When I share my data with companies, do I still have a say over how my data is stored, shared, and used? What about when these companies make a profit by sharing my data?
This question is one of the defining questions concerning data privacy from the consumer² viewpoint.
Unfortunately, the answer to this question is more often than not … no. Once you share your data with a company³, your data tends to get shared with more parties than you can even imagine.⁴
And lest we forget, the constant sharing of consumer data between businesses and third parties is a major catalyst for data breaches.⁴
This is the unfortunate reality of consumer privacy, a world in which consumers need to be pragmatic about their privacy because they have little to no control over how businesses use their data once they have shared their data with them.⁵
Perturbed but defiant, consumers who are unsatisfied with the status quo, who believe that they should have more control over their data, are pursuing alternatives to protect their data.
Luckily for them, many individuals and enterprises share their sentiment (e.g., DuckDuckGo search engine), and are readily available today for them to make the switch.⁶
This article will proceed in two parts. Part One will discuss the status quo for how companies share consumer data and concerns about data breaches. Part Two will discuss alternative services and businesses that empower consumer privacy.
Note: This article is a pre-print. The final print of this article will be published in 1–2 weeks. You may read the full article when you sign up for
In the full article, we discuss some additional examples of foul play by companies with consumer data and some additional readings to help you better understand the data privacy and alternative services and businesses landscape.
1. The Data Privacy Status Quo
As discussed above, the status quo for data privacy is pretty bleak for consumers, and this is reflected in how consumers view data privacy.
1.A. Consumer’s view data privacy as fundamental in theory, but are willing to give up their data privacy in practice
In general, consumers believe they should have control over how businesses use their data, preferably on an as-needed basis.⁵^⁷^⁸^⁹
Consumers can be categorized into three groups based on Acxiom’s Data privacy: What the consumer really thinks survey:
- “data pragmatists: those who will make trade-offs on a case-by-case basis as to whether the service or enhancement of service offered is worth the information requested
- data fundamentalists: those who are unwilling to provide personal information even in return for service enhancement and
- data unconcerned: those who are unconcerned about the collection and use of personal information about them.”⁵
Based on the responses to the survey, consumers were segmented into the three categories described above, with the majority of Americans being classified as data pragmatists (58%), while 24% were classified as data fundamentalists, and 18% were classified as data unconcerned.⁵
7 of the 9 major takeaways in Acxiom’s survey discussed consumers wanting more control and transparency over how their data is used by businesses (e.g., receiving remuneration for sharing their data with companies, and the need for trust and transparency before exchanging data with companies).⁵
Though consumers believe they should have more control, as discussed above, most consumers are data pragmatists because without giving up autonomy over their data, they cannot access the products and services they desire to use.⁵
Thus, it is not surprising that even though consumer views on data privacy are strongly pro-consumer, their actions differ widely from their views.⁵
Although Acxiom’s survey was reported in 2017 before the Facebook and Cambridge Analytica scandal in 2018, the same principles still hold true in 2019.⁸^⁹
After the scandal, as reported in IBM’s Institute for Business Value survey, more consumers believe that organizations “should face stronger regulations on personal data management,” but that they are still willing to be pragmatic about their data privacy in exchange for access to products and services.⁹^¹⁰
Though, the data pragmatist approach may start dwindling as new data privacy legislation in California and the European Union give consumers more protection over their data.¹¹^¹²
1.B. Most consumers are unaware of how businesses benefit from their data-generating activities
Most consumers do not see the connection between their data-generating activities, especially on purportedly free services (“search online for free, check their free email accounts, post on their free social media accounts and more …”) and how the data generated from those activities are used by businesses.¹³^¹⁴
Two examples highlight the disconnect between how consumers view their data generating activities and how businesses use the data.
