Further Reading: Who Owns Your Data?

The sources below provide deeper engagement with the themes introduced in Chapter 3. They are organized by topic and include a mix of foundational texts, policy analyses, case studies, and advocacy frameworks. Annotations describe what each source covers and why it is relevant to the chapter's core questions.

Data Ownership Theories and Frameworks

Lanier, Jaron. Who Owns the Future? New York: Simon & Schuster, 2013. The foundational text for the "data as labor" theory explored in Section 3.2.2. Lanier argues that the digital economy extracts value from ordinary people's data contributions without compensation, creating a "winner-take-all" economy dominated by whoever owns the biggest computer. He proposes a micropayment system that would compensate individuals for their data. The book is provocative and accessible, though readers should weigh its proposals against the critiques in this chapter — particularly Eli's objection that compensation does not address surveillance.

Ostrom, Elinor. Governing the Commons: The Evolution of Institutions for Collective Action. Cambridge: Cambridge University Press, 1990. The Nobel Prize-winning work that provides the intellectual foundation for the "data as commons" framework (Section 3.2.4). Ostrom demonstrates that communities can govern shared resources sustainably through self-organized institutions, without privatization or state control. Her eight design principles for successful commons governance are increasingly applied to digital data contexts. Essential reading for anyone interested in data cooperatives, data trusts, or community data governance.

Hummel, Patrik, Matthias Braun, and Peter Dabrock. "Data Sovereignty: A Review." Big Data & Society 8, no. 1 (2021). A comprehensive review article that maps the intellectual landscape of data sovereignty — individual, national, and indigenous. Particularly useful for understanding how the concept of sovereignty applies differently depending on whether the "sovereign" is a person, a community, or a nation-state. Connects the theoretical frameworks in Section 3.2 to contemporary policy debates about digital sovereignty in Europe, Asia, and the Global South.

Rights-Based Approaches and European Data Protection

European Union. "General Data Protection Regulation (GDPR): Regulation (EU) 2016/679." Official Journal of the European Union, 2016. The GDPR remains the most influential codification of the rights-based approach to data governance described in Section 3.2.3. Key provisions for this chapter include: the right to data portability (Article 20), the right to erasure (Article 17), and the legal basis for processing (Article 6). Reading the articles themselves — rather than summaries — reveals the careful balancing of individual rights against legitimate processing interests. Available freely online.

Schwartz, Paul M. "Property, Privacy, and Personal Data." Harvard Law Review 117, no. 7 (2004): 2056-2128. A landmark legal analysis of whether personal data should be treated as property. Schwartz argues that a property-rights approach can protect privacy — but only if designed carefully, with inalienability rules that prevent vulnerable individuals from being coerced into selling their data. This article anticipates many of the "arguments against" the property framework presented in Section 3.2.1 and proposes solutions. Essential for students interested in the legal dimensions of data ownership.

Hornung, Gerrit, and Christoph Schnabel. "Data Protection in Germany I: The Population Census Decision and the Right to Informational Self-Determination." Computer Law & Security Review 25, no. 1 (2009): 84-88. A concise analysis of the 1983 German Federal Constitutional Court decision that established informational self-determination as a fundamental right — the intellectual origin of the European approach described in Section 3.2.3. The article explains the reasoning of the court and traces the decision's influence on subsequent European data protection law. Short, focused, and directly relevant to understanding why Europe treats data protection as a human right rather than a property question.

Data Trusts, Cooperatives, and Governance Models

Delacroix, Sylvie, and Neil D. Lawrence. "Bottom-Up Data Trusts: Disturbing the 'One Size Fits All' Approach to Data Governance." International Data Privacy Law 9, no. 4 (2019): 236-252. The leading academic analysis of data trusts as a governance mechanism. Delacroix and Lawrence argue that data trusts should be designed "bottom-up" — by and for the communities they serve — rather than imposed by corporations or governments. Their framework addresses the independence, accountability, and enforcement challenges that the Sidewalk Labs case (Case Study 1) illustrates. Essential reading for anyone interested in data trust design.

