top of page

The Failure of GDPR: A Mirage of Data Rights and the Illusion of Control

In May 2018, the General Data Protection Regulation (GDPR) was hailed as a landmark in protecting personal data, promising to give EU citizens unprecedented control over their information in an increasingly digital world. Its origins stem from a noble cause: to create a comprehensive framework that safeguards the privacy and rights of individuals amidst the proliferation of data-centric technologies. However, as we mark six years since its inception, it is clear that GDPR needs to catch up to its grand promises. The reality of data rights under GDPR is a convoluted mess of legalese, ineffective controls, and a fundamental imbalance of power favouring corporations over individuals.

The Mirage of Control

At its core, GDPR was supposed to empower individuals with greater control over their data. The regulation introduced concepts such as explicit consent, the right to access, rectification, and the right to be forgotten. In theory, these provisions were designed to grant individuals autonomy over their data. In practice, however, GDPR has become a labyrinth of consent forms, privacy policies, and opt-in boxes that most users mindlessly click through.

The daily life of an internet user is inundated with pop-ups and disclaimers. Each website, app, and service demands consent, often presenting lengthy and complex privacy policies that few have the time or expertise to understand. This approach reduces GDPR's lofty ideals to a mere formality: users are left with Hobson's choice of navigating through mountains of legal text or blindly accepting terms to proceed. This is not empowerment; it is obfuscation.

Data Ownership: The Missing Piece

The fundamental flaw of GDPR lies in its conceptual framework. While it provides rights regarding how data is processed, it does not confer actual ownership to the individuals who generate it. This is a critical oversight. In an era where data is often dubbed the new oil, the value of personal information is immense. Companies have amassed vast fortunes by mining, analysing, and monetising user data. They track preferences, shopping habits, locations, and interactions and even accurately predict behaviours. Yet, the users, whose data fuels this lucrative engine, see none of the profits.

Imagine a world where data generated by individuals is treated as their property, where they hold legal ownership and can claim a share of the profits derived from it. If companies are using personal data to generate revenue, then individuals should be entitled to a corresponding share of the profits. Additionally, if data is stored and remains unused, it should generate rental income for the data owner. This would not only redress the economic imbalance but also incentivise companies to handle data responsibly and transparently.

Companies Getting Rich on Your Data

The current data economy is skewed heavily in favour of corporations. Tech giants like Google, Facebook, and Amazon have built empires by exploiting personal data. They refine their algorithms, tailor advertisements, and optimise services while reaping financial rewards. On the other hand, the users receive "free" services at the cost of their privacy and autonomy.

These companies argue that the services they provide justify the data they collect. However, this argument falls flat when one considers the immense profits they generate compared to the value of the services offered. The scales are tipped, and the balance needs to be restored.

A Vision for the Future: A Charter of Data Ownership

To address the inadequacies of GDPR, we need to fundamentally rethink our approach to data rights. Here are some ideas to spark this revolution:

  1. Legal Data Ownership: Recognise personal data as the property of the individual who generates it. This means individuals should be able to control, sell, and earn from their data.

  2. Profit Sharing: If companies use personal data to generate profit, a portion of that profit should be shared with the data owners. This could be managed through a transparent system where individuals can see how their data is being used and what revenue it generates.

  3. Data Rental Income: For data that is stored but not actively used, companies should pay rental fees to the data owners. This would ensure continuous compensation for the value provided by the data.

  4. Simplified Consent: Eliminate the cumbersome disclaimers and introduce simplified, standardised consent forms that clearly outline what data is being collected and how it will be used.

  5. User-Controlled Data Portals: Develop user-friendly platforms where individuals can manage their data, track its usage, and control permissions. These portals could also facilitate the selling or leasing of data.

  6. Regulatory Oversight: Establish robust regulatory frameworks to oversee data transactions, ensuring fairness, transparency, and accountability.

GDPR was a step in the right direction, but it needs to go farther. It has introduced the concept of data rights but failed to implement them effectively. To truly empower individuals, we need to move beyond the illusion of control and establish genuine data ownership. By shifting the power back to the users and ensuring they are fairly compensated for the value they provide, we can create a more just and equitable digital economy. The time has come to rethink data rights and transform GDPR from a well-intentioned but flawed regulation into an actual charter of data ownership.

