How much is your personal data worth? According to one recent survey, consumers assume their data must be worth thousands of dollars. However, the price for personal data on the open market is significantly less. Knowing that a woman is expecting a baby is apparently worth about $0.11, for example, while health insurance companies will pay roughly $0.26 to know that an individual has a specific health condition or is taking certain medication.
Even on the black market for illegal personal data, including stolen financial information, data is not valued as highly as you might think. A report by Intel Security Group’s McAfee Labs suggests that the average price for stolen credit or debit card information is about $20-35. While bank login details for an account with a balance of $2,200 go for less than $200.
Clearly, people think their data is worth much more than the market is willing to pay. But is part of the problem that the market can’t really function properly while there is so little transparency about who has our data and what they are doing with it? Would clearer international rules and better tools, guaranteeing greater transparency and control for individuals, help improve things?
In Europe, data protection is a fundamental right enshrined in the EU Charter of Fundamental Rights. But the internet is global, and data flows across borders instantaneously. So, should data protection be considered a fundamental human right internationally? Would that help give individuals more control over who does what with their information?
Curious to know more about data protection rules in Europe? We’ve put together some facts and figures in the infographic below (click for a bigger version).
We had a comment sent in from Nikolai, who wonders what exactly “rights” mean in practice when the internet is global. Do we have a legal right to data protection only in countries that have signed up to conventions on data protection, for example?
To get a response, we spoke to Jörg Polakiewicz, Director of the Directorate for Legal Advice and Public International Law (DLAPIL) at the Council of Europe. How would he respond to Nikolai?
Well, in the Council of Europe, we have the European Convention of Human Rights, which guarantees the right to a private life and privacy as a human right. Of course, this convention applies only to European countries that are party to it, which is all European states. But in addition to the ECHR, we have also have ‘Convention 108’, the Data Protection Convention. And, in fact, it’s not an exclusively European instrument.
Already, when it was drafted, the US, Canada, Japan, and Australia participated. And precisely at this very moment the convention is also going global. We just had a conference here in Strasbourg with participation from African and Latin American countries. Uruguay has joined, and during the conference Mauritius – the first African country – just joined the convention.
There’s now real momentum, precisely because you cannot have a purely European instrument for something like the internet, which is global. And it is our firm belief that this convention can become a global standard. Probably not for all the 200 or so countries in the world, but for those countries that have appropriate data protection standards in their law and practice. And this is why we are promoting this convention worldwide.
We also had a question sent in from Paul, who pointed out that privacy and data protection are quite nebulous goals. He believes that the difficulty in perceiving the value of data protection creates an imbalance against more ‘solid’ economic logic. Is he right?
To get a reaction, we spoke to Marc Langheinrich, Professor for Computer Science at the Università della Svizzera italiana (USI) in Lugano, Switzerland. What would he say?
I think this is an excellent question, and this is the whole problem with data protection and privacy today. It is basically balancing the obvious, immediate economic gains from having a free service, i.e. getting a great experience from using Gmail or any other of these free services, versus some nebulous privacy problem that might or might not exist in the future. So that issue totally resonates with me. And I think we will need to develop better tools to solve that problem, and that’s basically what computer scientists like myself have to work on; making better tools that give people better feedback on what their current online status is. ‘How much is already known about me in a particular circle of recipients?’, ‘What do they do with my data?’, and so on.
Even if people don’t necessarily exercise that right very often, I think it’s imperative that a) We have the right, and b) We have an easy means to look into things if we are inclined. Currently in theory we have the right to ask Facebook what they know about us, but as you might have read, when you try to actually exercise that right it’s quite involved and you have to do a lot of paperwork and so on. If there was a simple button press that helped you visualise the impact of what it really means I think that would be really helpful, and I think it’s something we have to work on.
Finally, for another perspective, we spoke to Paul MacDonnell, the former Head of European Policy at the Center for Data Innovation. How would he react?
I think the issue is that there is potential use in the economy for personal data that could yield enormous economic benefits. So, for example, insurance companies could take personal data from individuals and identify risk down to a very fine level. And if you can identify risk down to a very fine level, it means you can price it. The reason why much of the world’s population are unable to get insurance or loans or any kind of financial services isn’t because they are deemed to be too risky. It’s actually because the risks aren’t known, because of the nature of the societies they live in, the nature of the sort of lives they lead…
So, you have a scenario where potential economic development that could happen, through having better information about people, could be threatened by an environment that privileges privacy above everything else. Whereas what you actually need is for people to have a better understanding of the value of their own data. And, I agree, more control over their own data, which includes more freedom to offer their data to people within the terms of contracts…
Should data protection be a global human right? Would it help to raise awareness among people about the value of their data? Let us know your thoughts and comments in the form below, and we’ll take them to policymakers and experts for their reactions!