The contemporary debate about data, including discussions of the legal status of data, are hard to understand without defining the broader context. One element of this context is the demands of the movement referred to collectively as “MyData.”
“A European strategy for data,” published by the European Commission in February 2020, alludes to the MyData movement in the context of the challenge presented by inadequate technological support for data subjects in managing their own personal data. On one hand the Commission perceives the potential inherent in personal data, in particular the potential for the data subjects themselves. Appropriately managed personal data can improve the quality of services received by data subjects (e.g. in the area of healthcare) and increase their control over their data. On the other hand, the Commission found that there is a lack of appropriate tools for managing data, and thus the inherent potential of the data is not being exploited to the fullest.
This is where the MyData movement comes in. “MyData” is in fact the name of a specific initiative, but it well reflects the spirit of a much broader movement which has been around for several years. This movement seeks to develop tech solutions unleashing a qualitatively new approach to management of personal data. Thanks to such solutions, data subjects could decide who can use their data, when and under what rules. Some of these solutions also offer opportunities for data subjects to enjoy a stream of passive income from their data.
The broader MyData movement now includes a huge number of initiatives, and in a brief article we can touch on only a small number of them. But a few examples suffice to convey what a broad and intriguing phenomenon this is.
We can start with the organisation whose name has been used to identify the entire movement. MyData is an NGO currently bringing together over a hundred institutions from all over the world working on an alternative vision for managing personal data. This vision includes real control by data subjects over the data concerning them. There are regulations in place providing certain protection of personal data, but enforcement can be ineffective. The MyData movement calls for the creation of technologies enabling fluid transfer of data, immediate realisation of the right to be forgotten, and so on. This would place data in the actual control of individuals, not internet corporations. It would also allow benefits to be extracted from data. With fluid transfer, data would no longer be locked in corporate siloes but could easily be moved to where there is a current need. Implementation of the principles called for by MyData would result, for example, in the rule that data generated by automobiles belong to the data subjects (the users) and are managed by them.
The MyData movement foresees the creation of an entire data management infrastructure. It would also be necessary to establish appropriate standards and trusted entities storing the data which could be managed by data subjects directly or indirectly (by duly authorised agents).
Another interesting example is Wildland, an initiative of the cofounders of one of the best-known Polish blockchain projects, Golem. This project calls for creation of a new data management protocol based on the concept of data containers and access paths. In the developers’ concept, this is a response to the excessively centralised and closed model of digital services which practically deprives users of sovereignty in managing their own data. The dominant model is manifest for example in a lack of real access to alternative models for digital services. The Wildland concept calls for addressing these phenomena by creating a system giving data subjects control over the infrastructure in which their data are stored and processed. Each data container may be filled with a specific package of data and can have defined parameters for access to the data.
Another interesting dimension of the MyData movement is the idea of creating new institutions playing a key role in new models for administration of data. An example is the vision of “data partners” presented in a recent report by the Warsaw-based Centrum Cyfrowe. Under this vision, the debate over the data management model should not be limited to a bipolar division into a privacy perspective (assuming a focus on ensuring protection of data privacy) and a commercial perspective (assuming a focus on creating a model for commercialisation of data). This logic is dispelled by adding a public perspective. Increasing the exploitation of data for public purposes is in the interest of both citizens and the economy. The authors of the report propose to achieve this effect by introducing intermediary institutions into the system which would aggregate personal and non-personal data and manage access to them, under commercial or non-commercial rules depending on the recipient. This vision calls for a compromise between privacy protection, the economic dimension, and the public interest.
As indicated, these are just a small sample of the area covered by the MyData movement. The ideas presented offer great intellectual interest, but we as lawyers are also interested in whether the MyData movement carries the potential to change legal paradigms. And that is undoubtedly the case, as is already demonstrated by the examples mentioned above. Technology can be the primary agent of change. But the potential creation and spread of new data management protocols may give rise to a need to create new legal frameworks for data, just as the technological revolution in the form of blockchain protocols has given rise to a need to develop legal frameworks for crypto assets. In the case of data, projects based on tokenisation of data or creation of data containers may in time lead to the development of legal frameworks for these digital creatures. Discussions on data management models can also contribute directly to changes in the legal system. If the models ultimately head in the direction called for by the authors of the Centrum Cyfrowe report and others, it will undoubtedly be necessary to develop legal frameworks for the operation of various types of data trusts or data partners.