It’s no secret data privacy is the topic du jour in regulatory and press circles. Heightened Big Tech backlash and updated legislation in the European Union, Japan, Brazil, and California in recent years has led to a newfound cultural urgency around how industry manages consumer data. This change reflects not just a recognition of the unprecedented potential for data exploitation, but also a fundamental shift in how we view privacy.

我 T的什么秘密数据隐私监管和新闻界的闲话。 近年来，在欧盟 ， 日本 ， 巴西和加利福尼亚州 ，越来越大的Big Tech抵制和更新的立法导致围绕行业如何管理消费者数据的新的文化紧迫性。 这一变化不仅反映了对数据利用潜力的空前认识，而且反映了我们对隐私的看法的根本转变。

Previously understood as simply the right to be let alone, the definition of privacy is quickly expanding to reflect consumer agency, or “data ownership,” in the data value exchange. The idea is that you, or the data subject, as the genesis of the data should be able to dictate whether and for what purpose your data is used by companies and services.

以前，隐私的定义以前被简单地理解为更不用说拥有权利了 ，它正在Swift扩展以反映数据价值交换中的消费者代理或“数据所有权”。 想法是，您或数据主体作为数据的起源应该能够决定公司和服务是否以及出于何种目的使用您的数据。

This new definition emerges from how policymakers crafted regulations meant to safeguard data privacy, such as Europe’s General Data Protection Regulation (GDPR). Most of the new regulations are first and foremost concerned with data protection. The implicit assumption underlying these relatively new regulations is that the cat is already out of the bag, so to speak, and data exchange between you and another party will occur (if it hasn’t already).

这一新定义来自政策制定者如何制定旨在保护数据隐私的法规，例如欧洲的通用数据保护法规(GDPR)。 大多数新法规都首先涉及数据保护。 这些相对较新的法规所基于的隐含假设是，这只猫已经被掏空了，可以这么说，您和另一方之间的数据交换将发生 (如果尚未发生)。

Once you share your data, provisions governing its downstream use and security are in place for your protection if you live in a regulated jurisdiction. Since you are considered the owner of the data, you can choose to withdraw a company’s right to use it at any time. In this way, data ownership is conceptually better for data privacy than the previous approach, which was much more of a free-for-all and entirely dependent on how companies wanted to present privacy options to their users or not.

共享数据后，如果您居住在受监管的司法管辖区，则有规范其下游使用和安全性的规定可以保护您。 由于您被视为数据的所有者，因此您可以选择随时撤回公司的数据使用权。 通过这种方式，数据所有权在概念上比以前的方法更好地保护数据隐私，而以前的方法则是完全免费的，并且完全取决于公司如何向其用户提供或不向用户提供隐私选项。

However, it’s important to understand that data ownership and privacy are not one and the same. The difference is nuanced — Privacy requires us to, at least conceptually, agree that you as the data subject own your data and the data you generate. Data ownership in itself does not necessitate that privacy be respected by default.

但是，重要的是要了解数据所有权和隐私不是一回事。 两者之间的差异是细微的-隐私要求我们至少在概念上同意您作为数据主体拥有您的数据以及您所生成的数据。 数据所有权本身并不需要默认情况下尊重隐私。

为什么这么重要？ (Why does this matter?)

Data ownership does not yet cover a sufficient set of rights to protect your privacy. In order to respect the right to privacy, a data subject should first have a clear opportunity to refuse data transfer outright prior to any collection, without interruption to access of services. While we could debate whether this approach offers significant clarity to consumers around how data will be used, companies typically allow a user to ‘Accept’ or ‘Reject’ data collection in countries where this is a requirement. Imposing such a requirement either explicitly or implicitly acknowledges you should control your data’s destiny, or ‘own’ it, by default.

数据所有权尚未涵盖足够的权利来保护您的隐私。 为了尊重隐私权，数据主体应首先有明显的机会在任何收集之前彻底拒绝数据传输，而不会中断服务的访问。 尽管我们可能会争论这种方法是否可以使消费者清楚地了解如何使用数据，但公司通常允许用户在有此要求的国家“接受”或“拒绝”数据收集。 明确或隐含地提出这样的要求，即默认情况下您应该控制或“拥有”数据的命运。

However, in order for data ownership to be effective in safeguarding data privacy, some argue it must follow an opt-in regime framework, where data collection does not occur without affirmative consent from the data subject. This presents an initial privacy-gating mechanism that simply requires a binary opt-in/opt-out approach to privacy, wherein users who do not wish to participate in data collection can simply bypass it. Then, ownership decisions such as how data can be used and with whom it can be shared can be presented and take effect after the first permission for collection.

