Lade Inhalt...

Is data the new currency in information society? Limits to the commodification of personal data from Lawrence Lessing’s theory of regulation

Seminararbeit 2014 12 Seiten

Jura - Öffentliches Recht / Staatsrecht / Grundrechte




Part I Practice
1. Definition
2. Examples

Part II Limits
1. Law
a) US legislation
b) EU legislation
c) The collision of privacy concepts
2. Market and self-regulation
3. Technology

Part 3: Conclusion



As Information Technology has made it possible to process enormous amounts of data in an efficient delocalized and omnipresent way, the scenario of data as the new currency is very likely to become a future prospect in the information society. When even powerful institutions like the European Commission state that “data has acquired enormous economic significance[1] it is possible to guess the enormous potential coming up in this field. As enthusiastic as Google might be about this, concerns about the trade with personal data come naturally. What implies this practice for the users’ interests and their privacy? To identify the direction in which the development of this issue could go, I first try to explain what the commodification of personal data exactly means, then I identify incentives for it and show relevant examples. In the second part, I will point out limitations using Lessing’s theory of regulation through law, market and technology to answer in the end if personal data is really becoming the new currency in information society.

Part I Practice

1. Definition

Commodification is defined as the process to turn into or treat a thing as a mere commodity[2] ; that means it gets exchangeable even though it is not by nature commercial or saleable.[3] It becomes a product or object or even a kind of currency, the fact or quality of passing it from man to man as a medium of exchange in a capitalist society.[4] The subject to this discussion here is personal data[5] which also refers to privacy aspects. Inherent in the commodification practice is that it often comes without considering different aspects in subjects to it, but reduces them to their economic value. Personal data and privacy can be seen as abstract concepts[6], so playing them down to a mere commodity, what are the dangers and consequences? And what is there more behind these concepts?

2. Examples

The commodification of personal data is a business model with quite widespread practice. Google might be the best known actor in this game. By providing free services like an email server, a search machine or a social media network, they incite users to create web content and disclose personal information when they organize events, answer queries, post a status and interact with friends. A surveillance system is employed to gather all that data to subsequently create consumer profiles. This is very valuable for other companies that make online advertisements and can use the broad and accurate information about a person to target potential customers.[7] Google uses personal information of users as an exchange medium against some money from advertising companies. According to the principle “if you don’t pay for it, you are the product”[8] this is the way how commercial websites can be profitable. How well it works, just becomes clear from the fact that the Google founders are amongst the richest individuals in the world.[9]

Users are an active part in this profit strategy; however, they do seem not to gain anything from it, but the access to certain platforms. But denying the data-against-internet service-deal would mean exclusion from the virtual social sphere. Personal information is perceived as a consumer right, an alienable good that can be passed around and exploited economically.[10] The sharing-spirit of internet users and their unawareness of what is actually happening make the system perfectly work.

But what else do consumers lose but control, if their information is traded? Can it be more than a tool of participation in the modern society?

Part II Limits

These questions may be clarified through the analysis of limitations that could possibly and in fact do restrict the commodification of personal data. The theoretical approach to find modalities is drawn from Lawrence Lessing’s model of regulation. Instruments can therefore be the law, the market and technology.[11] Also social norms are named, but they are assumed to be part of the discussion in the law-field.

1. Law

On the one hand, states can protect their citizens by introducing legislation that prevents companies from the commodification of personal data. Two approaches to this can be identified that rely on different concepts of privacy.

a) US legislation

The legislation regarding the use of personal data in the US is designed on a narrow sector-by-sector basis and is anything but ordered. Statutes differ between private and public sectors and between different forms and contents of data.[12] Most of the time, information collection and processing is generally allowed unless a specific law forbids it, also when it comes to sensitive information. Before the US legal system acts, the lawmaker waits for the need for a regulatory measure. Much more the industry is supposed to establish a voluntary self-regulation.[13] Companies in new business areas are totally free from any sectorial regime. Thus, new media companies like Google can mine data and send tailored advertisement because they are free to have their own privacy policies with their own terms of use.[14] The government trusts them to take protective measures for consumer privacy[15], but their privacy statements often contain catch-all stipulations that grant them flexibility in using consumer information.[16]

On the basis of this is a very liberal, market-oriented approach. Legislators believe that business can meet consumer’s expectations. Personal information is even sometimes perceived as some kind of property that can be signed away freely. Everyone possesses information about themselves that would be valuable under some circumstances to others for commercial purposes[17] and individuals themselves can decide what they do with their data and how much privacy they need when they consent to the terms of use. This is indeed the concept as described in the definition above, personal data is perceived as a mere commodity.

