To report on data ownership in a country, we should first understand what is meant by data ownership. Ownership has existed in human civilization for so long that we do not know why and how we have such institutions as ownership. By knowing whys and hows, I will be able to identify functional equivalents in the Korean society.
Data ownership, what it means
In terms of why, we can think of Tragedies of Commons as one of the reasons of having land ownership. Along the same line, we can think of why we created such institutions as intellectual properties. Both reasons (land ownership, copyright/patent ownership, etc.,) are consistent with the theory that data ownership is concocted to respond to market failure of some sort.
The difficulty is, in order to call something a failure, you need to have axiomatic values through which things are evaluated. In the case of Tragedies of Commons, the production of livestock was such value, and in the case of Copyrights and Patents, the advances in science and arts was such value, and they are unassailable as they are. What are we trying to protect with data ownership? Efficiency? More data usage? Discourse is full of literature warning the perils of data usage, especially big data.
In terms of how, what does it mean to “own” something? Exclusive possession and control do not suffice because you can obtain that by contracts. Hegelian scholars got together in 1980s in the United States to figure this out and ironically and somewhat tautologically concluded that when we say someone owns something, what we mean is that he or she can disown it, meaning that he has the legal right to transfer ownership to another person however restricted it may be. Both real properties and intellectual properties satisfy this requirement. If you are an author of the book and therefore owner of the intellectual properties over that book, your ownership means that you can transfer whatever Hofeldhian matrix of rights and privileges you have, to another person, so that the other person has the same rights and privileges. This is a legal feat that no other person can achieve other than the so-called “owner” of the book.
Characterizing ownership as such, the closest thing we have around the world to data ownership is reflected in data protection laws. Data protection law and even its precursor the German Constitutional Court’s Census decision, as well known, is predated by the American concept of fair information practices concocted by the non-lawyer Alan Westin, who thought that data disclosure from individuals to companies and governments should not be left to be governed by the law of contracts but by the law of property because powerless individuals do not have the sophistication to negotiate over or enforce the conditions of data disclosure. So he thought that there has to be some default rules protecting data subjects. Currently, data protection law entitles data subjects to ownership rights over “data about them” as if they own cars. If you want to borrow my car over weekend, you will be in some sort of trespass if you take it without my consent. Once you obtained that consent and the car, saying you will use it for shopping in the city, you will be in violation if you use it to go out to the country side. If you let your own friend use the same car, it goes without a question that you will have to ask for my consent. If I want to take the car back or check on the car in the middle of the weekend, you will have to gladly return it to me or make available to me for inspection, even during the rental period. And so on.
Data ownership in Korea
Having said so, what sort of ownership on data is recognized in Korea?
First of all, intellectual properties on data base itself is recognized by the copyright law, with the protection period of 2 years available not just to the data collector but also the person who has financially sponsored such collection. If you think about it, it is not really copyright that is recognized because copyright requires the minimum modicum of artistic efforts and building a data base does not involve such efforts. In that sense, data base right is different from anthology right(편집저작권).
Secondly, Korea does have European style data protection law which confirms and is confirmed by the rhetoric that “you own data about yourself”. Because data ownership did not begin as a theory but a rhetoric to protect privacy (meaning a right to retain confidentiality over confidential matters), the effectiveness of the data protection law over publicly available data has been seriously questioned. I believe that German data protection law also has exceptions to information drawn from public available sources (Correct me if I am wrong) and these exceptions were the foundation of the teachers’ reputation platform case a few years ago. Also, although Korean data protection law is so strong as to be accompanied by geo-location data protection law which protects even non-personal geo-location data, it is also very weak in protecting the national identification numbers in that a statutory exception authorizes so many government agencies to collect national identification numbers as a condition of providing their services so that data protection law in practice fares badly in the minimum collection principle. Another reason that data protection law has been challenged locally is because of the existence of so many other laws protecting data subjects
Thirdly, the law of torts and the law of crimes have created some approximations of semantic data ownership, namely by “defamation by truth”. Article 307 para 1 of the Criminal Code punishes by incarceration spreading truth about another person that lowers his or her reputation. Paragraph 2 punishes spreading falsity. This creates the effect that any data subject who does not like truth about him to be shared widely can file criminal complaint . This has resulted in various non-sensical judgments in Korea. A worker complaining about not being paid his wages was criminally indicted and convicted of defamaing his employer where non-payment of wages is a crime! An elderly person speaking again truthfully about being beaten by an officer of his elderly association was again convicted of defamation where the officer’s cohorts was actually convicted of batter against the speaker.
Evaluation: Data as Public Property?
This brings me to the question of whether data ownership (whether data subject owns it or data subject’s producer owns it) is a good idea at all. Let me first get out of the way the question on whether data can be owned at all because of its non-exclusive and non-rivalrous nature. I think that, legally, data can be owned just as copyright can be owned, although factual possibility of such ownership will be different.
What is more important, data ownership should have their values straight. Data protection law is there to protect privacy. Copyright law to advance arts. Patent law to advance science. These are all ownership or semi-ownership laws but they are all clear on what they try to achieve. What do we try to protect through data ownership? Only after answering this question, the theory based on market failure works because “failure” needs be defined first.
This leads me to my last point of critique, namely that it is difficult to find value that can be feasibly served by data ownership. Data is produced communally. Data is result of perception. Earth itself is not data. Its presence becomes data only after there is that interaction between nature and sentient beings for data to come into being. It is very difficult to have anyone – data controllers, data collectors, or data base makers – claim exclusive dominion over such relational existence. This critique is most effective against data subject’s ownership, basically data protection law, which it tries to go beyond its original goal of serving privacy and intervenes in governance of publicly available data. Such concept of data ownership by data subjects is, I think, feasible for some parts of the human civilization but I think that it is not feasible much part of the human civilization because, I think, much of human civilization is data transfer itself. Transfer of personal data, that is.
Given the nature of data, it is profitable to observe that we talked about data ownership only in the sense of private property. I think that we should talk about that in the sense of public property.