Data ownership

Sid Uberoi


Creating Universal Standards for Data Portability and Privacy

A cornerstone principle of Open Banking and Open Finance is data portability, the right for a data owner to take their information with them anywhere they wish. Think about your medical records; when you move from health care provider to provider, taking your information with you and transferring it to your new physician is your right. This is so commonplace in our society we scantly remember a time it didn’t exist or why this wouldn’t be the case. After all, those records pertain specifically to you, embedded with a history of who you are, where you’ve been, and the results of various experiences that inform your future.

But this wasn’t a de facto process in the healthcare field; it is the result of years of consumer and patient advocates pushing for legal protections and systems to easily transfer these records from one place to the next. The reverse is what’s been happening for decades in the employment and income data industry. Imagine a medical company telling you they owned your records and you couldn’t transfer them, or worse, that they intended to sell the information in them over and over again and there is nothing you could do about it. That’s precisely how many employment and income data aggregators operate in today’s world.   

Your employment and income data belong to you, and no organization should restrict your right to own and move this information as you see fit. 

From the three major credit bureaus to Google, companies that collect personal information are largely free to use it however they see fit. The Consumer Financial Protection Bureau (CFPB) created a list of recommendations in 2017, and The United States Treasury Department issued a report with guidance in 2018. Beyond these documents, the United States lacks any law that regulates data privacy at the federal level.

There are a handful of states that have a legal apparatus for data protection. California is by far the leader of the pack in the United States, passing a consumer-centric law in 2018 known as the California Consumer Privacy Act (CCPA). California voters opted to further consumer protections and privacy by passing Proposition 24 (the California Privacy Rights Act) in 2020, expanding the businesses the CCPA applies to, and creating the California Privacy Protection Agency, an overview and enforcement office. 

As listed on the Attorney General’s of California website, the CCPA provides consumers with:  

Laws like the CCPA are a good start, but the state-by-state patchwork nature of privacy laws in the United States leaves consumers without full protection and is completely based on where you live instead of addressing overall rights to own your digital identity and information generated by you. 

When I started working in Google’s Legal department in 2004, we didn’t yet know there would be 27 billion devices connected to the internet in the next 20 years or that there would likely be an astounding 125 billion by 2030. It was the start of what’s now become a lifelong journey to understand data privacy and regulation. In those early years, I learned everything about online user data; its types, creation, uses, and distribution. Less than a decade later, I brought this knowledge to adtech firm Cadreon at the beginning of AdChoices, the advertising industry’s self-regulation regime for direct user management of advertising data. This prepared me for my time as General Counsel of Yodlee, the first fintech data aggregator. There, we realized the industry required forward-thinking about data ethics, which led to the development of a group to outline the principles of Secure Open Data Exchange, now known as Open Banking. 

Starting my career when digital data privacy frameworks began helped me develop insight in regulatory and ethical practices of consumer digital rights. Several industries and governments recognize the need for consumers to control their data. I’ve studied how these rules are created and enforced and it is this experience that reinforces my concurrence of worker-owned employment data. The only parties objecting to this consumer empowerment are those whose business models rely on secret data exchange without consumer control or permission. Like all democratization movements, this transfer of power will be fought by the status quo, but someday we will look back and wonder how personal data was ever not fully owned by the person it describes. 

I joined Argyle because I align with the company’s mission and values. I’m proud to be part of fintech leaders that believe in universal financial access, user-permissions, and worker ownership over their own data.  

If you’re in the employment data field and are interested in contributing to industry data standards, we’d love to hear from you

Sid Uberoi is Argyle’s General Counsel. He is a lawyer, but the views stated in this post are not legal advice and you should not rely on them.  Please seek independent legal counsel to advise you on any legal issues relevant to your business.