The Key to True Data Ownership is Blockchain

With its decentralised and transparent nature, blockchain technology offers a promising solution to the challenges of managing user data, ensuring fair compensation, and fostering genuine data ownership. By leveraging blockchain, we can create a system where companies "pay to play" rather than exploiting user data for free. Here's how blockchain can revolutionise data management:

Transparent and Secure Data Transactions

Blockchain's immutable ledger can record every transaction involving personal data, ensuring transparency and security. Each time a company accesses, uses, or sells personal data, the transaction is recorded on the blockchain. This provides a clear, auditable trail of data usage, making it easier for individuals to track how their data is utilised and ensuring companies cannot misuse or obscure their activities.

Data as a Commodity: Fees and Income

With blockchain, personal data can be treated as a commodity, with users setting the terms for its use. Here's how it can work:

  1. Data Fees: Users can set fees for access to their data. When a company wants to use an individual's data, it must pay a predetermined fee, which is recorded on the blockchain. This fee structure ensures that users are compensated each time their data is used, turning data into a revenue-generating asset.

  2. Profit Sharing: Blockchain can facilitate smart contracts that automatically distribute a share of the profits generated from data usage back to the data owners. For instance, if a company uses personal data to enhance its advertising algorithms and increase its revenue, a portion of that revenue can be automatically transferred to the data owners as compensation.

  3. Data Rental Income: Blockchain can manage rental agreements for data. If a company wants to store personal data without immediate use, it can enter into a rental contract with the data owner, paying a periodic fee for the right to hold the data. This ensures continuous income for the user, even when their data is not actively used.

User Participation and Control

Blockchain empowers users to take active control of their data:

  1. Decentralised Data Portals: Blockchain can support decentralised platforms where users manage their data permissions. These portals allow users to grant, revoke, or adjust access to their data in real-time. Each permission change is recorded on the blockchain, providing a transparent data access history.

  2. Informed Consent: Using blockchain, companies can give simplified, standardised consent forms that are easily understood and verifiable. Users can give informed consent without navigating through complex legal documents. Each consent instance is stored on the blockchain, ensuring it is immutable and transparent.

  3. Data Valuation: Blockchain can help establish a marketplace where data's value is determined by supply and demand. Users can see how much their data is worth and decide whether to sell or lease it based on market rates, ensuring they receive fair compensation.

Companies Paying to Play

The shift to a blockchain-based data management system changes the dynamics of the digital economy:

  1. Cost of Access: Companies must factor in the cost of accessing and using personal data. This includes direct payments to users and transaction fees for recording each data interaction on the blockchain. This creates a financial incentive for companies to use data responsibly and efficiently.

  2. Eliminating Free Exploitation: Blockchain ensures that companies can no longer exploit personal data without compensation. The transparent, decentralised nature of blockchain makes it impossible for companies to bypass the system without facing repercussions, thereby ensuring that users are always compensated for their data.

  3. Regulatory Compliance: Blockchain can help companies comply with data protection regulations by providing a clear, immutable record of all data transactions. This reduces the risk of non-compliance and the associated fines, encouraging companies to adhere to ethical data practices.

Conclusion: Embracing Blockchain for a Fair Data Economy

Integrating blockchain into managing user data addresses the fundamental flaws of GDPR and takes a giant leap towards true data ownership. By ensuring that companies pay to access and use personal data, blockchain shifts the power balance back to the users. It transforms data from a freely exploited resource into a valuable asset that generates income for its rightful owners. As we look to the future, embracing blockchain technology is essential for creating a fair, transparent, and equitable digital economy where users truly own and benefit from their personal data.

1648 | Beyond Consulting

We help transform and future-proof financial firms. 1648 is at the forefront of today's rapidly evolving financial landscape, guiding wealth managers and fintech firms through discovery and transformational journeys. Our expertise ensures that these firms adapt to industry transformation and drive it forward by employing the most effective strategies and digital innovations. The future of wealth management becomes more transparent, intelligent, and resilient with 1648.

The strategies presented are thematic and do not constitute investment advice (or advice of any kind). No assurance can be given that the objectives of the investment above strategies will be achieved; the strategies involve risk (including, without limitation, illiquidity risk) and may incur a loss on some or all capital deployed. The opinions expressed, or indeed the information or assumptions that underpin them, may contain errors, mistakes, or omissions; no assurance or warranty can be made as to the accuracy or completeness of this information, and readers should not place any reliance on this content to execute investment decisions or for any other purpose. Readers accept full responsibility for using this content and are kindly requested to consult with their professional advisor before making any investment decision related to the same.

Please find a range of custom GTPs to support research and discovery:

2 views0 comments


bottom of page