Equating personal data with a currency goes against the EU’s core principles and legal order
The latest intentions of the European Commission, expressed in its proposal for a Directive on certain aspects concerning contracts for the supply of digital content, to establish data (personal or not) as an alternative way of payment could create major challenges in the Digital Single Market.
Maybe it is tempting to treat data as a currency, but in reality one needs to be careful, not least because the protection of personal data is a fundamental right in the EU. That is not however the only reason why personal data should not be treated like a currency; here are a few other reasons.
Inability to evaluate and monetize data
Unlike money, data is not easily defined in terms of quantity or price. Even if we are all aware of the data we own, nobody knows exactly what it is worth.
The difficulty in pricing data in monetary terms derives partly from the fact that its value originates from data’s various applications and not the data itself. The insights that can be derived from data are much more valuable than the data itself.
Therefore, in a case where data will alternatively be used as a payment method, the inability to precisely value it could set a huge question mark on the value of transactions, which is not good for any of the involved parties.
The undefined nature of data is not the only practical issue the business sector and consumers will deal with when they will “haggle” with data, instead of money.
The non-exclusivity of data, namely the ability to reuse the same data more than once, is another characteristic differentiating data from money. For example today you can buy the iPhone 8 for 1000 euro. Once you pay, this money is gone and you cannot reuse it again. In the case of data, you could offer your data to cover the cost of the device, but you can also reuse the same data in other transactions. The problem is that after sharing this data once, its substantive value for future transactions may be diminished.
So the transposition of a money-to data-oriented e-commerce will not be a smooth one.
Contradictions with EU law
However, the specific characteristics of data are not the only complexity. The European Commission and other stakeholders should note that equating money with data will lead to serious contradictions with European data protection law.
It was only last year that the EU agreed upon new data protection legislation, the General Data Protection Regulation (GDPR). The GDPR takes into account the need for a secure and free flow of personal data within the internal market, introduces increased security measures, and ensures that the cross-border exchange of personal data will happen under specific conditions and safeguards.
One of the cornerstones of this new legislation, but also of the general data protection regime, is the purpose limitation principle. This principle simply says that the data collected for a very specific purpose should not be repurposed.
Imagine now a situation where everyone could provide his data as a means of payment, without knowing whether this data will be further processed or for what reason. This situation will create uncertainty for the data subject but also for service providers. After receiving the data as part of their payment, service providers will be uncertain whether they could reprocess the data for a different purpose or use it as payment for a future transaction.
Without a clear framework, it’s likely that all the parties involved in the transactions will risk data breaches, endangering the sophisticated approach of GDPR and leading to more legal uncertainty and market fragmentation.
Protection of personal data is enshrined in the European Charter of Fundamental Rights
This debate is critical not because the digital market would not welcome alternative payment solutions or new business models, but because data itself is not a good option for that.
Potentially commoditizing personal data could implicate fundamental rights in the EU and run afoul of the core principles of our legal order and the intentions of the Commission to establish a secure and well functioning Digital Single Market.
In this light consumers and policy makers should:
- Keep in mind that the protection of personal data is a fundamental right
- Stop undermining the objectives of the GDPR
- Be aware of the complexities this approach could bring, not only regarding the practical issues but also the legal implications
I couldn’t find a better way to conclude than by making a reference to the European Data Protection Supervisor’s statement:
“The EDPS warns against any new provision introducing the idea that people can pay with their data the same way as they do with money”.
Victoria Chatzi is Policy Assistant in the Brussels office of the Computer & Communications Industry Association.