First, marketers use the data consumers generated on the free services and platforms discussed above to provide more relevant marketing (i.e., targeted advertisements) to consumers.¹³
Second, businesses, even those that seem unrelated or unaffiliated, share data with each other, such as how Facebook entered into a data sharing agreements with third parties such as Amazon, in which Facebook gave “names and contact information” to Amazon, and in return, Facebook could use Amazon’s data “in its ‘People You May Know’ feature.”¹⁵
1.C. Data Breaches are becoming more frequent as companies store and share more consumer data
Because consumers are so resigned to losing control over their data, consumers also harbor similar sentiments about data breaches.⁷
In Akamai’s 2018 survey Consumer Attitudes Toward Data Privacy Survey, forty-six percent (46%) of consumers surveyed stated that they will give companies a pass for data breaches “as long as they are immediately informed about the attack and information is shared about how the company is responding.”⁷
1.D. Data breaches are becoming more frequent and severe because businesses are storing large amounts of consumer data
A major reason why data breaches are becoming more frequent and exposing more and more consumer data is because companies are storing more consumer data than ever before.¹⁶^¹⁷^¹⁸
More troubling than the rising frequency of data breaches, the majority of companies do not take data breaches as seriously in the USA than in the European Union (EU) because the fines and penalties associated with data breaches in the USA generally do not have a major impact on a company’s bottom line.¹⁹^²⁰
For consumers, this raises many issues because consumers have to rely on companies to properly secure their data because companies store consumer data, even though, as mentioned earlier, they have little to no incentive to properly secure consumer data as long as the fines do not heavily impact their bottom line.¹⁸
For example, this year, Verifications.io, a marketing platform, had approximately 800 million unencrypted records (i.e., the information was in plain text and human readable, just like this article) exposed containing varied amounts of personal information (e.g., credit scores from an unsecured MongoDB database) which anyone could have seen.²¹
How can companies get away with this kind of conduct? Because our collective memory of data breaches is pretty short, and we tend to forget them as fast as the news broke out about the breach.²²
2. A Change in the Data Governance Landscape
Unfortunately, despite how companies use and misuse consumer data, and the lack of effort to properly secure consumer data, most consumers remain data pragmatists because without giving up their data privacy, they cannot use the services they desire.⁹^¹⁰^¹⁸^¹⁹^²⁰
The issues discussed in the previous section have led to the creation of a niche market of privacy-centric businesses, technologies, and services that empower a new data governance framework based on user consent.²³
2.A. The Rise of New Data Governance Frameworks
Vincent Straub and Geoff Mulgan in their article, The new ecosystem of trust: How data trusts, collaboratives and coops can help govern data for the maximum public benefit, developed a typology of data governance frameworks (categories described below) that promote individual control over data:
“data cooperatives and commons,personal data stores,Industry data stewardship trusts,public private data trusts,commercial data public research steward,public data research trust,public data trusts, andpublic benefit data trusts.”²³
Straub and Mulligan define data trusts as “institutions that work within the law to provide governance support for processing data and creating value in a trustworthy manner,” based on Kieron O’Hara’s definition of data trusts from his whitepaper Data Trusts: Ethics, Architecture and Governance for Trustworthy Data Stewardship.²³^²⁴
An additional governance framework that is helpful to understand the new privacy-centric market is the data collaborative framework developed in New York University’s (NYU) GovLab.²³^²⁵^²⁶ This framework is generally more focused on private-public partnerships than Straub’s and Mulligan’s framework.²³^²⁵
There are six types of data collaboratives:
“Data Cooperatives or Pooling,Prizes and Challenges,Research Partnerships,Intelligence products,Application Programming Interfaces, andTrusted Intermediaries.”²⁶
Data Collaboratives provide five major benefits:
“situational awareness and response,public service design and delivery,knowledge creation and transfer,prediction and forecasting, andimpact assessment and evaluation.”²⁶
One of the major drivers for data collaboratives is that for public-sector entities to combat public problems, public-sector entities require greater access to data, which is often held by private-sector entities.²⁵
The six major motivations for corporations to share their data with, or as part of, a Data Collaborative, are:
“reciprocity,revenue,research & insights,regulatory compliance,reputation, andresponsibility.”²⁶
2.B. What is a Data Cooperative?
Data Cooperatives are “[c]orporations and other important dataholders group together to create “data pools” with shared data resources.”²⁶ Data Cooperatives can be considered a type of platform cooperative, a cooperative-run enterprise or similar that operates, maintains, shares, or creates a platform to connect individuals together.²⁷
This type of data trust is one of the best models for ensuring data usage based on individual consent because they can develop “common standards to ensure data security, compliance and technical treatment.”²³
2.C. Two innovative Data Cooperatives pushing consumer ownership of data are Savvy Coop and Driver’s Seat Cooperative
Two Data Cooperatives we wanted to discuss in this article are Savvy Coop and Driver’s Seat Cooperative.
