A data economy for people and prosperity: What needs to be done to bring our digital governance to the next level

This article was first published in the Global Solutions Journal,
along with contributions from e.g. Martin Schulz, Sigmar Gabriel, and Christine Lambrecht.

In the forward-looking novel Ministry for the Future, in which the bestselling author Kim Stanley Robinson paints his vision of the world in 2050, he hypothesizes that our internet will evolve as follows:

“Then people began to share the news that you could transfer everything going on in the rest of your internet life into a single account on YourLock, which was organized as a co-op owned by its users, after which you had secured your data in a quantum-encrypted cage and could use it as a negotiable asset in the global data economy.”

This might seem utopian, but some people are already working on making this vision reality. But how are they doing this, and what can be done to accelerate the process?

This article will provide policy guidance on how to advance our data economy – in other words, how the collection, processing, and exchange of data-driven business can better contribute to prosperity while also serving people and planet. Finally, we will learn why we need an international alliance to create a technological standard and governance mechanism for a decentralized data economy.

Today, our data economy is centralized. Why do we need to change this?

Every day, new data generated by users around the world moves into the direction of existing data, as if subject to the law of gravity. However, the majority of this data wealth – the data of billions – is held by only a few companies, most of which operate their data centers in either the US or China: Google, Amazon, Facebook, Apple, Microsoft, and the Chinese giants Tencent and Alibaba. This American oligopoly and the Chinese duopoly dominate the virtual sphere and undermine market mechanisms, having adverse effects on competition, innovation, taxation, prosperity, and data privacy.

How did this concentration of power come to be? Tech companies have made it their goal to accumulate as many users and as much personal data as possible for two reasons. First, social networks profit from the so-called network effect. This means that a service, such as WhatsApp, becomes exponentially more attractive the more friends, family members, or colleagues are using it. Once a platform has attracted a critical mass of users, it is very difficult for other services to compete, even if they offer better features. Second, platforms with a high number of users can collect and analyze more user data, which allows them to improve their services at a much faster pace.

These two factors make the gravitational effect of data self-reinforcing. They create growing black holes that attract ever increasing amounts of data, often leaving users in the dark about where their data goes and for what purposes it is used. Instead of data being centralized in the sever farms of a few monopolizing companies, data should remain decentralized and under user control. For example, one should be able to decide whether their ‘home’ address used for navigation is shared with Google Maps, or simply stored on one’s phone. This article’s last two sections will further expand on why and how a decentralized data economy needs to be put into practice.

If data would be more equally distributed and less centralized, i.e. not shared between only 10 companies but maybe 1,000, this would enhance the collective decision-making, innovation, and prosperity. It is imperative that users can make informed decisions about what personal data they want to share with whom and when, and that they receive a fair share of the financial profits resulting from their data being processed.

Data centralization is increasingly challenged. How are policymakers fighting the ‘gravity’?

Over the last years, governments and civil society organizations have increasingly tried to counteract data centralization, but it’s nonetheless been a struggle to shape tech giants’ conduct.

Let’s look at some examples regarding Facebook in particular. When the UK parliamentary committee investigated the impact of disinformation on the UK democracy, especially in the context of the Cambridge Analytica affair, Mark Zuckerberg repeatedly refused to speak to the situation [1]. When Australia introduced novel legislation requesting social networks to pay for news content shared on their platforms, Facebook blocked all news content of Australian outlets from its platform, and Google threatened to cut its search engine in the country [2]. At the time of writing, the US Federal Trade Commission (FTC) sues Facebook, pressing the company to sell WhatsApp and Instagram on account of illegal monopolization [3] – but the result is yet to be determined.

The German Chancellery published a data strategy in fall 2020 that has been very well-received and could help change the status quo. It shifts the government’s focus away from a paradigm of exploiting consumer data for business purposes and instead aims to establish a legal framework that enables increased privacy for personal data and more transparency for public data (for the latter, see also the EU’s Open Data Directive and Data Governance Act) [4].

Following this, Angela Merkel together with the prime ministers of Finland, Denmark, and Estonia, made a collective bid in March of this year to strengthen Europe’s digital sovereignty. In their letter to the president of the European Commission, they called for “a new global initiative on platform regulation,” and, “to strengthen cooperation across the digital sphere,” concluding that, “now is the time for Europe to be digitally sovereign” [5].

