscape
Unfortunately, despite how companies use and misuse consumer data, and the lack of effort to properly secure consumer data, most consumers remain data pragmatists because without giving up their data privacy, they cannot use the services they desire.⁹^¹⁰^¹⁸^¹⁹^²⁰
The issues discussed in the previous section have led to the creation of a niche market of privacy-centric businesses, technologies, and services that empower a new data governance framework based on user consent.²³
2.A. The Rise of New Data Governance Frameworks
Vincent Straub and Geoff Mulgan in their article, The new ecosystem of trust: How data trusts, collaboratives and coops can help govern data for the maximum public benefit, developed a typology of data governance frameworks (categories described below) that promote individual control over data:
- “data cooperatives and commons,
- personal data stores,
- industry data stewardship trusts,
- public private data trusts,
- commercial data public research steward,
- public data research trust,
- public data trusts, and
- public benefit data trusts.”²³
Straub and Mulligan define data trusts as “institutions that work within the law to provide governance support for processing data and creating value in a trustworthy manner,” based on Kieron O’Hara’s definition of data trusts from his whitepaper Data Trusts: Ethics, Architecture and Governance for Trustworthy Data Stewardship.²³^²⁴
An additional governance framework that is helpful to understand the new privacy-centric market is the data collaborative framework developed in New York University’s (NYU) GovLab.²³^²⁵^²⁶ This framework is generally more focused on private-public partnerships than Straub’s and Mulligan’s framework.²³^²⁵
A data collaborative, as defined by Stefaan Verhulst and David Sangokoya, “ refers to a new form of collaboration, beyond the public-private partnership model, in which participants from different sectors — including private companies, research institutions, and government agencies — can exchange data to help solve public problems.”²⁵^²⁶
There are six types of data collaboratives:
- “Data Cooperatives or Pooling,
- Prizes and Challenges,
- Research Partnerships,
- Intelligence products,
- Application Programming Interfaces, and
- Trusted Intermediaries.”²⁶
Data Collaboratives provide five major benefits:
- “situational awareness and response,
- public service design and delivery,
- knowledge creation and transfer,
- prediction and forecasting, and
- impact assessment and evaluation.”²⁶
One of the major drivers for data collaboratives is that for public-sector entities to combat public problems, public-sector entities require greater access to data, which is often held by private-sector entities.²⁵
The six major motivations for corporations to share their data with, or as part of, a Data Collaborative, are:
- research & insights,
- regulatory compliance,
- reputation, and
3. What is a Data Cooperative?
For this article, we shall discuss Data Cooperatives because they can fall under the Data Collaborative framework from NYU Gov Lab by Verhulst and Sangokoya as a Data Cooperative, or as a Data Coop or Commons under Straub’s and Mulgan’s data governance framework.²³^²⁵^²⁶
Data Cooperatives are “[c]orporations and other important dataholders group together to create “data pools” with shared data resources.”²⁶ Data Cooperatives can be considered a type of platform cooperative, a cooperative-run enterprise or similar that operates, maintains, shares, or creates a platform (webiste and/or application) to connect individuals together or to provide services.²⁷
This type of data trust is one of the best models for ensuring data usage based on individual consent because they can develop “common standards to ensure data security, compliance and technical treatment.”²³
Two Data Cooperatives we wanted to discuss in this article are Savvy Coop and Driver’s Seat Cooperative.
3.A. Savvy Coop: A Patient-owned Data Cooperative
Savvy Cooperative (“Savvy Coop”) is a patient-owned cooperative that offers a platform for patients and care providers to share their health experiences with companies and researchers interested in their health experiences for their own projects.²⁸^²⁹
Savvy Cooperative addresses the following data privacy and stewardship issues and concerns:
- Assuring that patients are aware of, and reimbursed for, the sharing of their medical information with third parties for research, healthcare operations, drug development and other purposes.
- Who owns the patient’s medical information?
- How do patients feel about sharing their medical information and experiences?
- Do patients need to consent to secondary uses of their medical information?
