Communications of the ACM

to improve the quality of their guesses about what you want to buy next.

If they succeed, you keep using the fridge. If they do not, it’s off to a competitor.

In all cases, data is the oil that powers the device. It is the resource that enables the device to improve—and thus attract more customers. This makes your personal data extremely valuable.

The question is: How valuable?

Consumers are potentially willing to give up their data—but they want something in return. For instance, a study conducted by Parks Associates found approximately half of U.S. households are willing to share smart device data and control in their home in exchange for a discount on electricity.

However, not every price is one con-
sumers are willing to pay. The study
also found that consumers were more
likely to share their data in exchange
for incentives like discounts, versus
“intangibles” such as “product recom-
mendations or simplified ordering.”
This seems like a pretty straightfor-
ward quid pro quo: companies need to
make it worthwhile for consumers to re-
linquish their personal data. In the case
of smart homes, maybe that’s a discount
on bills. For a social network like Face-
book or an Internet giant like Google,
users are given state-of-the-art commu-
nication and search tools in exchange
for data on their browsing habits.

In some cases, companies and consumers agree on the value of data and transact in kind. But even when they do, turning consumer data into dollars can be difficult. The real value of data may actually lie in its aggregation. Tech titans are looking to learn about millions of people at once, not individuals, and they value data that has been analyzed in aggregate to deliver insights that can be monetized, rather than a muddle of machine-generated data that hasn’t been assessed.

This leads to wildly different as-
sessments of the monetary value data
provides. Business analytics student
Pauline Glikman and econometrics
professor Nicolas Glady tried to assess
data’s value in a 2015 TechCrunch arti-
cle. In assessing Facebook acquisitions
of WhatsApp and Instagram, as well
as Microsoft’s purchase of Minecraft,
they found the value of each user was
anywhere between $15 and $40. How-
ever, general information about indi-
viduals, like age or gender, was sold
for as little as $0.0007 per data point by
data brokers that collected this infor-
mation online.

So how much is data actually worth? The short answer is, it depends. This uncertainty introduces some complexities when governments attempt to introduce blanket data protection regulations.

Regulatory Hurdles

In the European Union, the General Data Protection Regulation (GDPR) will come into force in May. In the opinion of Jang at Leap Year Technologies, this law is the most significant one affecting individual and corporate data. “Any company that collects or processes data on EU citizens will need to comply with strict new requirements for data protection, or face massive fines for non-compliance,” he says.

The GDPR protects any information
“that can be used to directly or indirect-
ly identify the person,” according to
the European Union’s official website
on the regulation. This includes “any-
thing from a name, a photo, an email
address, bank details, posts on social
networking websites, medical infor-
mation, or a computer IP address.”
The rights conferred by the GDPR to
EU citizenry include the right to be noti-
fied of data breaches, visibility into how
their personal data is used by companies
that collect it, and the “right to be forgot-
ten,” or the right to request that whom-
ever has their personal data erase it.

This law gives individuals increased control over their personal data and, by extension, its value to firms who want to access it. Companies that sell to EU citizens will no longer be sure the data they collect will be available indefinitely. In fact, says Jang, companies that process large volumes of sensitive data, use data to predict or profile, and/ or transfer sensitive data across borders should be preparing now.

“Companies will need to incorporate anonymization, data minimization, and privacy-by-design into their data processing activities,” Jang says. The GDPR can apply to companies outside the EU, which puts a large swath of firms at risk. In fact, any company that offers goods and services to EU citizens must comply with the new regulatory environment.

For further information
or to submit your
manuscript,
visit jdiq.acm.org

ACM Journal of
Data and
Information Quality

Providing Research and Tools for Better Data

ACM JDIQ is a multi-disciplinary journal that attracts papers ranging from theoretical research to algorithmic solutions to empirical research to experiential evaluations. Its mission is to publish high impact articles contributing to the field of data and information quality (IQ).