Pentland, Alex "Sandy." "Data Cooperatives." In Building the New Economy, MIT Connection Science, 2020. Pentland, a leading data governance scholar at MIT, describes how data cooperatives — member-owned organizations for collective data governance — can rebalance the power asymmetry between individuals and platforms. The chapter provides practical guidance on cooperative design, including membership structures, benefit-sharing models, and technical infrastructure. Directly relevant to the Driver's Seat Cooperative example in Section 3.3.2.

Open Data Institute. "Data Trusts: Lessons from Three Pilots." London: ODI, 2019. A practical report from the Open Data Institute's pilot experiments with data trust structures. The report examines three different contexts — food waste, wildlife conservation, and urban mobility — and documents what worked, what failed, and what governance design choices matter most. An excellent complement to the theoretical treatment of data trusts in Section 3.3.1.

Indigenous Data Sovereignty and the CARE Principles

Carroll, Stephanie Russo, et al. "The CARE Principles for Indigenous Data Governance." Data Science Journal 19, no. 1 (2020): 43. The foundational paper presenting the CARE Principles discussed in Section 3.4.1. The authors — including indigenous scholars and advocates from multiple countries — explain why existing data governance frameworks (including the FAIR Principles for open science) are insufficient for indigenous data and articulate the collective rights framework that CARE embodies. This paper should be read alongside the chapter, not as a substitute for it.

Skloot, Rebecca. The Immortal Life of Henrietta Lacks. New York: Crown Publishers, 2010. The definitive account of Henrietta Lacks's story and the HeLa cell line, examined in Case Study 2. Skloot weaves together the science, the family's experience, and the ethical questions with extraordinary care. The book illuminates why data ownership is not an abstract question — it is a question about who profits, who suffers, and whose consent matters. Required reading for any student of data ethics.

First Nations Information Governance Centre. Ownership, Control, Access, and Possession (OCAP): The Path to First Nations Information Governance. Ottawa: FNIGC, 2014. The Canadian First Nations OCAP principles — Ownership, Control, Access, and Possession — represent one of the most developed frameworks for indigenous data governance in practice. OCAP asserts that First Nations communities own their data collectively, control how it is collected and used, have guaranteed access to it, and maintain physical possession of it. This framework directly parallels and extends the CARE Principles discussed in Section 3.4.

Garrison, Nanibaa'A. "Genomic Justice for Native Americans: Impact of the Havasupai Case on Genetic Research." Science, Technology, & Human Values 38, no. 2 (2013): 201-223. An in-depth scholarly analysis of the Havasupai tribe's experience with unauthorized genetic research, examined in Case Study 2. Garrison — herself an indigenous geneticist — analyzes the legal, ethical, and cultural dimensions of the case and its lasting impact on indigenous communities' willingness to participate in genetic research. Essential context for understanding why indigenous data sovereignty is a response to documented harm, not an abstract political claim.

The Smart City and Urban Data Governance

Goodman, Ellen P., and Julia Powles. "Urbanism Under Google: Lessons from Sidewalk Toronto." Fordham Law Review 88, no. 2 (2019): 457-498. The most comprehensive legal and governance analysis of the Sidewalk Labs Toronto project examined in Case Study 1. Goodman and Powles dissect the proposed data trust, the "urban data" classification, and the power dynamics between Alphabet and the Toronto community. Their analysis provides the intellectual foundation for understanding why the project failed as a governance experiment, not just as a real estate deal.

These readings are starting points for deeper inquiry. As subsequent chapters explore consent, surveillance, algorithmic governance, and collective data rights, they will build on the ownership foundations laid here. Readers interested in the legal dimensions should prioritize Schwartz and the GDPR text. Those drawn to governance design should begin with Delacroix and Lawrence or the ODI report. Those most engaged by the justice dimensions should start with Skloot and the CARE Principles paper.