7) Privacy is a misunderstanding that does not apply to data.
Of all of them, this one gives me the biggest hiccup. This tenet seems to be in direct conflict with every international privacy and "right to be forgotten" law.
I'd argue that at the very least, data about my person (if not gathered by another entity) is in fact owned solely by me, and all rights and responsibilities associated with that data are mine to choose.
Hi! I'm struggling to understand how someone can have rights to something (5), able to control something (6), and able to sell something (16) but not "own" it (1). What definition of "own" am I not understanding in this context? Thanks!
To be clear, there was no statement I made to agree or disagree with. I asked a question about the definition of “own” and didn’t have a position one way or another.
Ah, that makes sense, I was just resonating with the question of how we can have rights to something and control something without owning it. I agree there's a different conception of the word "own" here.
Chris, you are right to question. My statement is a bit too blunt. The way I am using "own" is the way most people think of it as a binary thing. You either own it or you don't. But I am thinking of it like infrastructure like a road, or other things in the commonwealth. I can have all kinds of access, use, and temporary control of the road, and in certain case even maintance responsibilities, while ownership may be in the collective. Who owns the internet? Who owns the water in a river? We have water rights and responsibilites. I claim data, whatever its origin, is a commonwealth, and should be treated as such (although the current legal strucure is no where near this).
This nails why enclosure is broken—data does get more valuable when it connects and moves.
But #18 ("tragedy of the commons must be protected by governments") skips the hard part. Ostrom showed commons can work, but only with real governance: boundaries, monitoring, enforcement.
Publisher "first-party data clean rooms" show the problem. The name itself is contradictory—"first-party" means mine, "sharing" means not mine. In practice, the operator sets the terms on queries, retention, portability. That's not shared control (#6), that's permissioned access.
What's the governance mechanism that prevents this from just becoming private control with better branding?
Whew. And what exactly is this mishmash supposed to mean? What are your readers supposed to do with it? Did you intend to make some kind of call to action regarding data? Or just fill some empty space?
Does this mean that AI's should be able to copy anything they can, since everything is data, one way or another?
Thought-provoking, but maximalist. Treating data as ownerless and “born for the commons” sounds liberating until we need accountability, investment or safety. A more workable path: stewardship over ownership, tiered commons like open aggregates or controlled sensitive sets, purpose-limited consent and verifiable provenance. Movement can create value, but without minimization, deletion and fiduciary duties, “movage” is just sprawl. Build enforceable rights, then let the data dance. For example, I would work around these points:
1) Stewardship with fiduciary duties: replace “ownership” with accountable stewardship. Assign clear roles (subject, steward, processor) with fiduciary obligations like purpose limitation, minimization, auditability. Redress when harm occurs.
2) Tiered commons: open by default for low-risk aggregates, controlled access for sensitive data, prohibited for categories with high misuse potential. Access is time-bound, revocable and tied to declared purposes with verifiable provenance.
3) Movage with guardrails: encourage interoperablity and secure data mobility, but require cryptographic lineage, usage logs and deletion-by-default. Movement should increase value without spreading sprawl. Share when duties are met, stop when risk or entropy rises.
"To manage the web of relationships, rights and responsibilities of data will require technological and social tools that don’t exist yet."
That's too definitive a statement though. In the spirit of this insightful piece, what about:
To manage the web of relationships, rights and responsibilities of data will require technological and social tools *that to my knowledge* don’t exist yet.
7) Privacy is a misunderstanding that does not apply to data.
Of all of them, this one gives me the biggest hiccup. This tenet seems to be in direct conflict with every international privacy and "right to be forgotten" law.
I'd argue that at the very least, data about my person (if not gathered by another entity) is in fact owned solely by me, and all rights and responsibilities associated with that data are mine to choose.
I thought the same thing. I’m curious to know his thoughts on why privacy is a misunderstanding?
Privacy is misapplied to data because trying to hide, and isolate data reduces its value.
Hi! I'm struggling to understand how someone can have rights to something (5), able to control something (6), and able to sell something (16) but not "own" it (1). What definition of "own" am I not understanding in this context? Thanks!
I agree, I think own is important.
To be clear, there was no statement I made to agree or disagree with. I asked a question about the definition of “own” and didn’t have a position one way or another.
Ah, that makes sense, I was just resonating with the question of how we can have rights to something and control something without owning it. I agree there's a different conception of the word "own" here.
Chris, you are right to question. My statement is a bit too blunt. The way I am using "own" is the way most people think of it as a binary thing. You either own it or you don't. But I am thinking of it like infrastructure like a road, or other things in the commonwealth. I can have all kinds of access, use, and temporary control of the road, and in certain case even maintance responsibilities, while ownership may be in the collective. Who owns the internet? Who owns the water in a river? We have water rights and responsibilites. I claim data, whatever its origin, is a commonwealth, and should be treated as such (although the current legal strucure is no where near this).
Ah yes, ok I like this very much. So public or collective ownership.
This nails why enclosure is broken—data does get more valuable when it connects and moves.
But #18 ("tragedy of the commons must be protected by governments") skips the hard part. Ostrom showed commons can work, but only with real governance: boundaries, monitoring, enforcement.
Publisher "first-party data clean rooms" show the problem. The name itself is contradictory—"first-party" means mine, "sharing" means not mine. In practice, the operator sets the terms on queries, retention, portability. That's not shared control (#6), that's permissioned access.
What's the governance mechanism that prevents this from just becoming private control with better branding?
Pithyness helps most of the times but not all of the times. Please be a little more verbose, Kevin.
Whew. And what exactly is this mishmash supposed to mean? What are your readers supposed to do with it? Did you intend to make some kind of call to action regarding data? Or just fill some empty space?
Does this mean that AI's should be able to copy anything they can, since everything is data, one way or another?
No datum is an island.
Agree.
Old hacker manifesto
Thought-provoking, but maximalist. Treating data as ownerless and “born for the commons” sounds liberating until we need accountability, investment or safety. A more workable path: stewardship over ownership, tiered commons like open aggregates or controlled sensitive sets, purpose-limited consent and verifiable provenance. Movement can create value, but without minimization, deletion and fiduciary duties, “movage” is just sprawl. Build enforceable rights, then let the data dance. For example, I would work around these points:
1) Stewardship with fiduciary duties: replace “ownership” with accountable stewardship. Assign clear roles (subject, steward, processor) with fiduciary obligations like purpose limitation, minimization, auditability. Redress when harm occurs.
2) Tiered commons: open by default for low-risk aggregates, controlled access for sensitive data, prohibited for categories with high misuse potential. Access is time-bound, revocable and tied to declared purposes with verifiable provenance.
3) Movage with guardrails: encourage interoperablity and secure data mobility, but require cryptographic lineage, usage logs and deletion-by-default. Movement should increase value without spreading sprawl. Share when duties are met, stop when risk or entropy rises.
I really like that idea
"To manage the web of relationships, rights and responsibilities of data will require technological and social tools that don’t exist yet."
That's too definitive a statement though. In the spirit of this insightful piece, what about:
To manage the web of relationships, rights and responsibilities of data will require technological and social tools *that to my knowledge* don’t exist yet.