但是，为了使数据所有权在保护数据隐私方面有效，有人认为它必须遵循“ 选择加入”框架 ，在这种框架下 ，未经数据主体的肯定同意就不会进行数据收集。 这提出了一个初始的隐私门控机制，该机制仅需要采用二进制选择加入/退出方法来保护隐私，其中不希望参与数据收集的用户可以简单地绕过它。 然后，可以提出所有权决定，例如如何使用数据以及可以与谁共享数据，并在获得首次收集许可后生效。

Absent this privacy-by-default approach to data ownership, savvy data collectors will continue to be able to opaquely present non-standardized privacy options. This means while the user may have agency over their data, we place the onus on them to understand and react to, perhaps across several hundred companies, when and how their data is being used. In theory, this gives us greater control over our privacy in the digital sphere than ever before, but in practice, it may not be the best path to true data protection.

缺少这种默认的隐私保护方法，精明的数据收集者将继续能够不透明地呈现非标准化的隐私选项。 这意味着，尽管用户可能对他们的数据具有代理权，但我们有责任让他们了解(也许在数百家公司中)何时以及如何使用他们的数据并对之做出React。 从理论上讲，这使我们能够比以往任何时候都更好地控制我们在数字领域的隐私，但是在实践中，这可能不是实现真正数据保护的最佳途径。

隐私是否应该具有交易性？ (Should privacy even be transactional?)

Beyond the practical question of whether ownership should be a secondary consideration to privacy-by-default requirements, there are also concerns that making data ownership a central component of privacy legislation treats data privacy as a transaction. Cameron Kerry and John Morris of the Brookings Institution argue,

除了关于所有权是否应作为默认隐私保护的次要考虑的实际问题之外，还存在使数据所有权成为隐私权立法的中心组成部分的担忧，即将数据隐私视为交易。 布鲁金斯学会的卡梅伦·克里和约翰·莫里斯认为，

“Data is not a commodity. It is information. Any system of information rights — whether patents, copyrights, and other intellectual property, or privacy rights — presents some tension with strong interest in the free flow of information that is reflected by the First Amendment. Our personal information is in demand precisely because it has value to others and to society across a myriad of uses.”

数据不是商品。 是信息。 任何信息权利体系(无论是专利，版权或其他知识产权，还是隐私权)都对第一修正案所反映的信息自由流通表现出强烈的兴趣。 我们之所以需要个人信息，恰恰是因为它在众多用途中对他人和社会都有价值。”

In other words, if we reduce personal data to something that is simply bought and sold, we remove much of its inherent public value. Further, we risk collectively de-valuing privacy as a right. Kerry and Morris are concerned a data ownership approach to privacy in cultures that value individual freedoms such as free speech will lead ill-equipped consumers to trade data below market value. This could leave us with a societal privacy divide not unlike the income disparity we experience today.

换句话说，如果我们将个人数据减少为简单的买卖，我们将消除其固有的公共价值。 此外，我们冒着集体贬低隐私权的风险。 克里(Kerry)和莫里斯(Morris)担心在尊重个人自由(如言论自由)的文化中，采用一种数据所有权方法来保护隐私，这将导致装备不良的消费者交易低于市场价值的数据。 这可能会给我们留下社会隐私上的鸿沟，这与我们今天所经历的收入差距不同。

The authors also note that treating information as a commodity can present obstacles to its use in the public interest, such as the continuation of fair credit reporting practices, public health research, and equal employment accounting. As a result, they suggest any serious discussion of data ownership will need to carve out separate provisions for data used in the public interest versus behavioral surplus data and identifiers used for non-essential purposes such as powering social media advertising algorithms.

作者还指出，将信息视为一种商品可能会阻碍其出于公共利益的目的使用，例如继续进行公平的信用报告做法，公共卫生研究以及平等就业核算。 结果，他们建议对数据所有权进行任何认真的讨论，都需要针对公共利益数据和行为盈余数据以及用于非必要目的的标识符(例如为社交媒体广告算法提供支持)制定单独的规定。

Another challenge posed by a transactional approach to privacy is that it’s unclear how much a single individual’s data is actually worth to companies using it to power goods and services. Not to mention, one person’s data could be significantly more valuable than another’s depending on the service, use for the data, and social determinants such as income and residential location.

