As we speak, there are as many mobile phones in the world as there are humans. Mobile phones allow for unobtrusive and cost effective access to human behavioral information such as location, communications, photos, videos, apps and Internet access. As a result of the pervasive adoption of these devices, an unprecedented amount of personal data related to habits, routines, social interactions and interests is available.
However, this ubiquitous collection of personal data raises important privacy challenges. Users typically have to make decisions concerning the disclosure of their personal information on the basis of a difficult tradeoff between data protection and the services stemming from data sharing. More importantly, end-users are not typically involved in the lifecycle of their own personal data – as it is collected by websites and mobile phone apps, which results in a lack of understanding of who uses their personal data and for what.
In recent years, we have seen an increased interest in novel user-centric models for personal data management, which enable individuals to have more control of their own data’s lifecycle. As a result, the concept of a personal data market has arisen where individuals would be able to sell their own personal data to entities interested in buying it. In this context, it is of great importance to understand the value that users put to their own personal information. At Telefónica R&D we are actively researching and contributing to this space of human-centric approaches to personal data storage, analysis, control and usage.
In my research team, in collaboration with the Mobile Territorial Lab in Trento, we have recently carried out a 6-week long study with 60 volunteers to investigate the monetary value that people assign to different kinds of personal information as it is collected by their mobile phone: namely, communication, location, applications and media (photos and videos) with three levels of complexity (individual, aggregated and processed).
In order to gather the monetary valuations of their personal data, we adopted a Day Reconstruction Method where each day our volunteers had to put a price on different items of personal data from their previous day. The prices took part in a reverse second price auction to collect honest monetary valuations. We had carried out a similar study for online information that is captured by websites in 2011 which we presented at the ACM WWW 2011 conference.
The mobile data monetization study has yielded interesting and somewhat surprising results. In general, valuations of individual data points are low (with median values between 1 and 3 euros, which is cheaper than a latté!) and valuations of bulk data — that is, data of an entire week or month as opposed to one single data point– are about an order of magnitude larger than individual data (median values between 5 and 22 euros). Location is not only the most valued type of information but also the most opted out (up to 17% for bulk location).
This result is important because whilst individuals might not be aware of the implications of sharing their individual location, they do understand the power of aggregating their locations over time and realize that patterns of behaviour (work and home locations etc) can be easily identified from such data. This is also important because there are numerous mobile apps today that log their user’s locations without a clear understanding of why they are doing so.
Interestingly, we have also identified individual differences in bidding behaviors which are not correlated with socio-demographic traits (such as gender or age), but are correlated with behavior (namely mobility and app usage) and intentional self-disclosure. Individuals trust themselves most to handle their own personal data, followed by banks, telcos, government and insurance companies, in that order. Finally, unusual days lead to higher valuations of personal information, i.e. people consider information about unusual days to be more valuable than information about their typical days or routines.
Our work suggests that the adoption of a decentralized and user-centric architecture for personal data management would make sense and supports the need for human-centric approaches that provide people with control and transparency of the use of their own personal data.