I was recently at a workshop on making better use of (personal) data for the benefit of specific communities. The discussion, perhaps inevitably, ended up focusing on many of the attendees concerns around how data about them was being used.
The group was asked to share what made them afraid or fearful about how personal data might be misused. The examples were mainly about use of the data by Facebook, by advertisers, as surveillance, etc. There was a view that being in control of that data would remove the fear and put the individual back in control. This same argument pervades a lot of the discussion around personal data. The narrative is that if I own my data then I can decide how and where it is used.
But this overlooks the fact that data ownership is not a clear cut thing. Multiple people might reasonably claim to have ownership over some data. For example bank transactions between individuals. Or about cats. Multiple people might need to have a say in how and when that data is used.
But setting aside that aspect of the discussion for now, I wanted to share what made me fearful about how some personal data might be misused.
As I’ve written here before my daughter has Type-1 diabetes. People with Type-1 diabetes live a quantified life. Blood glucose testing and carbohydrate counting are a fact of life. Using sensors makes this easier and produces better data.
We have access to my daughter’s data because we are a family. By sharing it we can help her manage her condition. The data is shared with her diabetes nurses through an online system that allows us to upload and view the data.
What makes me fearful isn’t that this data might be misused by that system or the NHS staff.
What makes me fearful is that we might not be using the data as effectively as we could be.
We are fully in control of the data, but that doesn’t automatically give us the tools, expertise or insight to use it. There may be other ways to use that data that might help my daughter manage her condition better. Is there more that we could be doing? Is there more data we could be collecting?
I’m technically proficient enough to do things with that data. I can download, chart and analyse it. Not everyone can do that. What I don’t have are the skills, the medical knowledge, to really use it effectively.
We have access to some online reporting tools as a consequence of sharing the data with the NHS. I’m glad that’s available to us. It does a better job than I can do.
I also fear that there might be insights that researchers could extract from that data, by aggregating it with data shared by other people with diabetes. But that isn’t happening, because have no way to really allow that. And even so I’m not sure we would be qualified to judge the quality of a research project to know where it might best be shared.
My aim here is not to be melodramatic. We are managing very well thank you. And yes there are clearly areas where unfettered access to personal data is problematic. There’s no denying that. My point is to highlight that ownership and control doesn’t automatically address concerns or create value.
We are not empowered by the data, we are empowered when it is being used effectively. We are empowered when it is shared.
Lost Boy 
I agree, it isn’t simple or black and white and the current drives around ‘enabled’, ‘cloud’, ‘security breach’ etc etc only makes it harder to even try and see answers.
Building on your example, my own example (also as a type 1) – The latest version of a very well known and widely used blood glucose monitoring product (let’s call it ‘Verio OneTouch’) now has a new app (let’s call it ‘Reveal’) that saves your personal readings “… on our cloud based server.” If you bother digging around to find the associated privacy policy it says they “…use information from or about you – for our business purposes, such as data analysis, audits, developing new products…”. There’s the usual stuff about also providing it to third parties, and that they aren’t responsible for security of those third parties.
I see massive potential, in so many ways, but it isn’t necessarily all good massive potential (their app name doesn’t provide great hope around information security)
Do I want this?…will they do the right thing by me (…whatever that may be)? .. I honestly dunno..