- Should there be a profit-sharing scheme between patients and institutions?⁴⁴^⁴⁵
Patients can earn rewards when they share their health experiences on the platform through (but not limited to) surveys, interviews, focus groups, discussion boards, user-testing, scientific research, and many more gigs.²⁸^²⁹^³⁰
Patients can receive rewards in a variety of ways including:
- Savvy Points,
- Savvy Badges,
- Amazon Gift Cards,
- Visa Gift Cards, and
- Discounts Coupons.”³⁰
Savvy Coop offers two types of accounts for patients, a free account and a member account.³⁰ The free account is available to everyone, but the member account is available only to co-op members.³⁰
For companies and researchers, they can schedule gigs on the platform to get feedback from patients.³¹
In Savvy Coop’s model, patients have more control over their personal data because the:
- patients are co-owners of the enterprise;
- patients have a say in the co-op’s decision-making through voting;
- patients choose who to share their information with;
- patients receive remuneration for sharing their data; and
- patients are entitled to a profit-share from the co-op.³⁰
Additionally, the consumer view of greater control over how consumer data is used, and the possibility of receiving remuneration is actuated at Savvy Coop because patients retain control over the sharing of their medical information, and the opportunity to be remunerated for sharing the data they created.⁵^⁷^³¹
3.B. Driver’s Seat Data Coop: A Driver-owned Data Cooperative
Driver’s Seat Data Coop (“Driver’s Seat”) is a driver-owned cooperative that offers a platform where drivers, primarily rideshare drivers, can share their driving data with Driver’s Seat customers, (e.g., local governments and transportation agencies).³³
Drivers can track and share their driving data by using the Driver’s Seat’s mobile application (currently in beta testing).³³
Driver’s Seat addresses the following data privacy and stewardship issues and concerns:
- Major ride sharing platforms (e.g., Uber and Lyft) do not share driving analytics with their rideshare drivers.
- How the algorithms employed on ridesharing platforms work?
- Transparency over what data is collected on rideshare platforms and specifically, data collected on individual rideshare drivers.
- The use of rideshare information for and against rideshare drviers and users
- Local government access to rideshare data to assess transportation activity
- Rideshare driver access to granular customer reviews and ratings
- Getting additional information for rideshare drivers to improve their driving analytics.⁴⁶
For rideshare drivers (e.g., Uber and Lyft drivers), Driver’s Seat will provide free data insights on their driving habits to help drivers better optimize their earnings.³³Additionally, as a co-operative enterprise, rideshare drivers have a say in the co-op’s decision-making through voting, and are entitled to a profit-share from the co-op.³³
For local governments and transportation agencies, Driver’s Seat will provide rideshare data so that they can make data-driven decisions about “how ridershare relates to transit, how to reduce congestion and VMTs, and how rideshare and delivery impact the curb”.³³
The consumer desire for greater data autonomy, and receiving remuneration is actuated at Driver’s Seat because drivers retain control over how their driving data is shared with third parties, and the opportunity to be remunerated for sharing their driving data with local governments and transportation agencies.³³
4. Distributed Data Storage and Personal Data Stores
Distributed data storage is data stored among multiple devices rather than a single device.³⁴ Distributed peer-to-peer (p2p) data storage is a type of distributed storage where data is shared among the nodes on a p2p network.³⁴
A Personal Data Store (PDS) may be defined as software that “offer[s] to store the user’s personal data and allow the user to give controlled access to other organisations.”³⁵ In other words, PDS allow users to “[in]put  data about [themselves] and evidence of [their] identity (using passports and bank statements) which  others [can] access or indirectly use in order to provide you services.”³⁵
Common attributes of PDSs identified by Irina Bolychevsky & Simon Worthington in Are Personal Data Stores about to become the NEXT BIG THING?, are that they “ensure your personal data:
- “would not be lost when the company pivots, is bought up, goes bankrupt or decides to delete or suspend your account since you maintain it”;
- “would not be as vulnerable to misuse, exploitation or data breaches since you hold the data and can revoke access”; and
- “can be kept accurate and up to date more easily from one central location.”³⁵
4.A. AXEL Network
Before discussing AXEL Network, we first need to know about the InterPlanetary File System (IPFS).
