Giving informed consent requires having full knowledge of the possible consequences. Who could have guessed that taking a Facebook quiz in 2012 could impact the 2016 US elections? Knowing what you know now, would you still take that quiz? Let’s be real, data markets are not going away. Advertisers are still going to want to give you the ads your most likely to convert on. Researchers are still going to want to get insights from your behaviour.
The good news is that digital cats that own digital hats hold the blueprint for a new business model.
First let me explain why it’s a bad idea for you to sell me your data.
Once you consent to selling your data, an exchange takes place. I give you some money and you give me the 1’s and 0’s that make up your data. Once I have that data you no longer have any control over how that data gets used. You don’t own the 1’s and 0’s on my computer, I do.
I can do whatever I like with the 1’s and 0’s that represent you.
I don’t need your permission or consent for what I do with the 1’s and 0’s that I bought from you. You now have no recourse or enforceable rights for what I do with them.
Many identity startups struggle to find a business model. The default is to sell user data and cut you the user in on the action. There are better business models.
To keep control over your data requires that you don’t give away the 1's and 0's.
There are large amounts of value locked up in rich datasets. To unlock that value requires algorithms doing work on the data.
Instead of selling data, the better alternative is to lease access. This changes where the computation takes place and returns control to the data owner. This means that I would pay you each time I want to ask a question of your data. I get the answer to my questions without needing to see your data. A simple example is I want to know if you are over 21 before displaying alcohol related content to you. Instead of collecting your date of birth and calculating your age I can ask the question
“are you over 21?”
This satisfies my business logic without needing to know your date of birth.
The request for answers needs to be proportionate to the benefits offered. For example, if I ask Yelp for recommendations on the best ice cream near me and Yelp comes back asking for:
That is a disproportionate ask. Now if you’re thinking
“you’re not the boss of me, I can do whatever I see fit with my data”
You wouldn’t be alone, discovering why there is always a line outside of Bi-Rite in SF, even in winter is important. I would agree IF your able to give informed consent. But Yelp could give me a good result only knowing that I’m in Delores Park. If Yelp could give me better recommendations with my health records it should be done on my device. Ideally, they only need to know that I am in SF and return my app the top 1,000 ice-cream places to be filtered on my device.
How can I give informed consent to use my data when I don’t know the consequences of how it will get used? Yelp could sell my health records to a data broker in a data marketplace. That data broker could sell my data to an insurer interested in people with chronic illness. The end result could be my grandchildren get precluded from health insurance. I know Bi-Rite’s ice-cream is good, but is it give up your grandchildren’s future rights good?
The long-term consequences of how personal data is being used is unknown.
Remember CryptoKitties? Those cute cats that clogged up the Ethereum network at the end of 2017 became a platform. What’s unusual is that they didn’t plan to be a platform. The KittyHats team decided that the cats needed more swag in the form of digital hats. All the data is on the blockchain and all the assets are in a CDN so KittyHats didn’t need permission.
Why this is a big deal:
When you buy a hat for your cat, the cat owns the hat, so if you sell the cat it comes with the hat.
Put a different way, digital objects on the blockchain can own other digital objects. This is a new way of thinking about data ownership and user’s rights. This can be a way to include the data owner in the value chain. Let’s look at an example:
NOTE : My bank data is NOT on the blockchain, personal data should never be on a blockchain.
The key thing here is that Amazon didn’t need to see my data to be able to apply the insights that where derived from it.
Why can’t we just do this with a centralised solution, why do you need a blockchain? Having a hash of the data in the digital object that exists on-chain means
In a centralised world, you would buy a digital cat, and then buy a digital hat. Then you could add the hat to the cat, but you still own the cat and the hat. Maybe the centralised world has a rule that the cat then owns the hat. The kicker with a centralised world is that the owners can change the rules later if you really need that hat back.
In a decentralised world once the cat owns the hat there is no going back.
We have laws to ensure that sex is consensual and safe. We need to design the future to protect the rights of the most vulnerable and include them in the value chain. Data Markets that sell your data are not the way to do this.
Want to know more about storing hashed data on the blockchain?
Why hashed Personally identifiable information (PII) on the blockchain can be safe
How about what verifiable trust looks like?
Meeco is verifiable trust - Whitepaper