Published: April 8th 2022
How revisiting a 300-year-old philosophy can advance patient data rights in a world where the value of data belongs to those who own the data servers.
In the late 1600’s Scottish philosopher David Hume wrote extensively about “Life, Liberty and Property” (with some variations). However, up until the end of the 19th century people could only reasonably expect to have a degree of privacy on property that they owned. Privacy of the self, per se, was not enshrined until 1890, in a seminal paper by Boston lawyers Samuel Warren and Louis Brandeis.
The Invention of the Right to Privacy, 1979. This article in the Arizona Law Review by Dorothy J. Clancy examines how the hugely influential 1890 paper on “The Right to Privacy” by Warren and Brandeis deliberately placed what they proposed as a universal right under laws concerning the right to Life, rather than under the traditional branch of law concerning privacy, that of Property rights.
(It is interesting to note that it was a new technology at the time that introduced significant privacy concerns, similar to today’s internet that we face today. That new technology was the uptake of the snap shutter camera in the 1880’s. This new invention enabled photographers to lurk in the bushes at exclusive blue blood lawn parties in upper class Boston of the time and take photos of who was doing what and talking to whom – and printing those “scandalous” revelations in the very next day’s broadsheet newspapers. What we know as the paparazzi today).
Warren’s family were members of that blue blood Boston upper class and so Samuel Warren was determined to put a stop to what he viewed as an invasion of privacy. Brandeis wanted to build a reputation. And so, the two put together “the right to privacy” – put forward as a fundamental human right that should be enjoyed by all human beings. 1890 marked a huge advancement in the scope of the definition of privacy. One which we have all enjoyed the fruits of.
Herein lies the rub – Privacy Law developed as a branch of law related to Life with no consideration to Property, but instead is fully concerned with the “spiritual interests” of a person.
This may not have mattered, except that in the 1950’s (coincidentally halfway between 1890 and 2022) the powerful asset that today is data was birthed into the world through the rise of computers. By de facto circumstance, and since nobody understood the power that data would have on privacy many decades later, the existing law of property rights was ascribed to matters to do with data. The “Data Controller”, became the legal term assigned to the entity that owns the physical servers that stores, sends and receives data, including our health and medical data.
In other words, Facebook and the rest of the tech barons get immense legal power over data simply by owning and controlling the servers that house data – including data that we create from our bodies and from our own thoughts and actions. Lumps of metal and silicon they may be, but with the transformational magic of software applied to the data that course through those servers data can be transformed into knowledge and insights to create economic value. Servers are lumps of property that are extremely valuable beyond the sum of their parts due to long-standing property rights.
And so it becomes clear why data rights are legally referred to as “de facto” data rights (or residual data rights). The data industry was literally birthed this way. After all, possession is nine-tenths of the law. The Data Controllers know that they don’t own the data outright, but by housing it as the Data Controller they are free to commercially exploit the value of the data that passes through their servers – even in the case of healthcare data that our own bodies produce through the act of being a living human being.
But in an age where data has become the planet’s most valuable asset and is non-rivalrous (i.e. data can be copied multiple times without losing its value), the world is lacking the legal definitions required to link Privacy and Property together to give us as individuals control and ownership over at least some of the data we produce. The EU GDPR regulations are a useful step forward, but concern themselves only with issues of data access. They do not touch the issue of data ownership – and for good reason. There are too many entrenched interests. Too much money is at stake. Legislative change around data ownership rights will likely take many decades.
Healthcare data is a good place to start because a contextually rich healthcare data set comprising both longitudinal clinical data as well as social determinants of health that has dynamic and explicit ownership rights attached to it has great commercial value - much more than the typical insurance claims data that drives much of healthcare data analysis and value today.
No new legislation is needed. A company can choose to declare by binding fiat that its members own the particular data set that is housed in that company’s servers, and help those members build up the value of that data set. We believe that the member should then earn the majority of what the value of that data set is worth.
In a multi trillion-dollar healthcare industry, where patients are typically paid a few gift vouchers – if anything at all - in return for their data, time, effort and even DNA record, we think it is time for a rebalancing. Individuals should share in more of the financial rewards available for the uniquely valuable data they produce through being a unique human being.
And while waiting for the slow wheels of data legislation to turn, by enjoining Privacy Rights with Property Rights we can make a start right now on rebalancing value in favor of “Data Owners” (otherwise known as patients).
CEO & Founder, The Sovereignty Network