The GDPR was a great success. Which critical decisions are next?

This letter is one of the more recent indicators of how the EU has become a leader in governing data privacy, seeking to balance the interests of businesses, states, and citizens well – as shown by one piece of legislation in particular: the GDPR. While critically eyed by some when it launched in 2018, the General Data Protection Regulation (GDPR) has since become the most widely acknowledged success for data privacy, as well as being the first policy that had a substantial effect on tech giants’ operations.

In simple words, the GDPR limits the way companies can make use of your personal data, such as your birthday. Following its introduction, the European Court of Justice ruled last summer that US regulations, in comparison, do not provide sufficient protection for personal user data and that US firms such as Facebook can no longer transfer data of EU citizens to US data centers [6]. The lax data privacy regulations in the US are also increasingly addressed from within the US. For example, a local civil society organization collected 900,000 signatures and thus initiated a successful state-wide vote on the California Privacy Rights Act (CPRA), mainly to align Californian data privacy rights closer with the higher GDPR standard [7]. At least 15 additional US states are about to follow the Californian example by passing similar legislation [8].

While this legislative push for data privacy was a very good start, much more such efforts are needed to transform our data economy into one that is more equitable. The EU seeks to expand its leadership in this area through its forthcoming ePrivacy Regulation (ePR). It will add more detail to the GDPR, for example by extending its mandates into messenger services such as WhatsApp.

The ePR was first drafted in 2017 but had since been at a standstill. This February, a counterdraft was published, which attracted substantial criticism in regards to numerous issues. To not dilute existing digital rights and to make the ePR a success, these proposals of the latest draft need to be reversed: a data retention policy must not be introduced, users need to keep their right to revoke any permission for data sharing, processing of personal data must not be possible without user permission, and invasive tracking that could be enforced through so-called “cookie walls” should not be allowed. These critical points have been prominently made by the German Federal Commissioner for Data Protection and Freedom of Information [9]. Another element included in an earlier draft and missing now, is the requirement for web services to make data privacy settings the preselected standard (“privacy by default”) [10]. This is important as many service providers are nudging users into sharing extensive personal data through intricate menus.

Beyond the ePR, the EU is working on another two legislative initiatives that go even farther: the Digital Services Act that aims to introduce transparency and liability for content, especially in social networks, as well as the Digital Markets Act that will seek to curb market dominance of powerful players and re-establish a level-playing field. Expediency in finalizing these policies could play a big role in solving some of the challenges of the current data economy, setting another strong example in the European context. Testament to the potential effectivity of the proposed measures is the growing US tech companies’ budget for lobby activities in Brussels – which has tripled in the past six years [11].

A decentralized data economy for prosperity. How does this new paradigm work?

Keeping in mind the practical policy work underway, there is also a growing number of organizations working toward an even more equitable and prosperous data economy – one that is organized decentrally.

If our data is no longer drawn into the black holes of the big players’ server farms, but is processed on the end users’ devices, this will open new avenues for taxation and law enforcement, bring back collective and individual data sovereignty, and substantially increase our resource-efficiency.

To better grasp how this all fits together, it is helpful to understand that a truly decentralized data economy would entail that algorithms will come to where the user data is, onto the end-users’ devices, rather than the user data being moved to the enormous data centers where the algorithms operate.This means that the personal data physically remains in the hands of the user, and thus under her or his control. This is then also where the algorithms of the service provider operate, making them subject to the regulation and taxation of the country in which the user resides.

In addition, data leaks exposing millions of users at a time will become a thing of the past, as personal data of many individuals is no longer stored together. And, by shifting the computation power from server farms to the end-users’ devices, energy consumption of our digital infrastructure will drastically change and reduce.

Another advantageous side-effect will be a partial but increased transparency of algorithms, bettering society’s understanding of their workings and creating space for public discourse that could influence the decision-making of powerful service providers.

An initiative called Data Sovereignty Now proposes a three-step approach towards the decentralized of our data economy. It suggests to first “make data sovereignty a legal prerequisite for every data initiative in Europe,” second, to “implement a ‘soft infrastructure’ of functional, legal, technical and operational agreements which will support decentralized data sharing,” and third, to “focus on the adoption of Data Sovereignty principles by organizations and end users” [12].

