Exercises: Who Owns Your Data?
These exercises progress from concept checks to challenging applications. Estimated completion time: 3-4 hours.
Difficulty Guide: - * Foundational (5-10 min each) - ** Intermediate (10-20 min each) - *** Challenging (20-40 min each) - **** Advanced/Research (40+ min each)
Part A: Conceptual Understanding *
Test your grasp of core concepts from Chapter 3.
A.1. Section 3.1.1 explains that data is both non-rivalrous and non-excludable. Define these terms and explain, in your own words, why each property makes traditional property law a poor fit for data. Provide one example (not used in the chapter) where the non-rivalrous nature of data creates a specific governance problem.
A.2. The stakeholder map in Section 3.1.2 identifies five parties with legitimate claims to data in any transaction: the data subject, the data collector, the data processor, the algorithm builder, and society. For each stakeholder, write one sentence explaining the basis of their claim. Then identify which stakeholder is most likely to be underrepresented in governance decisions, and explain why.
A.3. Section 3.2 presents four theories of data ownership: data as property, data as labor, data as a rights-based framework, and data as commons. For each theory, write a single sentence summarizing its core claim. Then identify which theory Eli's objection in Section 3.2.2 most closely aligns with, and explain your reasoning.
A.4. Explain the concept of informational self-determination as described in Section 3.2.3. Where and when did this concept originate? How does it differ from treating data as property?
A.5. What are the CARE Principles for Indigenous Data Governance? List all four components and, for each, explain in one sentence how it challenges Western individual-rights frameworks for data protection.
A.6. Section 3.3.1 defines a data trust and distinguishes it from a data cooperative (Section 3.3.2). In a brief paragraph, explain the key structural difference between these two models. Under what circumstances might a data trust be more appropriate than a cooperative, and vice versa?
A.7. The right to be forgotten (Section 3.3.4) creates tensions with other values. Identify and briefly explain three specific tensions the chapter describes. For each, indicate which values are in conflict.
Part B: Applied Analysis **
Analyze scenarios, arguments, and real-world situations using concepts from Chapter 3.
B.1. Consider the following scenario:
A city government installs air quality sensors across 200 neighborhoods. The sensors collect real-time pollution readings, but they also capture the MAC addresses of nearby mobile devices to estimate foot traffic. A local university wants access to the pollution data for public health research. A tech company wants access to the foot traffic data to build a commercial location analytics product. The residents of the neighborhoods were not consulted before the sensors were installed.
Analyze this scenario using the stakeholder map from Section 3.1.2. Who are the relevant stakeholders? What claim does each have? Which of the four ownership theories from Section 3.2 best addresses the governance challenge here, and why?
B.2. Read the following statement and evaluate it using at least two of the four theories of data ownership:
"I should be paid every time Facebook uses my data to sell an ad. My data is my labor, and I deserve wages for it."
Which theory does this statement draw on? What are its strengths? Using a different theory, construct a counterargument. Be specific about what each framework would prioritize.
B.3. Section 3.3.3 describes the promise and limitations of data portability. Consider a user who wants to leave a social media platform and take their data with them. Identify at least three specific obstacles to meaningful portability described in the chapter. Then propose one additional obstacle the chapter does not mention, drawing on your understanding of data ecosystems.
B.4. Mira discovers that a patient has requested erasure of all their data from VitraMed (Section 3.3.4). The predictive model was already trained on the patient's data, and the model's weights cannot be "un-trained." Analyze this situation using the rights-based framework from Section 3.2.3 and the property framework from Section 3.2.1. Does each framework produce a different answer about whether VitraMed has complied with the erasure request? Explain.
B.5. The Driver's Seat Cooperative example in Section 3.3.2 describes a model in which ride-share drivers collectively pool their data. Apply Ostrom's commons governance framework (Section 3.2.4) to evaluate this cooperative. What are the potential benefits? What risks does it face? Consider the "arguments against" the commons model — do any apply here?
B.6. Section 3.4.2 presents a thought experiment about a pharmaceutical company seeking genetic data from an indigenous community. Under a Western individual-rights framework, individual consent is sufficient. Under indigenous data sovereignty principles, it is not. Write a two-paragraph analysis: In the first paragraph, argue that collective consent should be required in addition to individual consent. In the second paragraph, argue that requiring collective consent undermines individual autonomy. Then write a third paragraph proposing a governance design that attempts to honor both perspectives.
Part C: Real-World Application Challenges -*
These exercises ask you to investigate your own data environment or engage with real-world cases.
C.1. ** Terms of Service Audit. Choose a digital service you use regularly (social media, streaming, fitness app, cloud storage). Locate the relevant sections of its terms of service and privacy policy regarding data ownership. Answer the following: (a) Does the service claim ownership of the data you generate? (b) What license do you grant the service over your content? (c) Can you export your data? In what format? (d) Can you request deletion? What are the stated limitations? Write a one-page analysis evaluating how the service's terms map onto the four ownership theories from Section 3.2.
