On the Propertization of Data and the Harmonization Imperative

March 4, 2022

The digital age has paved the way for unforeseen and unconscionable harms. Recent experiences with security breaches, surveillance programs, and mass disinformation campaigns have taught us that unchecked data collection, use, retention, and transfer have the potential to affect everything from health-care access to national security. And they have shown the growing need for a solution that addresses this proliferation of intangible collective harms.

This Note champions data propertization—the process of establishing a bundle of rights in data comparable to those that comprise property interests—as the proper method for preventing and redressing data harms. More specifically, this Note analyzes Illinois’s Biometric Information Privacy Act, California’s Consumer Privacy Act, Virginia’s Consumer Data Protection Act, and Colorado’s Privacy Act to show that data propertization is already underway under the banner of data protection and privacy. In each case, state law advances data propertization by empowering individuals with a bundle of rights that mirror emblematic property rights to possess, exclude, and alienate, while establishing a framework for enforcement of those rights.

Notwithstanding this development, this Note also illustrates that differences between the four laws have exposed gaps in rights and enforcement, which only fragment and jeopardize data propertization. To address this issue, this Note prescribes a harmonized bundle of rights best suited to developing property interests in data and argues that those rights should be codified in federal law, dually enforced through agency enforcement and a private right of action. By eliminating gaps between existing data propertization laws and preventing the proliferation of others, such an approach would spur the development of a more cohesive and more significant property interest in data that is more capable of withstanding a new age of digital harms.

March 2022

No. 4