‘In Situ’ Data Rights

columns of blocks, illustration - Credit: Omelchenko

‘In Situ’ Data Rights
Communications of the ACM, December 2021, Vol. 64 No. 12, Pages 34-35
Economic and Business Dimensions
By Marshall W. Van Alstyne, Georgios Petropoulos, Geoffrey Parker, Bertin Martens

“By moving our data to portals that would share more value in return, we might capture more of our data value.”


If we are to hold platforms accountable for our digital welfare, what data rights should individuals and firms exercise? Platforms’ central power stems from their use of our data so what would we want to know about what they know about us? Perhaps a reallocation of rights will rebalance the right allocation. To date, the General Data Privacy Regulation (GDPR in the E.U.) and California Consumer Protection Act (CCPA in the U.S.) grant privacy rights to individuals, including the right to know what others know about them and to control data gathering, deletion, and third-p arty use. Legislation also includes data portability rights, an individual right to download copies from and upload copies to destinations of one’s choosing as protections for individuals. Neither yet covers businesses. The proposed Digital Markets Act (DMA) takes a step in that direction. The theory is that privacy empowers individuals to control what is gathered and who sees it; portability permits analysis and creates competition. By moving our data to portals that would share more value in return, we might capture more of our data value. After all, that data concerns us.


Data portability sounds good in theory—number portability improved telephony—but this theory has its flaws.


  • Context: The value of data depends on context. Removing data from that context removes value. A portability exercise by experts at the ProgrammableWeb succeeded in downloading basic Facebook data but failed on a re-upload. Individual posts shed the prompts that preceded them and the replies that followed them. After all, that data concerns others.
  • Stagnation: Without a flow of updates, a captured stock depreciates. Data must be refreshed to stay current, and potential users must see those data updates to stay informed.
  • Impotence: Facts removed from their place of residence become less actionable. We cannot use them to make a purchase when removed from their markets or reach a friend when they are removed from their social networks. Data must be reconnected to be reanimated.
  • Market Failure. Innovation is slowed. Consider how markets for business analytics and B2B services develop. Lacking complete context, third parties can only offer incomplete benchmarking and analysis. Platforms that do offer market overview services can charge monopoly prices because they have context that partners and competitors do not.
  • Moral Hazard: Proposed laws seek to give merchants data portability rights but these entail a problem that competition authorities have not anticipated. Regulators seek to help merchants “multihome,” to affiliate with more than one platform. Merchants can take their earned ratings from one platform to another and foster competition. But, when a merchant gains control over its ratings data, magically, low reviews can disappear! Consumers fraudulently edited their personal records under early U.K. open banking rules. With data editing capability, either side can increase fraud, surely not the goal of data portability.

Evidence suggests that following GDPR, E.U. ad effectiveness fell,7 E.U. Web revenues fell,5 investment in E.U. startups fell, the stock and flow of apps available in the E.U. fell, while Google and Facebook, who already had user data, gained rather than lost market share as small firms faced new hurdles the incumbents managed to avoid. To date, the results are far from regulators’ intentions.


We propose a new in situ data right for individuals and firms, and a new theory of benefits. Rather than take data from the platform, or ex situ as portability implies, let us grant users the right to use their data in the location where it resides. Bring the algorithms to the data instead of bringing the data to the algorithms. Users determine when and under what conditions third parties access their in situ data in exchange for new kinds of benefits. Users can revoke access at any time and third parties must respect that. This patches and repairs the portability problems.

Read the Full Article »

About the Authors:

Marshall W. Van Alstyne is a Questrom Chair Professor at Boston University where he teaches information economics. He is also a Digital Fellow at the MIT Initiative on the Digital Economy and co-author of the international best-seller Platform Revolution (W.W. Norton).

Georgios Petropoulos is a Marie Curie Skodowska Research Fellow at MIT and Bruegel and a Digital Fellow at Stanford University.

Geoffrey Parker is Professor of Engineering at Dartmouth College, a research fellow at the MIT Initiative on the Digital Economy, and coauthor of Platform Revolution.

Bertin Martens is a Senior Economist in the Digital Economy group at the Joint Research Centre of the European Commission (Seville, Spain) and a Research Fellow at the Tilburg Law and Economics Centre at Tilburg University (Netherlands). The views and opinions expressed in this article do not necessarily reflect those of the Joint Research Centre or the European Commission.