Please click HERE to download the full dissertation

“I recently graduated from Durham with a degree in Law, and hope to pursue a career as a solicitor, working specifically as a data protection specialist. I am extremely passionate about data science and artificial intelligence, as well as their intersection with ethics because I believe that technology has the ability to greatly elevate the standard of living, as well as implement innovative strategies for combatting climate change and delivering healthcare. In this way, although everyone benefits in varying degrees from the constant evolution of technology, it is clear that there are significant social and ethical ramifications involved with this progress. I believe that technologies that process personal data in order to provide services and products have resulted in a widespread erosion of the fundamental human right to privacy, which is one of the greatest problems faced by humanity today. Therefore, in order to begin exploring alternative solutions to this issue, I wrote my undergraduate dissertation on the data protection problem, focusing mainly on the propertization of personal data as an antidote to the lack of privacy that is currently commonplace in our society.”

Introduction

In this digital age, it is impossible not to leave a record of nearly every one of our actions, whether it is taken online or offline. Such information is processed by corporations and institutions in order to achieve economic ends, alleviate security concerns, and simply for matters of human convenience. In this manner, “from reliance on the Internet, to access to medical care, to ordinary credit transactions, our lives are documented in detailed and revealing ways, and the resulting troves of personal data are used for purposes not of our making”. Importantly, more often than not, the individual to whom the data belongs will not have consented to such use, so this widespread practice constitutes an invasion of his or her right to privacy.

In 1890, the seminal article by Harvard scholars Warren and Brandeis discussed for the first time the legal basis of a right to privacy in the United States, with the two arguing that such a right was necessary, as “the intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world…”. Meanwhile, within the European context, the right to respect for one’s private life was designated a human right by Article 8 of the 1953 European Convention on Human Rights, thereby solidifying privacy’s status as a right rooted in an individual’s very nature. Privacy is a fundamental right, but it is a value that is becoming increasingly harder to uphold as personal data becomes a valuable commodity to institutions.

However, there is also an element of complicity on the individual’s part in this loss of privacy, due to an unwillingness to give up modern technologies, as well as an ignorance that fails to elucidate the very real threat posed to one’s fundamental rights. Even when individuals are aware that their personal data is being processed, they tend to be apathetic to the consequences, preferring to retain the convenience such technology brings to their lives. This is known as the ‘privacy paradox’, where individuals claim to be concerned about privacy, but go on to behave in ways that contradict that claim.

As such, there exists a clear tension between the “demands for privacy [which] collide with pervasive demands for efficiency and control over human affairs” that our society simply furthers through the privacy paradox. Therefore, lawmakers must take into consideration and delicately balance this tension while formulating modern data protection regulations. It is clear that stronger and perhaps more innovative measures need to be taken to regulate the ways in which personal data can be processed.

In order to regulate these tensions and maintain such conditions, some have turned to the concept of propertization of personal data in order to allow individuals greater control over their own information. This gives individuals property rights in their own personal data, meaning that they could uphold such rights against people using their information without their consent, resulting in harsher consequences for data breaches than those afforded by current laws. Furthermore, according to one scholar specialising in the subject, “the propertization of personal data would acknowledge the existing phenomenon of commodification of, or a high market value attributed to, personal data”. The idea of a property right in personal data is one that has been discussed extensively in American legal literature, but which has rarely been considered within Europe.

However, the efficacy of European data protection legislation might be improved by a property rights regime because the commodification of personal information is widespread in Europe. This state of affairs indicates the need to evaluate possible solutions not previously considered because of the serious threat posed to privacy. This is especially relevant as today, personal data is considered to be an important economic asset, because many modern business models focus on extracting value from the data.

As such, this paper will consider whether the propertization of personal data is an adequate solution for balancing the tensions inherent in today’s privacy discourse, specifically within the European legal framework. This will be done by examining in greater depth the process of the commodification and subsequent creation of an economic value in personal data, before juxtaposing this development with the fundamental right to privacy. The first chapter will begin by considering the philosophical basis of the right to privacy and how this has evolved in relation to technological developments. It will then examine the supplementary right to data protection before considering how and why data is used today by institutions.

The second chapter will explore European legislative measures to regulate the data protection problem through statutes such as the EU Charter of Fundamental Rights, the EU Data Protection Directive, and, most importantly, the current General Data Protection Regulation (GDPR). Importantly, the scope of this paper is limited to considering whether propertization is a valuable solution in the general European context, without focusing on any particular country or its specific legislative features and aims. The chapter will evaluate how effective the GDPR has been in addressing privacy and data protection concerns, before exploring the emergence of the phenomenon known as the privacy paradox. This will be done by looking at various studies that aim to explore how effective GDPR regulations and data protection measures generally have been at improving privacy at the individual level.

Next, chapter three will set out the what property rights in personal data would entail by considering several theories of property in order to ascertain what exactly warrants such a definition. The rights associated with property will also be reviewed, before exploring both the benefits and the detriments of propertization as a solution generally. Lastly, this paper will apply propertization to the European context and go over the details of implementation, before concluding that property rights in personal data as a method of regulating the data protection problem prove to be a valuable solution when implemented in conjunction with legislative measures.