This writing is cross-posted from its originally posted version in the Quantified Self: Access Matters blog.

The digital trails we create are becoming thick and personal. Increasingly, people choose to collect meaningful data about themselves. Activity tracking to understand health and fitness. Genetic testing to understand ancestry and inheritance. Incidental data also expands: smartphones quietly observe our location through the day. Who gets to see our data? Can we see our own data? Beyond “privacy policy” documents, people are starting to call for something stronger: for personal data ownership.

Unpacking “data ownership”

It’s worth unpacking this phrase. What do we mean by “data ownership”? If we want to see changes, we need to start with a little more clarity.

Legally, data is not property. There is no copyright ownership of facts, as they are not “creative work”: the United States Supreme Court famously established this in the landmark case Feist vs. Rural. They are not patents, there is no invention. They are not trademarks. There is no “intellectual property” framework for data.

Yes, data is controlled: through security measures, access control, and data use agreements that legally restrict its usage. But it’s not owned. So let’s set aside the word “ownership” and talk about what we really want.

Control over what others do

One thing we might want is: “to control what others do with our data”. Whom they share it with, what they use it for. Practically this can be difficult to enforce, but the legal instruments exist.

If a company is generating data about you, then the “control” you have is spelled out in their contractual agreement with you. Check the policies: “Privacy policy” or “Data use policy” documents are a standard feature.

Think about what you really want. Are you opposed to commercial use of your data? Look for words like “sell”, “lease”, and “commercial”. Are you concerned about privacy? Look for words like “share”, “third-parties”, and “aggregate” — and if individual data is shared, find out what that data is.

Companies won’t change if nobody is paying attention and nobody knows what they want. We can encourage change by getting specific, and by paying more attention to current policies. Raise awareness, criticize the bad actors, and praise the good ones.

Personal data access and freedom

The flip side of “data control” is our own rights: what can we do with our own data? We want access to our personal data, and the right to use it.

This idea is newer, and it has a lot of potential. This was what Tim Berners-Lee called for, when he called for data ownership last fall. “That data that [firms] have about you isn’t valuable to them as it is to you.” I think it’s worth listening, when the inventor of the world wide web thinks we should have a right to our data.

So let’s spell it out. Let’s turn this into a list of freedoms we demand. We should be inspired by the free software and free culture movements, which advocate for other acts of sharing with users and consumers. In particular, inspired by Richard Stallman’s “Four Freedoms” for free software, I have a suggested list.

Three Freedoms of Personal Data Rights

Raw data access — Access to digital files in standard, non-proprietary file formats.

Without raw data, we are captive to the “interface” to data that a data holder provides. Raw data is the “source code” underlying this experience. Access to raw data is fundamental to giving us the freedom to use our data in other ways.

Freedom to share — No restriction on how we share our data with others.

Typically, when data holders provide access to data, their data use agreements limit how this data may be shared. These agreements are vital to protecting user privacy rights when third parties have access, but we have the right to make our own sharing decisions about our own data.

Unrestricted use — Freedom to modify and use our data for any purpose.

Data use agreements can also impose other limitations on what individuals can do with data. Any restriction imposed on our use of our data impinges on our personal data rights. Freedom for personal data means having the right to do anything we wish with data that came from us.

In the short term, access to raw data can seem obscure and irrelevant: most users cannot explore this data. But like the source code to software, access to this data has great potential: a few will be able to use it, and they can share their methods and software to create new tools.

Raw data access is also an opportunity for us to share for the greater good, on our own terms. We could share this data with research studies, to advance knowledge and technology. We could share data with developers, to develop software around it. We could share it with educators, with artists, with citizen scientists. We could even cut the red tape: dedicate our data to the public domain and make it a public good.