The InterPlanetary File System (IPFS) is a project by Filecoin that enables distributed storage and transfer of files among nodes in a peer-to-peer network.³⁶
In the IPFS, file storage is distributed among the nodes on the network such that each node has a chunk of the file data, thereby ensuring that no single node holds a complete copy of a file.³⁶
To achieve the above, the IPFS implements a distributed hash table (DHT) that allows “any participating node to efficiently retrieve the value associated with a given key.”³⁷ By relying on a p2p network, the DHT can scale to an “extremely large numbers of nodes and to handle continual node departures, arrivals and failures.”³⁷
A major advantage of using the IPFS is that it ensures that a node requesting a file will receive it from the closest nodes storing the file, thereby making file retrieval faster.³⁶
A local company based in Las Vegas, Nevada that is implementing the IPFS as a distributed data storage solution is AXEL Network (“AXEL”).³⁸
AXEL’s IPFS implementation, IPFS Pinning Facility, primarily works as a content distribution network and consumer file storage solution.³⁸
AXEL’s IPFS Pinning Facility is an IPFS tool that has a built-in file management system that makes it extremely easy to upload and manage files on the IPFS for the end user.³⁸
The main reasoning for AXEL’s development of the IPFS Pinning Facility is that since IPFS does not automatically store data unless pinned, the IPFS Pinning Facility “tells a server on IPFS to retain [your] data because it’s important.”³⁸
AXEL’s IPFS Pinning Facility provides three primary benefits:
- “Saving on Bandwidth and Storage
- Overcoming Latency
- Storing Files.”³⁸
AXEL’s IPFS Pinning Facility is also integrated with their blockchain network.³⁹ AXEL Network operates a Proof-of-Stake (PoS) blockchain which is secured through Masternodes⁴⁰.³⁹
SoLiD is an open source project, developed by Sir Tim Berners Lee at Massachusetts Institute of Technology (MIT) that extends the current functionality of the web (W3C standards and protocols) by applying “Linked Data principles.”³⁵^⁴¹^⁴²
SoLiD seeks to simplify data ownership concerns for consumers and businesses by 1) giving users the freedom to take their data anywhere and avoid vendor lock-in, and 2) for developers, the ability to reuse data in existing apps for new apps so consumer data does not need to be shared with a new service.³⁵^⁴¹^⁴²
In SoLiD, PDSs are called pods, and pods are stored on SoLiD servers.⁴³
SoLiD utilizes Linked Data, a way of connecting resources throughout the web by having a uniform resource location (URL) for each piece of data, and explicitly stating how each piece of data is related to each other.⁴¹^⁴²
There are many issues in our current data privacy climate.
For many consumers, there is a desire for more control over how business and services share their data with third parties, and the ability to receive remuneration for sharing their data with businesses.⁵^⁷^⁸^⁹^¹⁰
This reality has led to consumers adopting a data pragmatist approach to sharing their data with businesses, wherein they give up control over the usage of their data in exchange for access to technologies and services provided by businesses.⁵
For businesses, this has led to a great opportunity to cash in on user-generated data without remunerating users, but also has led to a rapid increase in the number and severity of data breaches.¹⁵
This grim outlook has led to the rise of a privacy-centric market of businesses, technologies and services that share the same views as consumers on data privacy, and hope to provide a feasible alternative to the status quo.²³
This new market is occupied by a new data governance framework that understands and respects the consumer’s need for data autonomy, and even satisfying the consumer desire for remuneration.³⁵^²³^²⁶
Specifically, this new data governance framework and outlook has led to the rise of data cooperatives such as Savvy Coop and Driver’s Seat, distributed data storage providers such as AXEL Network, and personal data storage technologies such as SoLiD.²⁵^²⁹^³⁵^⁴¹^⁴²
Rather than waiting for regulatory reform (especially in the USA) to hold companies more accountable, consumers can take more control over their personal information by integrating privacy-centric businesses, technologies and services into their daily lives.²⁰
SoLiD at MIT
 Geralt, Pixabay, https://pixabay.com/illustrations/binary-code-privacy-policy-woman-1327493/, ( Created Apr. 2, 2014, Uploaded Apr. 13, 2016)
 Used synonymously with “user”and “customer”throughout the article.
 Used synonymously with “business” throughout the article.
 Geoffrey A. Fowler, The spy in your wallet: Credit cards have a privacy problem, Wash. Post, https://www.washingtonpost.com/technology/2019/08/26/spy-your-wallet-credit-cards-have-privacy-problem/?noredirect=on&utm_source=pocket-newtab, Aug. 26, 2019.
