One bad privacy idea that won’t die is the so-called “data dividend,” which imagines a world where companies have to pay you in order to use your data. Sound too good to be true? It is.
This statement was originally published on eff.org on 26 October 2020.
One bad privacy idea that won’t die is the so-called “data dividend,” which imagines a world where companies have to pay you in order to use your data.
Sound too good to be true? It is.
Let’s be clear: getting paid for your data – probably no more than a handful of dollars at most – isn’t going to fix what’s wrong with privacy today. Yes, a data dividend may sound at first blush like a way to get some extra money and stick it to tech companies. But that line of thinking is misguided, and falls apart quickly when applied to the reality of privacy today. In truth, the data dividend scheme hurts consumers, benefits companies, and frames privacy as a commodity rather than a right.
EFF strongly opposes data dividends and policies that lay the groundwork for people to think of the monetary value of their data rather than view it as a fundamental right. You wouldn’t place a price tag on your freedom to speak. We shouldn’t place one on our privacy, either.
Think You’re Sticking It to Big Tech? Think Again
Supporters of data dividends correctly recognize one thing: when it comes to privacy in the United States, the companies that collect information currently hold far more power than the individual consumers continually tapped for that information.
But data dividends do not meaningfully correct that imbalance. Here are three questions to help consider the likely outcomes of a data dividend policy:
- Who will determine how much you get paid to trade away your privacy?
- What makes your data valuable to companies?
- What does the average person gain from a data dividend, and what do they lose?
Data dividend plans are thin on details in regarding who will set the value of data. Logically, however, companies have the most information about the value they can extract from our data. They also have a vested interest in using the lowest possible bar to set that value. Legislation in Oregon to value health data would have allowed companies to set that value, leaving little chance that consumers would get anywhere near a fair shake. Even if a third-party, such as a government panel, were tasked with setting a value, the companies would still be the primary sources of information about how they plan to monetize data.
Privacy should not be a luxury. It should not be a bargaining chip. It should never have a price tag.
Which brings us to a second question: why and in what ways do companies value data? Data is the lifeblood of many industries. Some of that data is organized by consumer and then used to deliver targeted ads. But it’s also highly valuable to companies in the aggregate – not necessarily on an individual basis. That’s one reason why data collection can often be so voracious. A principal point of collecting data is to identify trends – to sell ads, to predict behavior, etc. – and it’s hard to do that without getting a lot of information. Thus, any valuation that focuses solely on individualized data, to the exclusion of aggregate data, will be woefully inadequate. This is another reason why individuals aren’t well-positioned to advocate for good prices for themselves.
Even for companies that make a lot of money, the average revenue per user may be quite small. For example, Facebook earned some $69 billion in revenue in 2019. For the year, it averaged about $7 revenue per user, globally, per quarter. Let’s say that again: Facebook is a massive, global company with billions of users, but each user only offers Facebook a modest amount in revenue. Profit per user will be much smaller, so there is no possibility that legislation will require companies to make payouts on a revenue-per-customer basis. As a result, the likely outcome of a data dividend law (even as applied to an extremely profitable company like Facebook) would be that each user receives, in exchange for their personal information over the course of an entire year, a very small piece of the pie – perhaps just a few dollars.
Those small checks in exchange for intimate details about you are not a fairer trade than we have now. The companies would still have nearly unlimited power to do what they want with your data. That would be a bargain for the companies, who could then wipe their hands of concerns about privacy. But it would leave users in the lurch.
All that adds up to a stark conclusion: if where we’ve been is any indication of where we’re going, there won’t be much benefit from a data dividend. What we really need is stronger privacy laws to protect how businesses process our data—which we can, and should do, as a separate and more protective measure.
