How much is your personal data worth? According to one recent survey, consumers assume their data must be worth thousands of dollars. However, the price for personal data on the open market is significantly less. Knowing that a woman is expecting a baby is apparently worth about $0.11, for example, while health insurance companies will pay roughly $0.26 to know that an individual has a specific health condition or is taking certain medication.

Even on the black market for illegal personal data, including stolen financial information, data is not valued as highly as you might think. A report by Intel Security Group’s McAfee Labs suggests that the average price for stolen credit or debit card information is about $20-35. While bank login details for an account with a balance of $2,200 go for less than $200.

Clearly, people think their data is worth much more than the market is willing to pay. But is part of the problem that the market can’t really function properly while there is so little transparency about who has our data and what they are doing with it? Would clearer international rules and better tools, guaranteeing greater transparency and control for individuals, help improve things?

In Europe, data protection is a fundamental right enshrined in the EU Charter of Fundamental Rights. But the internet is global, and data flows across borders instantaneously. So, should data protection be considered a fundamental human right internationally? Would that help give individuals more control over who does what with their information?

Curious to know more about data protection rules in Europe? We’ve put together some facts and figures in the infographic below (click for a bigger version).


We had a comment sent in from Nikolai, who wonders what exactly “rights” mean in practice when the internet is global. Do we have a legal right to data protection only in countries that have signed up to conventions on data protection, for example?

To get a response, we spoke to Jörg Polakiewicz, Director of the Directorate for Legal Advice and Public International Law (DLAPIL) at the Council of Europe. How would he respond to Nikolai?

JorgWell, in the Council of Europe, we have the European Convention of Human Rights, which guarantees the right to a private life and privacy as a human right. Of course, this convention applies only to European countries that are party to it, which is all European states. But in addition to the ECHR, we have also have ‘Convention 108’, the Data Protection Convention. And, in fact, it’s not an exclusively European instrument.

Already, when it was drafted, the US, Canada, Japan, and Australia participated. And precisely at this very moment the convention is also going global. We just had a conference here in Strasbourg with participation from African and Latin American countries. Uruguay has joined, and during the conference Mauritius – the first African country – just joined the convention.

There’s now real momentum, precisely because you cannot have a purely European instrument for something like the internet, which is global. And it is our firm belief that this convention can become a global standard. Probably not for all the 200 or so countries in the world, but for those countries that have appropriate data protection standards in their law and practice. And this is why we are promoting this convention worldwide.

We also had a question sent in from Paul, who pointed out that privacy and data protection are quite nebulous goals. He believes that the difficulty in perceiving the value of data protection creates an imbalance against more ‘solid’ economic logic. Is he right?

To get a reaction, we spoke to Marc Langheinrich, Professor for Computer Science at the Università della Svizzera italiana (USI) in Lugano, Switzerland. What would he say?

MarcLangheinrich-avatarI think this is an excellent question, and this is the whole problem with data protection and privacy today. It is basically balancing the obvious, immediate economic gains from having a free service, i.e. getting a great experience from using Gmail or any other of these free services, versus some nebulous privacy problem that might or might not exist in the future. So that issue totally resonates with me. And I think we will need to develop better tools to solve that problem, and that’s basically what computer scientists like myself have to work on; making better tools that give people better feedback on what their current online status is. ‘How much is already known about me in a particular circle of recipients?’, ‘What do they do with my data?’, and so on.

Even if people don’t necessarily exercise that right very often, I think it’s imperative that a) We have the right, and b) We have an easy means to look into things if we are inclined. Currently in theory we have the right to ask Facebook what they know about us, but as you might have read, when you try to actually exercise that right it’s quite involved and you have to do a lot of paperwork and so on. If there was a simple button press that helped you visualise the impact of what it really means I think that would be really helpful, and I think it’s something we have to work on.

Finally, for another perspective, we spoke to Paul MacDonnell, the former Head of European Policy at the Center for Data Innovation. How would he react?

I think the issue is that there is potential use in the economy for personal data that could yield enormous economic benefits. So, for example, insurance companies could take personal data from individuals and identify risk down to a very fine level. And if you can identify risk down to a very fine level, it means you can price it. The reason why much of the world’s population are unable to get insurance or loans or any kind of financial services isn’t because they are deemed to be too risky. It’s actually because the risks aren’t known, because of the nature of the societies they live in, the nature of the sort of lives they lead…

So, you have a scenario where potential economic development that could happen, through having better information about people, could be threatened by an environment that privileges privacy above everything else. Whereas what you actually need is for people to have a better understanding of the value of their own data. And, I agree, more control over their own data, which includes more freedom to offer their data to people within the terms of contracts…

Should data protection be a global human right? Would it help to raise awareness among people about the value of their data? Let us know your thoughts and comments in the form below, and we’ll take them to policymakers and experts for their reactions!

IMAGE CREDITS: CC / Flickr – KamiPhuc
The European Commission support for the production of this publication does not constitute an endorsement of the contents which reflects the views only of the authors, and the Commission cannot be held responsi­ble for any use which may be made of the information contained therein.


24 comments Post a commentcomment

What do YOU think?

  1. avatar
    Tarquin Farquhar

    Yes, theoretically, possibly not pragmatically!

  2. avatar
    eusebio manuel vestias pecurto vestias


  3. avatar

    It isn’t ? Well if it is not yet a person’s data protected it should be. A very good start is a informing campaign about the situation so far , how a person/company/consumer should be protected , risk analysis about personal data been exposed, and global laws about penalties in cases of violation privacy of personal data.

  4. avatar
    Daniel Rabinovich

    No, please, don’t make such data protection as in EU on entire Earth. EU doesn’t allow Google Street View to survive in unblurred form. And this means that blurrings made by error because blurring software mistakes random objects for either faces or license plates are supposed to be irrecoverable. No, thanks.

  5. avatar
    Ludovic Bouvier

    The question is, if we can take back control over our data and if humanity even understands the amount of shared data through network.

  6. avatar
    Zbigniew Jankowski

    Yes, as our data is going to crucial and it’s not about money or spam. Soon in the nearest future all people will have their DNA codes analysed and that information MUST be fully protected by worldwide rights. WHY .. Y can change Y bank, telephone number, address, but not Y’re DNA identity.

  7. avatar
    Sarah EsEs

    Of course no! Give all our data information to cia fbi and All those. You know you you already did!

  8. avatar
    Wolfgang Mizelli

    something’s wrong, if we need to discuss that. my data, my responsibility, my control. everything else is theft!

  9. avatar

    Asking that question just shows how little the author understands the digital world. I wonder if this page gathers data on its users ?

    • avatar

      Most definitelly :-)
      I already made a remark like that.

  10. avatar

    There is no data protection! But yes it should be protected

  11. avatar

    First of all, people need to understand not to put things they don’t want others to see on the internet. I’m talking about avoidable things such as nudes or statements they don’t want to known for and not information such as your name or email, which you practically have to on many sites.

    Secondly, yes. Data that has been uploaded or collected via a media that claims can be trusted and secure should be protected by law.

Your email will not be published

Leave a Reply

Your email address will not be published.

Notify me of new comments. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More debate series – Towards a European Public Sphere View all

By continuing to use this website, you consent to the use of cookies on your device as described in our Privacy Policy unless you have disabled them. You can change your cookie settings at any time but parts of our site will not function correctly without them.