Personal and non-personal data inform much of the decision-making in today's world and is, therefore, considered an important and indispensable authority. Broadly, we can define data as known or assumed facts, and when processed and aggregated into information is the basis of instructive knowledge that shapes and steers policies, strategies, and behaviours. In terms of personal data, there are a number of different sub-divisions and sub-definitions that we can make, indeed throughout this book we will uncover news ways of describing and seeing personal data that will demand fresh definition. But for present purposes we can further sub-divide personal data along the lines set-out by Luciano Floridi, which are ‘arbitrary data about oneself (e.g. a name and surname)’ and ‘ontic data – that is, data constituting someone (e.g. someone's DNA), or constituting the interpretation of someone as an informational entity’ (2013, p. 247). It is no longer the case that public and private organisations, corporations, institutions, charities and, increasingly, individuals can function and interact in the world without some recourse to or acknowledgement of their own data or data relating to others. Societies today reflect data as a necessity for striving to mitigate ignorance, encourage knowledge and understanding, and ensure the victory of truth. To use data analytics is, in this sense, to muster the forces of both truth and common sense. But whilst businesses may view, as common sense, data to improve efficiency and performance, common sense as a broader social directive is itself increasingly made a subset of and product of these data analytical practices.

Data as common sense is akin to a cybernetic feedback loop that, to echo Heidegger, aims at establishment and reinforcement of the obviousness of everything actual (2011). ‘Common sense has its own necessity’, claims Heidegger, ‘it asserts its rights with the weapon particularly suitable to it, namely appeal to the “obviousness” of its claims and considerations’ (2011, p. 66). Data has perhaps replaced older or outmoded oracles of virtue, instruction or authority that performed the same role, and there is an interesting correlation between a generalised conception of the function of data and markets. The difference between data, or rather how we use it in contemporary societies, and older and perhaps more traditional notions and definitions of common sense is the shear capacity and universality of data's common sense role. Even if we talk of common sense as the ‘basic human faculty that lets us make elemental judgements about everyday matters based on every day, real-world experience’, or ‘the truisms about which all sensible people agree without argument or even discussion’, common sense remains a common property of humans in ways that data, even personal data, does not (Rosenfeld, 2011, p. 1). In the datus quo, with data as common sense, therefore, the only thing that matters is whether the data available are good or bad, and how to mitigate ‘data credibility’ problems to overcome or programme them out of systems, networks, and strategies (Redman, 2013).

Consent for the extraction and use of personal data remain vexed and contentious, suggesting that law has not yet found a reasonable balance between individual data subjects and those who view them only as sources for exploitation. As Peter Blume says, several important parts of data protection law presuppose ‘the ability of the data subject to act as a data subject’ (2015, p. 260). Not only must a data subject know their rights, but also law assumes them to give informed consent and assert those rights whilst acting at speed and with a voluntariness that describe most person's actions online (Blume, 2015, p. 260). Whilst data subjectivity is prima facie a legal status by definition, although precisely what this means this is something we will explore and question in more detail at different stages of this book, there is a more general, popular, or, perhaps we should call it post-legal assumption promoted by digital literacy and education that data subjects ought to know they are data subjects, and that they have, to echo Graham Harman's social theory of objects, reached or attained a new biographical stage called data subjectivity (Harman, 2018). These latter conceptualisations attempt to account, in the main, for individuals leaching personal data; individuals (data subjects) who either do not recognise or ignore, as fundamental to their online engagements and interactions, a giving of themselves that is constituent of personal data as a property of the individual (proprius).³ It is important to note that the ‘giving’ I refer to here has little to do with the banal actions of sharing or exchanging personal information necessary to and promoted by social networks and platforms as habit-forming, user retention devices (Greenwald, 2014).

As a description that encompasses methods for creation and use of personal data and the effects on persons as data subjects, the datus quo has not remained fixed since becoming a feature of the Information Age in the latter half of the twentieth century. Yet, a combination of social, legal, and cultural principles underpinning definitions of data subjectivity have remained steadfastly narrow and unyielding to critique. As we shall see, law and regulations understand data subjectivity in terms of the individualism born of late twentieth century market capitalism and a person for whom privacy is a paramount concern as a self-proprietary, self-entrepreneurial matter. In a globalised landscape of personal ‘datafication’ and ‘dataism’ ‘whereby life-processes must be converted into streams of data inputs for computer-based processing’, privacy has taken on two complexions (Couldry and Yu, 2018, p. 4473). First, privacy defended or protected on behalf of the data subject (for example, paternal political models, but, equally, commercial and technological ‘solutionist’ models); second, privacy defended or protected by sui generis data subject as sovereign (for example, neoliberal individual and entrepreneurial models). And between both models we find the role of transparency stipulated, for example, as ‘a fundamental condition for enabling individuals to exercise control over their own data and to ensure effective protection of personal data’, transparency as a gift of a protective regulatory regime but only where the data subject seizes the initiative and the advantages transparency affords to them.⁴