 Acxiom, Data & Marketing Association & Foresight Factory, Data privacy: What the consumer really thinks, Acxiom, https://marketing.acxiom.com/rs/982-LRE-196/images/DMA-REP-DataPrivacy-US.pdf, Jun. 2018.
 Nathaniel Popper, A Feisty Google Adversary Tests How Much People Care About Privacy, N.Y. Times, https://www.nytimes.com/2019/07/15/technology/duckduckgo-private-search.html, Jul. 15, 2019.
 Akamai Research, Consumer Attitudes Toward Data Privacy Survey, https://www.akamai.com/us/en/multimedia/documents/report/akamai-research-consumer-attitudes-toward-data-privacy.pdf, 2018.
 Erik Sherman, People Are Concerned About Their Privacy in Theory, Not Practice, Says New Study, Fortune, https://fortune.com/2019/02/25/consumers-data-privacy/, Feb. 25, 2019.
 Kim Hart, Consumers kinda, sorta care about their data, Axios, https://www.axios.com/consumers-kinda-sorta-care-about-their-data-3292eae9-2176-4a12-b8b5-8f2de4311907.html, Feb. 25, 2019.
 Survey shows discrepancies between consumers’ thoughts and actions toward privacy, International Association of Privacy Professionals (IAPP), https://iapp.org/news/a/survey-shows-discrepancies-between-consumers-thoughts-and-actions-toward-privacy/, Feb. 26, 2019.
 Acquia, 65% of Consumers Question How Brands Are Using Their Data, Acquia, https://www.acquia.com/about-us/newsroom/press-releases/65-consumers-question-how-brands-are-using-their-data, Jul. 18, 2019.
 Most consumers still don’t know how brands are using their data, Help Net Security, https://www.helpnetsecurity.com/2019/07/22/brands-using-consumer-data/, Jul. 22, 2019.
 Surajit Nath, Privacy, Data, and the Consumer: What US Thinks About Sharing Data, MarTech Advisor, https://www.martechadvisor.com/articles/data-management/privacy-data-and-the-consumer-what-us-thinks-about-sharing-data/, Sept. 18, 2018.
 Alexis C. Madrigal, Facebook Didn’t Sell Your Data; It Gave It Away In exchange for even more data about you from Amazon, Netflix, Spotify, Microsoft, and others, The Atlantic, https://www.theatlantic.com/technology/archive/2018/12/facebooks-failures-and-also-its-problems-leaking-data/578599/, Dec. 19, 2018.
 Bernard Marr, Where Can You Buy Big Data? Here Are The Biggest Consumer Data Brokers, Forbes, https://www.forbes.com/sites/bernardmarr/2017/09/07/where-can-you-buy-big-data-here-are-the-biggest-consumer-data-brokers/#bc9a1846c278, Sept. 7, 2017, 12:28 AM.
 Adam C. Uzialko, How Businesses Are Collecting Data (And What They’re Doing With It), Business News Daily, https://www.businessnewsdaily.com/10625-businesses-collecting-data.html, Aug. 3, 2018, 02:25 PMEST.
 Paul Asick, Billions of records exposed: 2019 on track to be worst year ever for data breaches, USA Today, https://www.usatoday.com/story/money/2019/08/18/2019-on-track-to-become-worst-year-ever-for-data-breaches/39963021/, Published Aug. 18, 2019, 12:06 PM ET, Updated Aug. 19, 2019, 11:34 AM ET.
 Erik Sherman, Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data, Vice, https://www.vice.com/en_us/article/bje8na/massive-data-leaks-keep-happening-because-big-companies-can-afford-to-lose-your-data, Nov. 15, 2018, 4:39 AM.
 Paul Roberts, Hilton Was Fined $700K for a Data Breach. Under GDPR It Would Be $420M, Digital Guardian: DATAINSIDER, https://digitalguardian.com/blog/hilton-was-fined-700k-data-breach-under-gdpr-it-would-be-420m, Apr. 6, 2018.
 Davey Winder, (Updated) 2 Billion Unencrypted Records Leaked In Marketing Data Breach — What To Do Next, Forbes, https://www.forbes.com/sites/daveywinder/2019/03/10/2-billion-unencrypted-records-leaked-in-marketing-data-breach-what-happened-and-what-to-do-next/#5db257866b0d, Mar. 10, 2019, 04:05 AM.
