9.1 Data under Property Law
There has been great debates on the status of data as the property of the data subjects or the data controllers, some have taken the stance that personal data belongs to its originator whilst others have taken the stance that processed data belongs to the entities undertaking such data processing. Recently with the development in ICT data subjects are able to personally store and process personal data through the use of sophisticated technologies such as cloud the use of equally sophisticated gadgets, therefore largely data subjects can now claim ownership rights over their personal data.[i]
Generally, the stance of data subjects as product consumers to own the user-held data stems from the notion of consumer rights advocacy as a human right.[ii]
With the growing commercialization of personal data for various purposes such as improvement of products and adverts’ and services customization, with an intent of generating income with a view of profit, data can be considered as to be asset. Owing up to consideration of user-held data as an asset, the latter is said to qualify for protection and safeguard pursuant to the rights under accorded under property law.[iii]
Lack of awareness of data as property acts an incentive to major tech companies and operators to harvest or mine individuals’ personal data for continuous generation of income and profit at the expense of data subjects.
9.1.1 Demsetz Theory
One of the core lessons that can be draw from the second limb of Demsetz theory is that property cannot exist in itself without putting forth institutional/regulatory structures to enable its enforcement.[iv]Additionally, Harold Demsetz could be said to have defined property rights as law as that enable market exchange.[v]
More than other forms of property, personal data can easily be transferred through day-to-day performed undertakings, the common being corporate transactions such mergers and acquisitions, data brokerage indirectly acquiring consumer’s information and analyzing packaging and selling such data without the consumers’ permission, lastly personal data is usually transferred through consumer contracts through the exchange of personal information with suppliers of goods and services.[vi]
9.2 Regulation of Data as Property
With the global progression of data protection and privacy regulation especially with the recognition and protection of data subjects’ rights such as right to access data collected by data subjects, right to be informed the use to which collected data shall be put into use, right to alter collected personal data, right to delete or omit collected data and the now famous right to be forgotten. This has given data subjects the incentive to control their personal data and the use of which such data is put.[vii]
The regulation of data processing and control has significantly strengthened the position of data subjects’ ownership of user-held data. One of the most significant effects on data processing and control is the Google’s 2020 decision to join a major tech companies’ data protection wagon in abandoning the use of third-party cookies by 2022. This measure which has already taken by other major tech players such as Apple and Mozilla[viii] is aimed at abolishing online marketers’ ability to access and track personal data of internet users.[ix]
9.2.1 Data Portability
The limitation of third-party access and use of personal data has placed such access through data subjects’ consent for such access and use hence an incentive on data subjects’ control over their personal data in asserting data subjects’ right to data portability. This regulation exerts data subjects’ control over third parties’ access to their personal data. The GDPR[x] provides;
1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
- the processing is carried out by automated means.
2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
9.3 Pros and Cons of Data as Property
9.3.1 Pros of Data as Property
- The recognition and regulation of user-held data property ownership has somewhat cured the previously existent and unregulated market and information asymmetries, this is due to the fact that such regulation greatly creates;
- data ownership boundaries;
- fiscal value to data subjects on their ownership of user-end data,
- gives freedom to data subjects to dispose and alter the data.
- The concept of data ownership also enables data updates by the data subjects through the right to access the recorded data in turn fostering accurate, complete and updated data, hence data subjects can be part of the process of value generation from the asset through facilitation of creation of new products and services.
- Since under the concept of data as property, the relationship between data subjects as property owners and data controllers and/or processors is governed under contract law; breach of the agreed terms and conditions for which the user-held is to be used can afford the data subjects the right to institute legal proceedings against such data controllers and processors under breach of contract, this could also be explored through tort law remedies.
- An aggrieved data subject could further seek redress through property law remedies such as seeking maintenance of status quo, injunction and compensation for damages in a competent forum.
9.3.2 Cons of Data as Property
- The possible disadvantage which could be said that data users’ autonomy on user-held data is that the autonomy could hinder the development of products and services since, these are at the control of the data subjects who may deliberately be reluctant to consent to the use of their data by data controllers and processors and third parties.
- Some scholars have argued that recognition of data property qualified under property rights may need stronger institutions/regulators hence increasing institutional/regulatory costs in securing such property rights.[xi]
9.4 Data as Property in Tanzania
Tanzania’s constitution[xii]guarantees the right to property;
24.-(1) Every person is entitled to own property, and has a right to the protection of his property held in accordance with the law.
This constitutional guarantee caters for both corporeal and incorporeal property ownership. If personal data was distinctly regulated in Tanzania to the extent that it could be termed as an asset/property, both the data protection Legislation and the constitution could have safe guarded data ownership rights by data subjects.