ThinkableWhat is this?

Who Owns Your Data

You Are Not the Customer. You Are the Mine.

Every time you search for a symptom, linger on a photo, or abandon a shopping cart, a detailed portrait of your inner life is being quietly auctioned off — without your meaningful knowledge or consent.

The Idea

The phrase 'if the product is free, you are the product' has become so familiar it barely registers anymore. But the reality is sharper and stranger than that slogan suggests. You are not simply the product — you are the raw material. Your attention, your anxieties, your hesitations, your 3am searches: these are extracted, refined, and sold in ways that bear almost no resemblance to anything you agreed to in a terms-of-service document no one reads. The legal fiction underpinning this arrangement is consent. You clicked 'I agree,' therefore the transaction is legitimate. But consent, in any meaningful sense, requires genuine understanding of what you're agreeing to. A 2019 study estimated that reading every privacy policy you encounter in a year would take roughly 76 working days. The consent framework was never designed for this world — it was borrowed from medical ethics and property law, then stretched over a completely different kind of exchange. What makes data ownership philosophically slippery is that your data is not like your house or your coat. It is non-rivalrous — a company holding your data does not deprive you of it. It is also deeply relational: your data only becomes valuable in aggregate, cross-referenced against millions of others. This makes the standard property-rights model a poor fit. Owning your data individually, even if the law permitted it, might mean rather less than it sounds.

In the World

In 2018, the European Union's General Data Protection Regulation came into force, and for a brief, heady moment it looked like a genuine reckoning was coming. Users gained rights: to access their data, to request its deletion, to know who it was shared with. Companies scrambled to update their policies. Inboxes flooded with 'we've updated our privacy policy' emails. What happened next is instructive. Research published in 2020 tracked how platforms responded to GDPR in practice. Many deployed what are now called 'dark patterns' — interface designs that make opting out laborious and opting in effortless. Cookie consent banners, for instance, typically present 'Accept All' in a prominent button and bury 'Manage Preferences' in grey text requiring three more clicks. Technically compliant; functionally manipulative. Meanwhile, a Kenyan farmer and a teenager in Manila generate data every day that trains AI systems and feeds advertising algorithms worth billions — and receive nothing for it. The economic value flows in one direction, towards a handful of companies concentrated in a handful of cities. The philosopher Shoshana Zuboff named this 'surveillance capitalism' in her 2019 book of the same name, arguing that what's being accumulated is not just data but the power to predict and subtly shape human behaviour — a kind of power that has no real historical precedent, and no obvious democratic accountability.

Why It Matters

This is not a problem that lives only in policy papers or the concerns of privacy advocates. It shapes the texture of daily life in ways that are easy to miss precisely because they're everywhere. The recommendations you see, the prices you're quietly shown, the news that surfaces first, the ads that follow you across the internet for weeks — these are all downstream effects of data systems built on your behaviour. Understanding that this infrastructure exists changes how you read the digital environment around you. Not with paranoia, but with a clearer sense of the invisible interests at work. It also opens a genuine question about what reform might look like. Some argue for stronger individual data rights. Others propose treating data as a collective resource, with shared governance. A few economists suggest data dividends — direct payments to users whose information generates commercial value. None of these is a tidy solution, but knowing the problem is structural, not merely a matter of bad actors or weak passwords, is the starting point for thinking about it seriously.

A Question to Ponder

If your data is genuinely valuable — valuable enough to power billion-dollar businesses — what would a fair exchange for it actually look like, and who would get to decide the terms?

Get a new one of these every morning.

Start learning with Thinkable
One topic like this, every day.Start free