All this comes down to the U.S. privacy concept. It is strongly relying on the 18th century’s idea of freedom against intrusion from the state, especially in one’s home.[18] Regarding the personal data market, the interference in one’s personal affairs by the media or other actors is not feared so much but the focus rather lies on market liberties that exist outside one’s home. People are considered to be free to do as they wish, subject only to limits that prevent harm to others.[19] “If you want to sell your personal information, do it. If you don’t want to sell it, don’t do it”[20] Another factor for it is the strong commitment to the 1st Amendment that protects the freedom of expression and therefore the free flow of data.[21]

Here privacy is not understood to be a vulnerable part of the control over personal data, but is considered a commodity. Very few limits are set to the data trade, the focus is rather on how to better promote the market’s potentials and how to meet consumer’s demands at best. It is not surprising that all big companies like Google, Facebook etc. that are under US law tend to commodify data. However the problem is that they operate with global reach.

b) EU legislation

EU-legislation is leading the field of data protection and privacy, due to the fact that systematic and strong rules were elaborated. Article 7 of the EU Charter of Fundamental Rights and article 8 of the European Convention of Human Rights (ECHR) both address the right to respect for private and family life, whereas article 8 of the EU Charter of Fundamental Rights contains even an own right to protection of personal data. Privacy is perceived as a fundamental right and put at the top of the norm hierarchy.[22] Also the 1995 EU Data Protection Directive promotes a high privacy protection standards that should be harmonized among the different nations, even though it also driven by a lot of economic interests.[23]

The idea for the European concept of how personal data should be treated derives mainly from the federal German law (Bundesdatenschutzgesetz) that strongly focused on autonomy and self- determination, the right to control information disclosed about oneself.[24] The information is considered far more than just a product, but it contains also aspects of human dignity[25] It relates directly to the individual and is treated similarly to the control over the public image and other sorts of information disclosed about oneself[26] Privacy is perceived as a value at the core of what makes life worth living without which we would lose our very integrity as persons.[27] It permits to express the own personality, to make deliberate choices independent from other people and to be protected from discrimination. So it is important on the one hand for the individual itself and his freedoms.[28] But additionally it is considered to have a significant role for society as a whole. By allowing everyone to form own opinions in anonymous areas, privacy is supposed to create diversity, an important cornerstone of a democratic society.[29] Only with different opinions there can be autonomous individuals that have negotiations in the public sphere and find consensus about political issues.[30] The “normalization” of behavior is condemned and every development that makes individuals subject to control, surveillance and exposure to others and to the state.[31]

This European concept leaves little room for the commodification of personal data but is quite contrary to it and doesn’t consider the issue a business problem. Rather putting it as an inalienable fundamental value to personhood, a legal imperative is created to protect this matter of human rights. The concept implies that the commodification of personal data would be the same as the commodification of voting rights.[32]

c) The collision of privacy concepts

U.S. information privacy regulation is based on liberal norms and market forces, while the EU’s regulations are based on social protection norms according to which data privacy is a political imperative anchored in fundamental human rights protection.[33] The privacy as commodity approach stands in conflict with the privacy as human dignity approach and this is based on different cultural perceptions and sensibilities.[34]

But on the long run, the market for personal data will be a global one.[35] The question is now, what the existence of these two different concepts means for US companies engaging data deals with their European consumers. Some guidance can be found in article 25 of the current EU Data Protection Directive. It says that a processing activity is only permitted when the third party country would provide an adequate protection for the consumer’s privacy. The EU consensus however is, that US privacy law does not.[36] There have been attempts to a collaborative lawmaking through the creation of the Safe Harbor, Model Contractual Clauses and Binding Corporate Rules for US companies in order to meet the adequacy requirement. They are a mixture of EU-U.S. standards and permit international data transfers, but generally they are closer to the EU version of privacy norms. However, most claims that were brought by European citizens against U.S. companies will be brought in the US pursuant to US legal principles.[37]