C.2. ** Portability Test. If you use a social media platform that offers data export (Instagram, Facebook, Twitter/X, TikTok, LinkedIn, or Google Takeout), request and download your data. Examine what is included and what is not. Specifically: (a) Does the export include the inferences the platform has drawn about you (interests, demographics, predicted behaviors)? (b) Could you meaningfully transfer this data to a competing service? (c) What is missing that would be necessary to recreate your experience on another platform? Write a reflection connecting your findings to the portability limitations described in Section 3.3.3.
C.3. *** Stakeholder Mapping Exercise. Select a data-intensive organization or system you are familiar with (your university's learning management system, a health app, a smart home device ecosystem, a loyalty card program). Draw a stakeholder map identifying all parties with a claim to the data generated within that system. For each stakeholder, specify: (a) what data they access, (b) what their claim is based on, (c) how much power they have relative to other stakeholders. Identify the most significant power asymmetry and propose one governance mechanism that could address it.
C.4. *** Data Cooperative Design. Imagine you are designing a data cooperative for one of the following groups: (a) patients at a network of community health clinics, (b) students at a university, (c) residents of a neighborhood with smart city sensors. Draft a one-page governance charter that addresses: membership, data contribution rules, decision-making process, benefit-sharing, and conditions under which data may be shared externally. Explain which elements of your design draw on the data trust model, the cooperative model, and the commons model.
Part D: Synthesis & Critical Thinking ***
These questions require you to integrate multiple concepts from Chapter 3 and think beyond the material presented.
D.1. The chapter argues that no single theory of data ownership is adequate for all contexts (Section 3.6). Test this claim by selecting a specific type of data (genetic data, social media posts, smart city sensor data, or health records) and analyzing it through all four theories. For your chosen data type, which theory provides the most useful governance guidance? Which is least useful? Justify your answers with specific reasoning.
D.2. Section 3.5.3 poses what it calls "the fundamental question of AI-era data ownership": Who owns the intelligence extracted from data contributed by many? VitraMed's predictive model is the example. Write a 400-600 word essay proposing your answer to this question. Your essay should: (a) acknowledge at least three competing claims, (b) explain why the question is hard, (c) propose a governance framework (you may draw on existing models or invent one), and (d) address at least one objection to your proposal.
D.3. Indigenous data sovereignty (Section 3.4) asserts collective rights that do not exist in most Western data governance frameworks. The GDPR, for example, protects individual data subjects. Consider: Should collective data rights be incorporated into mainstream data protection law? What would that look like in practice? What obstacles would such a reform face? Write a two-paragraph argument for and against this proposal.
D.4. Dr. Adeyemi says: "The question isn't who is right. The question is how we design governance systems that respect all of these interests without letting any one of them dominate" (Section 3.1.2). Is this goal achievable? Using the fitness tracker scenario (Section 3.5.1) as your test case, design a governance system that attempts to balance the interests of the individual, the device manufacturer, and public health researchers. Where does your design make trade-offs? Which interests are hardest to protect simultaneously?
Part E: Research & Extension ****
These are open-ended projects for students seeking deeper engagement. Each requires independent research beyond the textbook.
E.1. The Sidewalk Labs Case. Research the Sidewalk Labs Toronto project described in Case Study 1. Write a 1,000-word report addressing: (a) what the proposed data trust was designed to do, (b) why community groups objected, (c) how the project's cancellation related to data governance concerns specifically (as opposed to other issues), and (d) what lessons the case offers for future smart city data governance. Use at least four sources beyond this textbook.
E.2. Data as Labor in Practice. Research Jaron Lanier's proposal (from Who Owns the Future?) that individuals should receive "micropayments" for their data contributions. Then research at least two real-world attempts to implement data-as-labor models (e.g., data unions, data dividends, or California's proposed data dividend proposals). Write a 1,000-word analysis evaluating whether the data-as-labor theory has proven viable in practice. What has worked? What has failed? Why?
E.3. Indigenous Data Sovereignty Across Contexts. Research the application of the CARE Principles in at least two different indigenous contexts (e.g., the Maori Data Sovereignty Network in New Zealand, the First Nations Information Governance Centre in Canada, the Havasupai tribe case in the United States, or indigenous data governance frameworks in Australia). Write a comparative analysis (800-1,200 words) addressing: (a) what prompted each community's data sovereignty efforts, (b) what governance mechanisms they have established, (c) how their approaches differ, and (d) what mainstream data governance frameworks could learn from them.
E.4. Data Trust Comparative Analysis. Research at least three real-world data trust initiatives (e.g., the Open Data Institute pilots, the MIDATA cooperative in Switzerland, the Montreal data trust proposal, or India's proposed data empowerment architecture). Compare their governance structures: Who are the beneficiaries? Who serves as trustee? What fiduciary duties apply? How is data shared, and with whom? Write a 1,000-word comparative analysis and propose which model is best suited for health data governance, with justification.
Solutions
Selected solutions are available in appendices/answers-to-selected.md.