Whatever the Payout, The Cost Is Too High
And what do we lose by agreeing to a data dividend? We stand to lose a lot. Data dividends will likely be most attractive to those for whom even a small bit of extra money would do a lot. Those vulnerable people – low-income Americans and often communities of color – should not be incentivized to pour more data into a system that already exploits them and uses data to discriminate against them. Privacy is a human right, not a commodity. A system of data dividends would contribute to a society of privacy “haves” and “have-nots.”
Also, as we’ve said before, a specific piece of information can be priceless to a particular person and yet command a very low market price. Public information feeds a lot of the data ecosystem. But even non-public data, such as your location data, may cost a company less than a penny to buy – and cost you your physical safety if it falls into the wrong hands. Likewise, companies currently sell lists of 1,000 people with conditions such as anorexia, depression, and erectile dysfunction for $79 per list – or eight cents per listed person. Such information in the wrong hands could cause great harm.
There is no simple way to set a value for data. If someone asked how much they should pay you to identify where you went to high school, you’d probably give that up for free. But if a mortgage company uses that same data to infer that you’re in a population that is less likely to repay a mortgage – as a Berkeley study found was true for Black and Latinx applicants—it could cost you the chance to buy a home.
Pay-For-Privacy
Those who follow our work know that EFF also opposes “pay-for-privacy” schemes, referring to offers from a company to give you a discount on a good or service in exchange for letting them collect your information.
In a recent example of this, AT&T said it will introduce mobile plans that knock between $5 and $10 off people’s phone bills if they agree to watch more targeted ads on their phone. “I believe there’s a segment of our customer base where, given a choice, they would take some load of advertising for a $5 or $10 reduction in their mobile bill,” AT&T Chief Executive Officer John Stankey said to Reuters in September.
Again, there are people for whom $5 or $10 per month would go a long way to make ends meet. That also means, functionally, that similar plans would prey on those who can’t afford to protect themselves. We should be enacting privacy policies that protect everyone, not exploitative schemes that treat lower-income people as second-class citizens.
Pay-for-privacy and data dividends are two sides of the same coin. Some data dividend proponents, such as former presidential candidate Andrew Yang, draw a direct line between the two. Once you recognize that data have some set monetary value, as schemes such as AT&T’s do, it paves the way for data dividends. EFF opposes both of these ideas, as both would lead to an exchange of data that would endanger people and commodify privacy.
It Doesn’t Have to Be Like This
Advocacy of a data dividend – or pay-for-privacy – as the solution to our privacy woes admits defeat. It yields to the incorrect notion that privacy is dead, and is worth no more than a coin flipped your way by someone who holds all the cards.
It undermines privacy to encourage people to accept the scraps of an exploitative system. This further lines the pockets of those who already exploit our data, and exacerbates unfair treatment of people who can’t afford to pay for their basic rights.
There is no reason to concede defeat to these schemes. Privacy is not dead – theoretically or practically, despite what people who profit from abusing your privacy want you to think. As Dipayan Ghosh has said, privacy nihilists ignore a key part of the data economy, “[your] behavioral data are temporally sensitive.” Much of your information has an expiration date, and companies that rely on it will always want to come back to the well for more of it. As the source, consumers should have more of the control.
That’s why we need to change the system and redress the imbalance. Consumers should have real control over their information, and ways to stand up and advocate for themselves. EFF’s top priorities for privacy laws include granting every person the right to sue companies for violating their privacy, and prohibiting discrimination against those who exercise their rights.
It’s also why we advocate strongly for laws that make privacy the default requiring companies to get your opt-in consent before using your information, and to minimize how they process your data to what they need to serve your needs. That places meaningful power with the consumer – and gives you the choice to say “no.” Allowing a company to pay you for your data may sound appealing in theory. In practice, unlike in meaningful privacy regimes, it would strip you of choice, hand all your data to the companies, and give you pennies in return.
Data dividends run down the wrong path to exercising control, and would dig us deeper into a system that reduces our privacy to just another cost of doing business. Privacy should not be a luxury. It should not be a bargaining chip. It should never have a price tag.