Who Really Owns Your Personal Data?

Written by Kristine Vergara for UTS Business Society.


This article focuses on the enforcement of the EU’s General Data Protection Regulation and how the prevalence and importance of data is shaping the way businesses and individuals deal with personal data.


General Data Protection Regulation (GDPR)[1]

The EU have enforced the GDPR as of 25 May 2018 to provide consumers more rights over their data and restrict how companies use consumer data. The main requirements of the GDPR include:

  • Requirement for consent – businesses will have to notify customers that they have access to their data and customers will need to provide express consent of this
  • The Right to be Forgotten – customers will be able to ask businesses to delete all of their data with businesses now having to provide proof of this action
  • Data portability – businesses will be able to port their data to other providers with ease and previous providers will now have to provide proof previous customer data is erased
  • Fines for data breaches – tougher fines for data breaches will be introduced which could be up to EUR 20 million or 4% of global annual turnover for the preceding financial year, whichever is greater.

Introduction of the GDPR shows the importance of data governance and cyber security for consumers and businesses alike.  Companies will need to adapt with regulatory changes in order to protect themselves from hefty financial penalties enforced by the EU.

Progress has also been made in Australia through the Privacy Act, and furthermore the formation of the Consumer Data Right and the National Data Commissioner to give consumers further control over their personal data.



Mark Zuckerberg has appointed David Marcus to spearhead a team to research blockchain, a decentralised digital ledger technology, which could include applications such as the transfer of cryptocurrency.

David Marcus will be moving across from his role as the Head of Facebook Messenger. Marcus’ previous experience includes his time as the President of PayPal, an online payment platform and as a board member for Coinbase, a cryptocurrency exchange based in the US.

Marcus will most likely be tasked with creating a Facebook cryptocurrency for payments through their platform. This would further support transactions through Facebook Marketplace. It could also be another form of payment for companies to pay for their Facebook advertising. An alternate theory is that Facebook will use blockchain to provide users a way to control their own data, and furthermore to stem the proliferation of fake accounts by utilising external verification through the blockchain interface.


Millennials selling private data[3]

A 23-year-old French graduate student Alice Liogier is researching the commercial use of personal information in the age of big data and is testing the assumption that “if people really do own their data, then they should be able to sell it”. Technology businesses such as Facebook, Google and Netflix have built business models built on personal data without providing any monetary compensation to individuals.

The next generation of technology businesses are developing business models that give individuals control and ownership over their data. People.io is a London-based startup paying consumers for data in order to send them more targeted advertising, which will in turn help businesses develop their consumer products. IOVO is a New York-based startup, which utilises blockchain technology to store consumer data for individuals to on-sell to advertisers.

Liogier maintains that the current discussion about data is centred around privacy however needs to be about ownership and control. “The debate right now is focused on data protection and privacy – that’s where fears have crystallised,” Liogier says. “But selling data and data ownership is the next big topic, and probably the most important topic.”


In a nutshell

The EU’s enforcement of the GDPR will mean that businesses in particular will have to adapt how private data is being used and stored. Facebook’s foray into the cryptocurrency space will serve multiple uses. Most interestingly, this could be a way for individual Facebook users to control their personal data. Australia still has more work to do. Current legislation is not keeping pace with current technology businesses, as ambiguity still exists about how personal data is being utilised by businesses for profit.



[1] https://www.eugdpr.org/key-changes.html

2 https://www.ft.com/content/90a9f280-57d4-11e8-b8b2-d6ceb45fa9d0

3 http://www.afr.com/lifestyle/scared-by-facebook-wait-till-millennials-are-selling-their-data-20180608-h115kv


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: