Beyond Data Ownership

62 Pages Posted: 6 Apr 2020 Last revised: 27 Feb 2021

See all articles by Ignacio Cofone

Ignacio Cofone

McGill University Faculty of Law

Date Written: March 30, 2020

Abstract

Data ownership proposals are widely misunderstood, aim at the wrong goal, and would be self-defeating if implemented. The Article shows, first, that data ownership proposals do not argue for the bundle of ownership rights that exists over property at common law. Instead, they focus on transferring rights over personal information through consent.
Second, the Article shows that understanding data ownership for what it truly is highlights its deficiencies. These are magnifying pre-existing problems of relying on consent in privacy, and producing a fatal flaw: a moral hazard problem where corporations lack incentives to take care ex-post, driving up harm. Recognizing these deficiencies entails abandoning the idea that property can achieve control over personal information. The Article takes a law and economics approach to discussing data ownership, identifying such moral hazard problem that makes data ownership self-defeating.
The Article, then, develops proposals for privacy law reform amidst a national discussion on how to formulate federal and state privacy statutes. These involve including in states’ privacy statutes being discussed across the country a combination of what the Calabresi-Melamed framework calls property and liability rules. This mixed rule system is essential because property rules alone unequivocally fail to protect data subjects from the risks of future uses and abuses of personal information. This problem can only be remedied through ongoing use restrictions over personal data.
The Article matches its reform proposals with two doctrinal recommendations. First, reinforcing the purpose limitation principle, a key and underutilized ongoing use restriction in American law. This can be implemented at the enforcement level by the Federal Trade Commission. Second, bolstering private rights of actions in for privacy harm irrespective of whether such harm was coupled with a statutory breach. This can be implemented by the judiciary within current statutory provisions. In so doing, it informs two current privacy enforcement debates that can benefit from a law and economics approach.

Keywords: Data ownership, privacy law, purpose limitation, purpose specification, privacy enforcement, property rules, liability rules

Suggested Citation

Cofone, Ignacio, Beyond Data Ownership (March 30, 2020). Available at SSRN: https://ssrn.com/abstract=3564480 or http://dx.doi.org/10.2139/ssrn.3564480

Ignacio Cofone (Contact Author)

McGill University Faculty of Law ( email )

3644 Peel Street
Montreal H3A 1W9, Quebec
Canada

HOME PAGE: http://www.ignaciocofone.com

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
246
Abstract Views
1,202
rank
147,980
PlumX Metrics