One group following a decentralized approach is a team of entrepreneurs that developed an innovative search engine. At first glance, this search engine, Xayn, seems to work just like Google – but it doesn’t. Your search results are not personalized based on a behavioral profile of you, like the one Google has successively built in its data center. Instead, the personalization happens on your device. An algorithm on your smartphone learns what is relevant for you as you swipe away results that do not fit your expectations. No private data is leaving the device. The founders emphasize that this requires less than a permille of the energy otherwise needed to process the search requests in large data centers [13].

Another pioneer in the growing field of a decentralized data economy is polypoly [14]. This user-owned cooperative developed the polyPod, in which individuals can record and own their personal data – on their personal smartphone, tablet, or IoT-device. The polyPod allows third parties to offer features and mini-apps to run decentrally on the users’ devices. Such mini-apps can be downloaded from its internal app store.

The users can then pick and choose what personal data they want to share with each of the online services they use. When installing a mini-app, for example a movie recommendation app, users can decide whether this mini-app can use the “Netflix data,” the “Amazon data” or maybe even the data on “cinema tickets.” Those services can then only process the selected data when it runs its algorithms on a user’s device. This way, again, no personal data needs to leave the device. This is particularly relevant for users when it concerns health or financial data. Besides, this decentralization of calculations also benefits the service provider, as it minimizes its server costs and legal risks.

A broad alliance for a new standard. What can we learn from the last success story?

Entrepreneurs and civil society actors who innovate for a more prosperous digital future, need to be consulted more and funded more generously. Building on that, to create the decentralized data economy we need, we must have a broad alliance of policymakers and businesses that agree on a uniform and secure technological standard and a common governance mechanism. This should be a key objective of Europe’s Digital Decade, which starts this year.

The EU can draw inspiration for this from a previous success story. In the 1970s and 1980s digital cellular networks were fragmented and did not allow for ^seamless interoperability. Therefore, European states created a taskforce to develop a coherent pan-European standard for mobile telephony. This taskforce did not only include policymakers but also service providers and technology manufacturers. It, too, was open for non-European states. This inclusive process created a dynamic culminating in the introduction of the GSM standard for mobile communication in 1992, fostering further innovation and competition. Today, it is operated in virtually every country on the planet with a market share of around 90 percent [15].

If we do it right, we might be able to repeat this success. The story might then progress just as Kim Stanley Robinson anticipates in his book Ministry for the Future:

“People began to make the shift, and one day that tipping point arrived where a non-linear shear occurred, like an earthquake, and suddenly everyone had a YourLock account and would henceforth be conducting their internet life by way of it.”

Let us make the changes necessary to create a decentralized data economy – and let us be curious whether we will soon all download and use a YourLock equivalent. It would be for the greater benefit of the people, our planet, and prosperity.

[1] https://www.theguardian.com/technology/2018/mar/27/facebook-mark-zuckerberg-declines-to-appear-before-uk-fake-news-inquiry-mps
[2] https://edition.cnn.com/2021/02/17/media/facebook-australia-news-ban/index.html;        
[3] https://telecom.economictimes.indiatimes.com/news/facebook-asks-court-to-dismiss-us-government-states-antitrust-cases/81446786
[4] https://www.bundesregierung.de/breg-de/themen/digitalisierung/datenstrategie-beschlossen-1842786
[5] https://valitsus.ee/en/news/heads-government-germany-denmark-estonia-and-finland-europes-digital-sovereignty-gives-us
[6] https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091de.pdf
[7] https://www.cpomagazine.com/data-protection/proposed-california-privacy-rights-act-would-amend-and-strengthen-existing-state-privacy-laws-bringing-them-more-in-line-with-gdpr-terms/
[8] https://www.jdsupra.com/legalnews/virginia-s-new-law-continues-america-s-6501282/
[9] https://www.bfdi.bund.de/DE/Infothek/Pressemitteilungen/2021/03_Ratsposition-ePrivacy-VO.html
[10] https://netzpolitik.org/2021/eprivacy-verordnung-eu-staaten-verwaessern-digitales-briefgeheimnis/
[11] https://www.nytimes.com/2020/12/14/technology/big-tech-lobbying-europe.html
[12] https://datasovereigntynow.org/
[13] https://www.xayn.com/
[14] https://polypoly.coop/en-de/
[15] https://ieeexplore.ieee.org/abstract/document/6664470