From Compliance to Control: It’s Time to Return Data Ownership to Users
By Lisa Moynihan, Head of Operations & Communications, DCID DAO Foundation
“You’ve ‘accepted’ more than 1,000 privacy policies this year—and your data was still sold to companies you’ve never heard of.”
If you’ve ever felt like online privacy is just an illusion, you’re not wrong. Behind every website visit, app download, or digital transaction is an invisible network of third-party data brokers, quietly collecting, packaging, and reselling personal information—often without your explicit consent or awareness.
Regulations like GDPR and CCPA were designed to stop this. But the reality is far more sobering: compliance has become a checkbox exercise. It may protect companies, but it does very little to protect the people whose data is actually at stake. It’s time we stop confusing the two—and begin shifting the conversation from compliance to control.
The Global Exploitation of Personal Data
Across the internet, entire industries are built on unauthorized data collection. Third-party data brokers aggregate information from cookies, mobile apps, surveys, search histories, and even public records. These brokers then sell that data across borders, often dozens of times over, without the user ever knowing where it ends up—or who’s profiting from it.
This shadow economy fuels a wide spectrum of abuse. Scammers use stolen data for phishing attacks. Political organizations build voter profiles without permission. Fraudsters create synthetic identities using fragments of real user data. Targeted advertising is just the tip of the iceberg—data exploitation has become industrialized.
Worse yet, most of this behavior is technically “compliant.” Privacy policies are written in dense legal language, consent is buried in long terms of service, and revoking access is intentionally difficult. People are being scammed, manipulated, and surveilled under the guise of regulation.
This isn’t privacy. It’s a loophole in the data market economy.
Why Compliance-Based Privacy Falls Short
Laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) were landmark efforts. They raised awareness, forced companies to improve their policies, and introduced long-overdue accountability.
But those laws were written for a different internet—one where data flows were simpler, devices were fewer, and the concept of “consent” didn’t need to travel between platforms, apps, or chains.
Today, users exist in dozens of interconnected digital environments. They use smart devices, decentralized apps, cloud tools, and generative AI interfaces. Their data moves constantly—yet the frameworks meant to protect them are rooted in static, one-time permissions that are practically meaningless in real-world use.
Consent is still treated like a form you sign once—not like a living, breathing contract that should evolve with context. And when companies meet the bare minimum of compliance while still exploiting user data, trust collapses.
Control Starts With Consent
Real protection doesn’t come from a privacy policy—it comes from
power. Specifically, the power to decide when, where, and how your information is used. That kind of power requires consent that is revocable, programmable, and portable.
That’s the foundation of the
Digital Consent Identity (DCID) standard. Built by American innovators and governed by the DCID DAO Foundation, this new framework moves away from checkbox-based consent and toward a model of
user-centric digital autonomy.
DCID allows individuals to grant and revoke data access in real time, across any app, platform, or device. It decouples consent from individual websites and attaches it directly to the user—ensuring that identity and permission settings follow the person, not the browser or device.
This fundamentally changes how companies interact with users. With DCID, access to data becomes a privilege, not an assumption. Consent becomes clear, contextual, and enforceable—not buried in cookie settings or abstracted away by intermediaries.
It also disrupts the economics of data brokering. If users can revoke access at will, then third-party data loses its resale value. That means less phishing, less impersonation, fewer scams, and far more control in the hands of the people being exploited today.
Restoring Digital Property Rights
What we’re really talking about here is data ownership—the idea that your digital identity should belong to you, not the platforms you use or the advertisers who buy access to it. Just as individuals have rights to their physical property, we should all have rights to our digital footprint. DCID introduces a future where people manage their data like they manage their finances—with transparency, choice, and accountability.
When consent is enforceable, trust can be rebuilt. When data is treated like property, users can participate in the digital economy on their own terms. And when control is returned to the individual, the internet becomes safer, fairer, and more aligned with the values we say we believe in.
The Path Forward
We are entering a new chapter in the internet’s evolution—one defined not by platforms, but by people. It’s a chapter where consent isn’t static, data isn’t defenseless, and identity isn’t owned by data brokers or corporations.
The DCID standard represents this shift. It replaces passive, compliance-based privacy with active, user-controlled, consented identity. It makes exploitation harder, scams less effective, and third-party data sales obsolete.
Most importantly, it restores dignity to the user—because privacy isn’t about hiding. It’s about choosing.
The cookie checkbox era is over.
The control era has arrived.
About the Author
Lisa Moynihan is the Head of Operations & Communications at the DCID DAO Foundation, the governance body behind the Digital Consent Identity standard. She leads the Foundation’s strategy, partnerships, and global messaging efforts focused on redefining identity and consent for a decentralized internet.
Media Inquiries
For interviews, commentary, or speaking engagements, please contact Lisa Moynihan at
Lisa@dcidfoundation.org.