2.C.1. Savvy Coop: A Patient-owned Data Cooperative
Savvy Cooperative (“Savvy Coop”) is a patient-owned cooperative that offers a platform for patients and care providers to share their health experiences with companies and researchers interested in their health experiences for their own projects.²⁸^²⁹
Patients can earn rewards when they share their health experiences on the platform through (but not limited to) surveys, interviews, focus groups, discussion boards, user-testing, scientific research, and many more gigs.²⁸^²⁹^³⁰
Patients can receive rewards in a variety of ways including:
- Savvy Points,
- Savvy Badges,
- Amazon Gift Cards,
- Visa Gift Cards, and
- Discounts Coupons.”³⁰
Savvy Coop offers two types of accounts for patients, a free account and a member account.³⁰ The free account is available to everyone, but the member account is available only to co-op members.³⁰
For companies and researchers, they can schedule gigs on the platform to get feedback from patients.³¹
In Savvy Coop’s model, patients have more control over their personal data because the:
- patients are co-owners of the enterprise;
- patients have a say in the co-op’s decision-making through voting;patients choose who to share their information with;
- patients receive remuneration for sharing their data; and
- patients are entitled to a profit-share from the co-op.³⁰
Additionally, the consumer view of greater control over how consumer data is used, and the possibility of receiving remuneration is actuated at Savvy Coop because patients retain control over the sharing of their medical information, and the opportunity to be remunerated for sharing the data they created.⁵^⁷^³¹
2.C.2. Driver’s Seat LLC: A Driver-owned Data Cooperative
Driver’s Seat, LLC (“Driver’s Seat”) is a driver-owned cooperative that offers a platform where drivers, primarily rideshare drivers, can share their driving data with Driver’s Seat customers, (e.g., local governments and transportation agencies).³³
Drivers can track and share their driving data by using the Driver’s Seat’s mobile application (currently in beta testing).³³
For rideshare drivers (e.g., Uber and Lyft drivers), Driver’s Seat will provide free data insights on their driving habits to help drivers better optimize their earnings.³³Additionally, as a co-operative enterprise, rideshare drivers have a say in the co-op’s decision-making through voting, and are entitled to a profit-share from the co-op.³³
For local governments and transportation agencies, Driver’s Seat will provide rideshare data so that they can make data-driven decisions about “how ridershare relates to transit, how to reduce congestion and VMTs, and how rideshare and delivery impact the curb”.³³
The consumer desire for greater data autonomy, and receiving remuneration is actuated at Driver’s Seat because drivers retain control over how their driving data is shared with third parties, and the opportunity to be remunerated for sharing their driving data with local governments and transportation agencies.³³
2.D. Distributed Data Storage and Personal Data Stores
Distributed data storage is data stored among multiple devices rather than a single device.³⁴ Distributed peer-to-peer (p2p) data storage is a type of distributed storage where data is shared among the nodes on a p2p network.³⁴
A Personal Data Store (PDS) may be defined as software that “offer[s] to store the user’s personal data and allow the user to give controlled access to other organisations.”³⁵ In other words, PDS allow users to “[in]put  data about [themselves] and evidence of [their] identity (using passports and bank statements) which  others [can] access or indirectly use in order to provide you services.”³⁵
Common attributes of PDSs identified by Irina Bolychevsky & Simon Worthington in Are Personal Data Stores about to become the NEXT BIG THING?, are that they “ensure your personal data:
- “would not be lost when the company pivots, is bought up, goes bankrupt or decides to delete or suspend your account since you maintain it”;
- “would not be as vulnerable to misuse, exploitation or data breaches since you hold the data and can revoke access”; and
- “can be kept accurate and up to date more easily from one central location.”³⁵
2.E. AXEL Network and SoLiD are giving consumers new-found control over how they share their personal data with third parties
2.E.1. AXEL Network
Before discussing AXEL Network, we first need to discuss the InterPlanetary File System (IPFS).
