Estimations of the value of the digital economy range from nearly 3 trillion dollars to 8 trillion on the high end. Given the already significant size of the digital economy and the anticipation that it will continue to grow at a breakneck pace, it is little wonder that all eyes are now beginning to focus on the one resource without which economic growth would not be possible: data. Survival and growth in the digital economy is and will be a function of how effectively today’s businesses can leverage their data assets to create the kinds of digital goods and services that continue to add value to the world economy. In this short series, we will examine the following:
- Part one: challenges of monetizing personal data
- Part two: steps to monetizing personal data
- Part three: a data monetizing toolbox for you
Put simply, data monetization refers to any effort businesses take to extract value from their data assets. In general, data assets can generate revenue in three ways:
- The data asset can be sold; examples include copyrighted materials and trademarks.
- The data asset allows the company to create a proprietary product that can be sold; examples include intellectual property, trade secrets and export controlled assets, such as code, engineering drawings and formulas.
- The data asset is financially valuable as its accumulation and manipulation lead to insights and new knowledge that can increase revenue; examples include financial records and proprietary business information, such as transaction data, user activities and records of product use.
Of all the different data assets that companies have, personal data has tremendous potential to generate revenue for the company. Personal data assets are especially valuable because they can be monetized using any of the three strategies described above. When data scientists are able to work with vast amounts of personal data, they can derive valuable insights that, in turn, can be leveraged to create revenue-generating goods and services. With new ways to discover and aggregate personal data and new and ever-more-powerful analytical tools, the value of personal data cannot be overstated. Despite this promise, businesses must recognize that this precious data asset, personal data, comes with a unique set of challenges that must be understood and addressed if the business is going to effectively monetize the asset. More specifically, the unique challenges to address before monetizing personal information are as follows.
- Regulatory requirements: Personal data is subject to a broad range of requirements including privacy and data protection regulations, and the commitments organizations make to data subjects in their privacy notices, contracts, and other instruments. Businesses also have to wrestle with the fact that often times multiple requirements can apply to an individual’s personal data. And to further complicate matters, there may be different requirements that apply to different data elements of the individual’s personal data. These requirements and commitments can place limitations on what personal data is used and how that data is used. There may be restrictions on using the data for purposes other than which it was collected and, relatedly, there may be restrictions on disclosing the data. In either case, businesses may have to consider a range of techniques to mask, modify or de-identify some of the personal data elements to accommodate the monetization process.
- Geographic considerations: Geography poses a unique and complicating factor related to the processing of personal data. There are three geographic considerations that businesses must consider when taking steps to monetize their personal data assets: the data subject’s geography; the geography of the IT infrastructure that is used to process the data, and the geographic location of the user. It is not simply a matter of the well-known challenges associated with the cross-border transfer of personal data. Consider an example of a business that endeavors to monetize U.S. customer data — while U.S. breach notification requirements are likely to follow the data regardless of where it is processed, the location of the processing outside of the U.S. is likely to apply other countries’ privacy regulations to the data as well.
- Breach notification: The breach notification requirement is unique to personal data as no other type of data asset carries with it the obligation to notify the data subject when their data has been breached. This requires businesses to take proactive steps to put in safeguards to adequately protect the data. These safeguards or controls may, in turn, restrict the way that certain elements of personal data are used for monetization purposes. Another consideration raised by the breach notification requirement may include additional due diligence when selecting business partners with whom the personal data may be shared. Lastly, the notification requirement can pose a significant risk to the businesses efforts to monetize personal data if a breach would require the business to disclose these activities before they are ready to go public.
- Unstructured data sources: Companies tend to have a problem understanding all the structured personal data in their possession. They tend to have an even bigger challenge when it comes to the personal data that sits in unstructured data stores. This data can be images (e.g., medical images), audio recordings (e.g., business meetings), PDFs and free text elements that contain copious amounts of information about a unique individual. Locating these unstructured data elements can be a difficult, time-consuming and expensive proposition for any business.
- The identity challenge: Even if companies are able to locate the unstructured data elements they still face several challenges when attempting to correlate the structured and unstructured personal data elements related to a unique identity. For example, how do businesses determine whether information related to a John Smith is the same as information that has been collected about a J. Smith? For that matter, how do businesses know if browsing history or purchasing habits are about John Smith or another member of John Smith’s family or household? How do they distinguish between two unique individuals who happen to share the name John Smith? How do they know if the personal data elements are accurate and up to date (i.e., that the data isn’t stale)?
- Individual rights: In addition to the challenges described above, another significant challenge businesses must contend with concerns the ability to control the data that they want to monetize. Personal data is the only data asset that requires the business to give notice, collect consent, and provide access (and other related rights depending on the jurisdiction) to the data subject’s personal data. The rights given to data subjects over the processing of their personal information present a control challenge that no other data asset poses and a real risk to the attempts a company may make to generate financial gains from the personal data in its possession.
- Data ownership: Personal data as an asset presents a unique challenge in that it is not really owned by the organization, but rather by the data subject to whom it pertains. Whether the data came directly from the individual, from public sources, or from a data broker can further complicate the questions related to ownership. There are contractual and regulatory provisions that can restrict this secondary use of personal data, but for the most part, the question of who owns the data (who controls the uses of the data) remains an open question that is subject to the prevailing social, cultural, and economic norms. Companies should walk a very fine line here as violations of these norms can be as damaging as a significant fine for regulatory noncompliance.
As companies aggregate their personal data stocks for analysis, it is critical that they take the steps needed to assemble as rich a resource as they can about the individuals and data elements in scope. However, the road to personal data monetization is paved with challenges that touch on data quality and accuracy, regulatory restrictions around the use of the data, and questions of ownership. In the next installment of this series, we will highlight some key steps that businesses can take to address these challenges.
If you want to comment on this post, you need to login.