Data protection and insider trading regulation—regulating information in the market
Let’s assume that personal data is a commodity, that can be traded by the individual for some utility. This is not quite true, but can give us an interesting perspective.
The EC data protection directive (EC/95/56, based on the ETS 108 and OECD guidelines) stipulates that the controller tells the subject (non-exhaustive):
- what data is being gathered
- what it’s going to be used for
- who it may be disclosed to
- which facts must the subject disclose to fulfill an agreement under consideration
Now this can be seen as a mechanism for creating a market with near-perfect information. These regulations fix the value of the data for the buyer (the controller). They both disallow the buyer to use their (alleged) superior knowledge of the potential value of the data, and they limit the rise of that value in the future. An optimal description of the data use could now be seen as something which the seller (the subject) can get the most accurate valuation of the data.
So the EC data protection, instead of inhibiting a market for personal data, can be seen as a very Adam Smithian attempt at creating the optimal market for such.
These kinds of restrictions on the use of superior knowledge are of course analogous to insider trading regulation and reporting requirement in stock markets. And stock markets, I think, are generally agreed to be just that—markets.