From property to power: Why governance, not ownership, will define personal data in the age of AI
Abstract
In Pixar’s Finding Nemo, a flock of seagulls gather on a dock, fixating on whatever morsel of food drifts into view, each frantically crying ‘Mine! Mine! Mine!’ This comic scene captures the modern discourse around personal data: corporations, governments and individuals alike stake claims of exclusive ownership. Yet, the analogy quickly unravels. Unlike oil or land, data is non-rivalrous, co-generated and infinitely replicable. Attempts to force it into property categories generate contradictions: who owns a single credit card transaction, or the fragment of a dataset that shapes an artificial intelligence (AI) model’s weights? This paper advances a clear thesis: in the age of AI, property framings collapse; only governance frameworks can reconcile rights, accountability and innovation. From the General Data Protection Regulation (GDPR) to the California Privacy Rights Act (CPRA), Brazil’s Lei Geral de Proteção de Dados (LGPD) to China’s Personal Information Protection Law (PIPL), modern regimes embed rights, lawful bases and accountability mechanisms, not ownership. The challenge intensifies in AI ecosystems where model ‘memory’ resists erasure and generates inferences far beyond original inputs. What endures, and what must guide the future, is governance based on autonomy by design. This paper departs from prior critiques of data ownership1 by situating the shift within a broader redistribution of institutional power across regulators, corporations and individuals, catalysed by the European Union’s (EU) post-2019 data acts. The argument therefore reframes data law not as property’s decline but as the constitutionalisation of governance. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Roy Kamp is a distinguished legal expert specialising in emerging technologies, with extensive experience in the oversight and implementation of data protection frameworks for multinational corporations. Currently serving as Legal Director for Central and Northern Europe at UKG, he manages complex contractual negotiations and oversees the strategic direction of personal data governance. Prior to this role, Roy held the position of Data Protection Officer (DPO) at both Wayfair and McAfee, where he was responsible for ensuring compliance with data protection laws and managing privacy-related risk. He is a certified Fellow of Information Privacy (FIP) and holds multiple certifications from the International Association of Privacy Professionals (IAPP), including Certified Information Privacy Professionals Europe (CIPP/E), Certified Information Privacy Professionals United States (CIPP/US), Certified Information Privacy Technologist (CIPT) and Certified Information Privacy Management (CIPM). Roy’s expertise encompasses the operationalisation of the General Data Protection Regulation (GDPR), litigation management and regulatory compliance within global corporate environments.
With over 25 years’ experience, Noémie Weinbaum is a strategic leader in privacy and AI governance, recognised for building scalable global programmes that connect legal, technical and product perspectives. A qualified IT lawyer and Fellow of Information Privacy (FIP), she develops pragmatic, business-aligned compliance strategies that balance innovation and trust across the US, UK, EU and Canada. At UKG, Noémie leads global initiatives in data privacy and AI governance, creating frameworks in partnership with Security, Engineering and Product teams. Her work spans ISO alignment, AI Act readiness, team mentorship, and fostering a privacy-first culture. Previously at McAfee, she supported global privacy operations through major transitions, including GDPR and CCPA implementation, regulatory engagement and vendor governance. In 2023, she founded PS Expertise, a boutique consultancy delivering tailored AI governance solutions, covering AI tool oversight, vendor compliance, risk assessment and fractional AI Officer services. She helps SaaS and multinational companies implement scalable governance models that enable innovation with regulatory confidence. A recognised voice in the field, Noémie serves on the IAPP Exam Advisory Board, the Editorial Board of the Journal of Data Protection & Privacy, and as Prague IAPP Knowledge Net Chair.