Personal data as a giving of oneself that can be superficial, profound, or perhaps nothing at all, is, therefore, an important departure from existing and narrow conceptions of data subjectivity. For example, when a range of commercial and non-commercial interests hungry for a valuable piece of each user online target and manipulate individual and group online behaviours and emotions, giving of oneself acts as a pause button.⁵ This is because personal data are not only units or registers of a person's characteristics in the world on- or offline, such as a location pin in a map or a consumer preference log online (‘cookies’). Personal data, as the prefix ‘personal’ constantly reminds us, is something ultimately offered, given, granted, or surrendered by fleshy and messy human persons to whom the data relates. As later chapters will discuss, both data subjects and the personal data to whom they relate are, arguably, ‘objects’ which ought to be considered more than their pieces and less than their effects (Harman, 2018, p. 53). We might say, for example, that as objects data subjects are assemblages or compounds of personal data objects, and are, therefore, more than their pieces. Equally, we might say that the pieces, each of which in this case is a personal data object, need not relate to a person at all; it only needs to relate to another personal data object. Both accounts presumably and radically transform normative definitions of the data subject by discrediting the data subject as the one to whom personal data relates. This is because each object, the data subject and the personal data, holds its forces in reserve and has an essence that escapes the grasp of legal, political and economic knowledge, understanding, and which definitions and framings cannot capture (Harman, 2016, p. 7).

The datus quo ultimately reflects, conceals, highlights, and marginalises varieties and conditions of personal data to fit the needs and desires of competitive market capitalism as the dominant socio-economic force. Humanity and global human endeavours are, almost without exception, shaped by free-market logics and neoliberal interpretations of capitalist economic reason that promote privatisation (as the withdrawal of state governance and intervention in favour of commercial and corporate governance), private property, and individualism. In the United States and United Kingdom alike, individual endeavour, often considered a striving against the odds (‘bootstrapping’), linked to rights to property and privacy, have long been influential on law and policymakers.⁶ Today governance bodies whether in public chambers or private boardrooms rely and draw extensively on computer analyses (scientific knowledge), modelling, and algorithmic parsing of free-flowing personal data (transborder data flows (TDFs)) to design policy initiatives, facilitate business growth, manage financial risk, and drive advertising revenue, or revenue from what Jaron Lanier calls ‘behaviour modification feedback loops’ (2019, p. 15). This stage in economic history will pass or more likely its own technologies will surpass or consume it.⁷ Either way, personal data will outlive contemporary market logics as it predated them and the datus quo will shift. Personal data is not intrinsically a product of market logics, although its manipulation in and by competitive market forces makes it appear to be the case. As human imagination and intellect transcends markets and sees alternatives in the name of generosity and not greed, so too does personal data. Markets need personal data, but not vice versa.

Between ancient conceptions of datus and present characterisations of personal data is, perhaps, only the fact that data controllers and other stakeholders expect personal data today to harbour and deliver economic advantages, value, and reward (revenue, profit, etc.) at each stage of its giving and givenness. In whatever composition of metaphysical and empirical forms personal data have taken throughout history – Epicurus’ association of the characteristics of atoms with the soul, for example – it has engendered value, but has not always had a price so inextricably linked to the profit motive (2012, pp. 98–105). ‘Personal data is seen as a new asset’, argues Sarah Spiekermann et al. referring to the World Economic Forum's description of personal data as a new asset class, ‘because of its potential for creating added value for companies and consumers, and for its ability to enable services hardly imaginable without it’ (2015, p. 161). Today the production, collection, processing, and leveraging of personal data happen with the aid of a constant slew of new surveillant and ‘disruptive’ technologies, networks, and systems designed and built to ensure maximum economic advantages from personal data by luring, titillating, and capturing the data subject as a source. Bernard Stiegler refers to the technologies that make this possible as ‘technical supports of collective retention’, the foundations of a new epoch of libidinal economy, which, when adjusted to social systems (or social networks), ‘tend always to be forgotten, just as water is forgotten by the fish’ (2019, pp. 13–14).

Acclimatised to online existence imbued with third-party and self-surveillance, data subjects have ceased to recognise personal data as a giving of oneself – as fish, they no longer see the water – and engage, instead, in rapacious online exchanges and consumption, all the while leaching personal data to those observing and waiting to collect. The inherent fishiness of datafication practices, including those associated with specific technologies, has led to the aquatic craniate theme appearing in several references to surveillance in trans-Atlantic discussions and debates (and repetitions) regarding personal data since the 1960s. The US Congressman for New Jersey, Cornelius Gallagher, who led a subcommittee into privacy and computers in 1966 referred to society moving into ‘the blinding light of the Age of Aquarius which will become the Age of Aquariums, in which every action and every record is a fishbowl’ (1970, p. 7). ‘In the long run, but in the not-too-distant future’, argued Leslie Huckfield, the Labour Member for Nuneaton, in the debate on the second reading of his Control of Personal Information Bill in 1972, ‘society in this country will be what I can only call a goldfish society. We shall end up like goldfish swimming around in a bowl, every individual activity being observed and recorded’ (Hansard HC Deb. vol. 835 col. 984, 21 April 1972).⁸ In a supp...