 Lorenzo Franceschi-Bicchierai, The ‘Biggest EVER’ Collection of Hacked Passwords Is Not That Bad, Vice: Motherboard, https://www.vice.com/en_us/article/evegxw/collection-one-data-breach-password-hack-what-to-do, Jan. 17, 2019, 9:16 AM.
 Vincent Straub & Geoff Mulgan, The new ecosystem of trust: How data trusts, collaboratives and coops can help govern data for the maximum public benefit, Nesta, https://www.nesta.org.uk/blog/new-ecosystem-trust/?source=post_page---------------------------, Feb. 21, 2019.
 Kieran O’Hara, Data Trusts: Ethics, Architecture and Governance for Trustworthy Data Stewardship (Univ. of Southampton, Feb. 2019).
 Stefaan Verhulst, David Sangokoya & The GovLab, Data Collaboratives: Exchanging Data to Improve People’s Lives, Medium, https://medium.com/@sverhulst/data-collaboratives-exchanging-data-to-improve-people-s-lives-d0fcfc1bdd9a, Apr. 22, 2015.
 Stefaan Verhulst, Andrew Young & Prianka Srinivasan, AN INTRODUCTION TO DATA COLLABORATIVES: CREATING PUBLIC VALUE BY EXCHANGING DATA, NYU GovLab, http://datacollaboratives.org/static/files/data-collaboratives-intro.pdf.
 Platform Cooperativism Consortium, Platform Cooperativism Consortium, https://platform.coop/
 Membership, Savvy Cooperative, https://www.savvy.coop/membership.
 Home, Savvy Cooperative, https://www.savvy.coop/home-old.
 Patients, Savvy Cooperative, https://www.savvy.coop/patients.
 Companies, Savvy Cooperative, https://www.savvy.coop/companies.
 About, Savvy Cooperative, https://www.savvy.coop/about
 Driver’s Seat, Driver’s Seat Cooperative, https://www.driversseat.co/
 Eugene Cheah, 🤔 Explain Distributed Storage — and how it goes down for github / uilicious / cloud / etc, Dev.to, https://dev.to/uilicious/explain-distributed-storage---and-how-it-goes-down-for-github--uilicious--cloud--etc-1mni, Published Oct. 23, 2018, Updated Aug. 23, 2019.
 Irina Bolychevsky & Simon Worthington, Are Personal Data Stores about to become the NEXT BIG THING?, Medium, https://medium.com/@shevski/are-personal-data-stores-about-to-become-the-next-big-thing-b767295ed842, Oct. 4, 2018.
 JP Buntinx, What is the InterPlanetary File System?, The Merkle, https://themerkle.com/what-is-the-interplanetary-file-system/, Jun. 26, 2017.
 Prahant Shah, Understanding distributed storage systems on blockchain, YOURSTORY, https://yourstory.com/2019/04/distributed-data-storage-systems-blockchain, May 1, 2019.
 IPFS, AXEL Network, https://axel.network/ipfs/.
 Masternodes: Tier Nodes, System Requirements,
and more, AXEL Network, https://axel.network/ipfs/.
 Nodes that render specific services on the network’s behalf in exchange for remuneration, with eligibility subject to the number of tokens staked.
 INTRODUCTION TO THE SOLID SPECIFICATION, Inrupt, https://solid.inrupt.com/docs/intro-to-solid-spec.
 What is Solid?, Solid, https://solid.mit.edu/.
 Get a Solid POD and Identity, Solid, https://solid.inrupt.com/get-a-solid-pod.
 Richard Harris, If Your Medical Information Becomes A Moneymaker, Could You Get A Cut?, NPR.org , https://www.npr.org/sections/health-shots/2018/10/15/657493767/if-your-medical-information-becomes-a-moneymaker-could-you-could-get-a-cut (last visited Dec 10, 2019).
 Niam Yaraghi, Who should profit from the sale of patient data?, Brookings (2018), https://www.brookings.edu/blog/techtank/2018/11/19/who-should-profit-from-the-sale-of-patient-data/ (last visited Dec 10, 2019).
 Sarah Holder, This Uber Driver Started a Legal Battle That Could Upend the Gig Economy, CityLab , https://www.citylab.com/transportation/2019/08/uber-drivers-lawsuit-personal-data-ride-hailing-gig-economy/594232/ (last visited Dec 10, 2019).