事务性隐私保护方法带来的另一个挑战是，对于使用个人数据来提供商品和服务的公司，目前尚不清楚该个人数据的实际价值。 更不用说，一个人的数据可能会比另一个人更有价值，这取决于服务，数据的使用以及诸如收入和居住地等社会决定因素。

In 2013, the United Kingdom’s Financial Times attempted to develop a lightweight data value calculator to illustrate how much a person’s data is worth depending on various sociodemographic and life stage factors. Given most data sold on digital exchanges trades for less than $1.00 per 1,000 individuals or devices, most people might be shocked to see how little their data is actually worth annually. However, once you aggregate this across all online or offline uses for data sold via data exchanges or private brokers, the combined value could be substantial over time.

2013年，英国《 金融时报》尝试开发一个轻量级的数据值计算器，以说明根据各种社会人口统计学和生命阶段因素，一个人的数据值多少。 鉴于在数字交易平台上出售的大多数数据每1000个人或设备的交易价格不到1.00美元，因此大多数人可能会惊讶地发现他们的数据每年实际价值不高。 但是，一旦在所有通过数据交换或私人经纪人出售的数据的在线或离线使用中汇总了此值，合并后的价值就会随着时间的流逝而变得可观。

While it’s unclear whether all personal data should be viewed as a commodity, regulatory bodies certainly seem to be taking the stance that data exchanged via digital means with services such as retailers, social media sites or publishers, and data aggregators should be exchanged at the consumer’s discretion. What does this mean for privacy moving forward?

虽然尚不清楚是否应将所有个人数据视为商品，但监管机构似乎似乎采取了这样的立场，即通过数字方式与零售商，社交媒体网站或出版商之类的服务交换数据，而数据汇总商则应在消费者的手中进行交换。谨慎。 这对于隐私的发展意味着什么？

数据隐私与所有权的未来 (The future of data privacy vs. ownership)

Given the pace at which innovative technologies making use of data to power advances in quality of life and information are developed, it’s realistic to assume data ownership will play a key role in evolving technical mechanisms to privacy protection.

鉴于发展利用数据来推动生活质量和信息进步的创新技术的发展步伐，假设数据所有权将在不断发展的隐私保护技术机制中扮演关键角色是现实的。

Today, a number of tools have emerged attempting to allow a data subject to centrally store data and exercise privacy rights from one environment. These tools, such as Mine’s consumer-facing subject access request and deletion management platform or Dashlane’s password manager, are incomplete in coverage. Yet, they hint at an eventual framework via which a consumer could manage personal data sharing across desired services and device touchpoints centrally. In turn, businesses could access consumer data directly, at scale, in a privacy-compliant manner. While it’s important to detail provisions for the potential negative externalities of trading on personal data in this fashion, these ideas represent a new frontier for what it means to manage personal data, identity, and privacy online.

如今，出现了许多工具，试图允许数据主体集中存储数据并在一个环境中行使隐私权。 这些工具(如Mine面向消费者的主题访问请求和删除管理平台或Dashlane的密码管理器)的覆盖面并不完整。 然而，他们暗示了最终的框架，消费者可以通过该框架集中管理所需服务和设备接触点之间的个人数据共享。 反过来，企业可以以符合隐私权的方式直接大规模访问消费者数据。 尽管详细说明以这种方式进行个人数据交易的潜在负面外部性的规定很重要，但是这些想法代表着在线管理个人数据，身份和隐私意味着什么的新领域。

When coupled with concepts such as self-sovereign identity, one could imagine a whole new industry acting as ‘agents’ brokering personal data transactions. These brokers could also, in partnership with regulators, work to safeguard against data exploitation by minimizing data leakage and developing standards around information security that are more robust than those currently employed by many of the places in which our data is held.

当结合诸如自我主权身份之类的概念时，可以想象一个全新的行业充当“代理”来代理个人数据交易。 这些经纪人还可以与监管机构合作，通过最大程度地减少数据泄漏和围绕信息安全制定标准来保护数据免遭利用，这些标准比目前许多数据存放地所采用的标准更加强大。

The prospect of centralized privacy management systems for personal data is enticing and would solve much of the tension between regulatory requirements and how technology actually works. However, a right to privacy must be at the heart of any data ownership frameworks. Without this foundational value, we reduce privacy to a commodity and lose the Western cultural context for why it became so dear to us in the first place — We must preserve the right to be let alone in order to preserve our other individual freedoms, regardless of the cost.

用于个人数据的集中式隐私管理系统的前景诱人，并且将解决法规要求与技术实际工作之间的许多紧张关系。 但是，隐私权必须是任何数据所有权框架的核心。 没有这种基本价值，我们就将隐私权降低为一种商品，并失去了西方文化背景，因为它为什么首先对我们如此珍贵-我们必须保留被孤立的权利，以维护我们的其他个人自由，无论成本。