The InterPlanetary File System (IPFS) is a project by Filecoin that enables distributed storage and transfer of files among nodes in a peer-to-peer network.³⁶
In the IPFS, file storage is distributed among the nodes on the network such that each node has a chunk of the file data, thereby ensuring that no single node holds a complete copy of a file.³⁶
To achieve the above, the IPFS implements a distributed hash table (DHT) that allows “any participating node to efficiently retrieve the value associated with a given key.”³⁷ By relying on a p2p network, the DHT can scale to an “extremely large numbers of nodes and to handle continual node departures, arrivals and failures.”³⁷
A major advantage of using the IPFS is that it ensures that a node requesting a file will receive it from the closest nodes storing the file, thereby making file retrieval faster.³⁶
AXEL’s IPFS implementation, IPFS Pinning Facility, primarily works as a content distribution network and consumer file storage solution.³⁸
AXEL’s IPFS Pinning Facility is an IPFS tool that has a built-in file management system that makes it extremely easy to upload and manage files on the IPFS for the end user.³⁸
The main reasoning for AXEL’s development of the IPFS Pinning Facility is that since IPFS does not automatically store data unless pinned, the IPFS Pinning Facility “tells a server on IPFS to retain [your] data because it’s important.”³⁸
AXEL’s IPFS Pinning Facility provides three primary benefits:
- “Saving on Bandwidth and Storage,
- Overcoming Latency, and
- Storing Files.”³⁸
AXEL’s IPFS Pinning Facility is also integrated with their blockchain network.³⁹ AXEL Network operates a Proof-of-Stake (PoS) blockchain which is secured through Masternodes.³⁹^⁴⁰
SoLiD seeks to simplify data ownership concerns for consumers and businesses by 1) giving users the freedom to take their data anywhere and avoid vendor lock-in, and 2) for developers, the ability to reuse data in existing apps for new apps so consumer data does not need to be shared with a new service.³⁵^⁴¹^⁴²
In SoLiD, PDSs are called pods, and pods are stored on SoLiD servers.⁴³
SoLiD utilizes Linked Data, a way of connecting resources throughout the web by having a uniform resource location (URL) for each piece of data, and explicitly stating how each piece of data is related to each other.⁴¹^⁴²
There are many issues in our current data privacy climate.
For many consumers, there is a desire for more control over how business and services share their data with third parties, and the ability to receive remuneration for sharing their data with businesses.⁵^⁷^⁸^⁹^¹⁰
This reality has led to consumers adopting a data pragmatist approach to sharing their data with businesses, wherein they give up control over the usage of their data in exchange for access to technologies and services provided by businesses.⁵
For businesses, this has led to a great opportunity to cash in on user-generated data without remunerating users, but also has led to a rapid increase in the number and severity of data breaches.¹⁵
This grim outlook has led to the rise of a privacy-centric market of businesses, technologies and services that share the same views as consumers on data privacy, and hope to provide a feasible alternative to the status quo.²³
This new market is occupied by a new data governance framework that understands and respects the consumer’s need for data autonomy, and even satisfying the consumer desire for remuneration.³⁵^²³^²⁶
Specifically, this new data governance framework and outlook has led to the rise of data cooperatives such as Savvy Coop and Driver’s Seat, distributed data storage providers such as AXEL Network, and personal data storage technologies such as SoLiD.²⁵^²⁹^³⁵^⁴¹^⁴²
Rather than waiting for regulatory reform (especially in the USA) to hold companies more accountable, consumers can take more control over their personal information by integrating privacy-centric businesses, technologies and services into their daily lives.²⁰
We develop and support innovative methods and practices in the areas of decentralization and openness, with a particular emphasis on emerging technologies (blockchain, federated social networks, distributed storage, etc.), emerging and social enterprises, alternative finance, and distributed governance (“alternative areas”).
We are a US-based Cooperative that works globally with our members and partners, whether or not they are individuals, communities or organizations.
 Used synonymously with “user” and “customer”throughout the article.
 Used synonymously with “business” throughout the article.
 Kieran O’Hara, Data Trusts: Ethics, Architecture and Governance for Trustworthy Data Stewardship (Univ. of Southampton, Feb. 2019).
 Nodes that render specific services on the network’s behalf in exchange for remuneration, with eligibility subject to the number of tokens staked.