In May of 2018, the EU adopted the General Data Protection Regulation, referred to by The New York Times as “the world’s toughest rules to protect people’s online data.” Among its many safeguards, the GDPR gave individuals ownership of their personal data and thereby restricted its collection and use by businesses.
“That’s a good first start,” said Alex Pentland, a co-creator of the MIT Media Lab who played a foundational role in the development of the GDPR. “But ownership isn’t enough. Simply having the rights to your data doesn’t allow you to do much with it.” In response to this shortcoming, Pentland and his team have proposed the establishment of data cooperatives.
The idea is conceptually straightforward: Individuals would pool their personal data in a single institution — just as they pool money in banks — and that institution would both protect the data and put it to use. Pentland and his team suggest credit unions as one type of organization that could fill this role. And while companies would need to request permission to use consumer data, consumers themselves could request analytic insights from the cooperative. Lyft drivers, for instance, might compare their respective incomes across routes, and ride-share passengers could compare how much they pay relative to other cooperative members.
“Or think about the ways you could identify whether a hospital is serving you the way you want to be served: Today, even if you have your own data, you can’t know if anything problematic is happening systematically,” Pentland, who is also a professor in information technology at MIT Sloan, said. “But pool your data with a group and you can get better health care, better transportation, the kinds of policies out of Facebook that we’d like to have, and so on.” In short, pooling data would bring inequities, exploitive practices, and inefficiencies to light.
At a time when data has become one of the world’s most prized commodities — “the new oil” according to the World Economic Forum — data cooperatives would spur a shift in power from the hands of a few immensely influential companies to many individuals. Pentland sees analogs in the early efforts to create both banks and unions. These institutions addressed problems of collective action and asymmetrical power by organizing financial resources in the case of banks and labor in the case of unions.
Data cooperatives could also eliminate the “cold start problem,” in which incumbent tech firms with vast stores of data possess an almost insuperable advantage over younger competitors. If a group of credit unions that ran data cooperatives had 50 million members, Pentland explained, then an entrepreneur could approach the cooperatives and pitch an alternative to, say, Instagram. “The credit union could tell its 50 million customers, ‘I think this is a good idea,’ and suddenly that new entrepreneur ends up with 10 to 20 million customers overnight,” he said. “It’s identical to the financial side of things: credit unions can move a fairly large amount of money fairly quickly because of the power of the aggregate.”
Unlike in the EU, American laws concerning consumer rights to their data remain murky: It’s not always clear how much of the data that Americans give to the private sector they will later have access to. And, even in cases where consumers do own their data, access can be tricky. Pentland pointed to medical records, which individuals have explicit legal rights to, and which hospitals often make difficult to obtain. If a data cooperative instead of an individual showed up at the hospital door bearing demands for 10,000 records, the request would be more difficult to sidestep.
Several states have now asked credit unions to look into the idea of data cooperatives, but the model has yet to gain a foothold. “Credit unions are conservative,” Pentland said. But assuming the idea gains traction, the infrastructure won’t be difficult to build. Technology exists to automatically record and organize all the data that we give to companies; and credit unions, which have 100 million members nationwide, possess charters readymade to take on data management.
“From a software point of view, we’re there. From a legal point of view, we’re there,” he said. “We just need a couple of examples to demonstrate exactly how this works.”