[1] European Commission, Press Releases Database, Data Protection Day 2014: Full Speed on EU Data Protection Reform, published 27.01.2014, accessed 22.04.2014

[2] Oxford English Dictionary (OED), Online version, accessed 09.05.2014

[3] Sebastian Sevignani, The commodification of privacy on the Internet, Science and Public Policy 40 (Munich, 2013) pp. 733,739

[4] Oxford English Dictionary ( OED), Online version, , accessed 09.05.2014

[5] In article 2a of the current EU Data Protection Directive it is broadly defined as “any information relating to an identified or identifiable natural person ( “data subject”)

[6] Fernbeck J., Papacharissi Z.: Online Privacy As Legal Safeguard, New Media and Society, SAGE Publications, London, Vol.9 (5), p. 732

[7] Fuchs C.: A Contribution to the Critique of the Political Economy of Google, Fast Capitalism 8.1 (2011), accessed 28 May 2014

[8] Goodson, S.: If You’re Not Paying for it, You Become the Product, Forbes Online (2012), accessed 28 May 2014

[9] Forbes: “ 2014 World’s Billionaires List ” , accessed 22 May 2014

[10] Campbell J.E , Carlson M. : Online Surveillance and the Commodification of Privacy, Journal of Broadcasting& Electronic Media 46 (4), December 2002, p.592

[11] Lessing L.: Code and Other Laws Of Cyberspace, Basic Books, New York (1999), p.87

[12] Schwartz P. :The EU-US Privacy Collision: A Turn To Institutions And Procedures, Harvard Law Review, 2013, Vol 126:1966, p.1974

[13] Walczuch R, Steeghs L, Implications Of The New EU Directive On Data Protection For Multinational Corporations, Information Technology& People, Vol.14 No.2, MCB University Press, 2001, p.143

[14] See Schwartz supra note 12, p.1978

[15] Schwartz, P. :Property, Privacy, And Personal Data, Harvard Law Review, 2003, p.2086

[16] See Fernbeck , Papacharissi, supra note 6, p.719

[17] Litman J.: Information Privacy/Information Property, Stanford Law Review, Vol.52, No.5 (2000), p.1287

[18] Whitman J.: The Two Western Cultures Of Privacy: Dignity Versus Liberty, The Yale Law Journal, Vol. 113: 1153, 2004, p.115 9

[19] Mill J. L: On Liberty , Yale University Press, 2003, p.1859

[20] See Schwartz, supra note 16, p.2074

[21] See Julie Tuan, U.S. West, Inc. v. FCC, 15 Berkeley Tech. L.J. 353 (2000)

[22] Gutwirth S.: Privacy and the Information Age, Rowman & Littlefield Publishers, Inc., Maryland (2002), p.35

[23] That is what is called the directive’s dual nature, see Gutwirth, supra note 22, p.88

[24] General outlines of the German right, see § 823, at 61 BÜRGERLICHES GESETZBUCH [BGB] (Otto Mühl &Walther Hadding eds., 1998) (commentary by Zeuner).

[25] See Schwartz , supra note 11, p.1969

[26] See Whitman, supra note 17, p.1161

[27] See Whitman supra note 17, p.1551

[28] See Gutwirth, supra note 22, pp. 34

[29] See Gutwirth, supra note 22, p.30, p.44

[30] Schwartz P: Privacy and Democracy in Cyberspace, 52 Vand.L.Rev, 1999, p. 647-58

[31] See Gutwirth, supra note 22, p.44

[32] Samuelson P. :Privacy as Intellectual Property?, Stanford Law Review, 1125, 1143 (2000)

[33] Se e Schwartz, supra note 11, p.1989

[34] See Withman , supra note 17, p.1160

[35] See Litman, supra note 16, p.1287

[36] See Schwartz, supra note 11, p.1979

[37] See Schwartz , supra note 11, p. 1981


ISBN (eBook)
ISBN (Buch)
944 KB
Institution / Hochschule
Umea University – Department of Law
limits lawrence lessing’s



Titel: Is data the new currency in information society? Limits to the commodification of personal data from Lawrence Lessing’s theory of regulation