This draft outlines principles and guidelines for responsible data monetization. It is intended to serve as a reference point for organizations looking to monetize data in ethical, transparent, and compliant ways. This is not legal advice, and organizations should consult with legal and compliance experts to ensure that their data monetization practices are in line with local laws and regulations. This field is rapidly evolving.

Responsible data monetization has the potential to unlock medical breakthroughs, support sustainable practices, improve access in underserved communities, drive economic growth and a lot more.

The principles outlined here are not exhaustive, and are the result of over 10 years of professional experience on both sides of the data monetization equation. This list was inspired in part by the recent and ongoing data partnerships between companies like OpenAI and Conde Nast and the News Corp.

  1. No personally identifiable information (PII) should be shared or sold - ever. There are very few exceptions to this rule (for example, creative attribution). Anonymized, aggregated data is the way to go.

  2. Use only the data you have rights to. Only monetize the data that you’re sure you own or have permission to use. This includes data collected from partners and third parties.

  3. Minimize data duplication and copies. Avoid creating unnecessary duplicates to keep things secure and consistent. When you need to share data, do so in a controlled way like through APIs with built-in access controls and logging.

  4. Request permissible purpose commitments from partners or others planning to use the data. Make sure they have a legitimate reason to access the data and that they are using it in a way that is consistent with your policies and the law. This is an idea credit reporting agencies popularized that should be applied more broadly. Restricting data use to specific purposes can also help prevent accidental misuse.

  5. Vet all partners and third parties. Prioritize working with legitimate partners who have a good track record of data security and compliance. Don’t be afraid to drop partners who don’t meet your standards.

  6. Identify internal data products not just external data monetization. Data monetization doesn’t have to only lead to the sale of data to third parties. It can also mean using existing data to create new products and services that can be sold to new customers.

  7. Compliant by default. Make sure your data monetization practices are compliant with all relevant laws and regulations. This includes GDPR, CCPA, HIPAA and other data protection laws.

  8. Implement simple interfaces. Make it easy for partners to access the data they need in a secure and compliant way. This could be through APIs, data feeds, or other mechanisms; compliance is easier when you control the interface.

  9. Enhance data when possible. Clean, normalize, or enrich the data to make it more useful to partners; ideally, this is done in an automated way.

  10. Encryption at rest and in transit. Obvious, but worth mentioning.

  11. Price data based on value and usage whenever possible. This can help prevent misuse and ensure that the data is being used in a way that benefits everyone involved and aligns incentives.