Data is money

With the global economy revolving around digital technology, data is the most valuable commodity on the market.

When we think of money, we reasonably have the notion that it must be kept safe. ^ We envisage bank vaults, combination locks, private safes filled to the brim with wads of hard cash, etc...

Shouldn’t we apply similar principles to data?

That’s a rhetorical question: Of course we should.

We cannot afford to act with apathy or neglect when we could have a lot of personal data at risk.

¬

The Universal Currency: Data

In the modern era, the global economy is driven through data and our digital infrastructures.

The role that data plays in innovation and new technologies is critical, with vast numbers of organisations shifting towards a “data-driven” approach to make better decisions that suit their organisation, based on the insights generated by data.

First coined by British Mathematician and Data Science Entrepreneur, Clive Humby, the saying “data is the new oil” is very apt considering how valuable data is to the digital economy.

Some people on the internet criticized the phrase for comparing data to oil: Unlike oil which is a scarce commodity, data is not a finite resource and can be reused. However, just like oil, the handling of data should be regulated.

¬

Depending on numerous variables (where you live, your line of work, which hobbies you take part in, etc...) information about you could be worth at least several hundred dollars a year to various companies. This may include Alphabet, Meta, Amazon, Microsoft and Apple.

For the average person living in the USA, their data generated almost $400 per year to Google and over $200 per year to Facebook, according to Proton’s analysis of their regulatory filings.

That’s roughly $600 annually per user, and we aren’t even taking into-account other businesses like Instagram, TikTok, Uber, etc... Thus, overall, your data could be worth well-over $2000 per year between all of the various businesses that collect this.

¬

Data Brokers: The middlemen running the markets

The Privacy Rights Clearinghouse reported that there are currently 270 data brokers in the world who collect and sell all kinds of personal data.

Where do these brokers procure this information? Thousands of "leading brands" sell information to data brokers, causing your data to be held across various databases.

For example, if you signed up for a loyalty card at a clothing store, your information might be sold to companies looking to market to pet owners.

Despite "Data Brokering" being a relatively new industry, brokers already have information for a pretty sizable amount of the population - The single company Acxiom purports to have data from 2.5 billion different people in 2023.

In theory, by the end of 2024 a single data brokering company may have data from over one third of the total worldwide population, and two thirds of the internet-using population.

¬

The (im)morality of Data Brokering

The morals of data brokering is highly questionable.

Most people don't realise quite how much of their data is being procured by these brokers, nor do they realise exactly what data of theirs is being traded by said brokers.

While it's easy to think "ignorance is bliss" until we understand what information may be known about us, from our credit scores and medical history, to our past traumas.

Pam Dixon, executive director of the World Privacy Forum, revealed at a congressional hearing that she had found data brokers selling information about people with health conditions like anorexia, substance abuse, and depression.

Undoubtedly the worst of these was a "Rape Sufferers List" sold by MEDbase 200, which was taken down following an inquiry from the Wall Street Journal.

It's upsetting how much money these brokers can make from information about our traumas.

¬

Values For You & I

The value attributed with data can vary wildly, especially when comparing perceived worth against recorded sales values.

If we focus on revenue for Data Brokers, it was estimated in 2012 that the data brokering industry generated a whopping $150 billion from its operations. Adjusting for inflation, that is $210 billion now, before we even account for the additional data they would have received in the last 12 years.

As it happens, we don't need to adjust for inflation: The Data Broker market size was given an approximate valuation of over $250 Billion in 2023 and market analysts expect this to continue growing rapidly.

If we focus on value to individual companies, it was found that the average email address is worth $89 to a company over a prolonged length of time, as per Experian CheetahMail who conducted analysis of client email data.

If we focus on the 'perceived' valuations for everyday people, According to a survey from SailPoint Market Pulse, one in five employees would sell the passwords to their work accounts, with 44% willing to sell for $1,000, while others would sell for less than $100.

If we focus on 'doxxing' valuations, we can find services in the UK that will determine the living address of a person for a cost of only $50, so long as they are provided some personal details (name, email address, phone number, etc…)

If we focus on the 'dark' valuations, we can see that people on the Dark Web / DarkNet will pay for hacked accounts or personal details of people, with prices illustrated in the Privacy Affair’s price index below...

¬

The penalties of not securing data

As discussed earlier, our personal data generates hundreds of dollars per year to companies like Google and Facebook according to analysis from Proton, being worth thousands of dollars overall between all of the various businesses that may want to utilise this.

But what are the financial implications for organisations that promise to keep our data secure?

The fine for data breaches outlined in the General Data Protection Regulation (GDPR) states that the penalty may be as expensive as 20 million euros or 4% of an organisation's total global turnover from the preceding fiscal year (whichever value is highest).

Related to this, the financial penalty for violating Digital Operational Resilience Act (DORA) will cause organisation to incur a maximum fine of 2% of their total annual worldwide turnover, or 1% of the company’s average daily turnover worldwide.

It can be anticipated that when the European Supervisory Authorities (ESAs) impose penalties like these to a company that failed to comply with DORA and GDPR, said company will surely be in a state of financial peril.

Outside of these penalties, people will also lose trust in the organisation that let them down, which can result in customers choosing to disaffiliate with said organisation.

Organisations which fail to comply with DORA and GDPR will be penalised by the European Supervisory Authorities.

One can anticipate that a company failing to comply with DORA and GDPR will face almost certain financial peril.

In this way, our data is not only worth a lot if companies utilise it, but it is worth a vast amount if they don't keep it secure, and handle it with wanton disregard.

¬

In Conclusion

Both our privacy and our data are (and should remain) important to us.

They are also worth more than we might initially value, irrefutably being worth (cumulative) thousands per year.

As a reminder, hundreds of dollars of annual revenue is generated to Google and Facebook per user, without taking into-account other companies like YouTube, Instagram, Twitter, Uber, LinkedIn, Amazon, Microsoft, etc…

Your email address alone is worth on-average $89 per company.

Let’s not give away freely (or cheaply) what companies are desperate for.

And please make sure that you don't undervalue your data,