The common understanding of people when they talk about information about themselves is that it is indeed “theirs”. Until relatively recently, the law has been content to remain agnostic on the subject. The Common Law in general and English Courts in particular have traditionally avoided philosophical debates about the nature of things, preferring to develop concepts and principles from the results of cases decided on specific facts and circumstances. This approach has been acceptable while we have been winding our way gently up the foothills of the Information Age, but now that we see the towering peak of Big Data standing before us, covered by the ubiquitous Cloud, it is necessary to make a critical examination of some of the basic assumptions which we have hitherto carried with us about the way in which the law should treat rights over personal information. This paper will argue that the correct approach which the law should adopt is a proprietary one. That is to say that the protection of the economic value inherent in personal information should be grounded in property rights acknowledged by the law.Rees argues that
The contention of this paper is that, sooner or later, and possibly much sooner than might be thought likely, a judge ... will take the opportunity to lay down some ground rules for what might be loosely termed this new Law of Information. In the same way that Lord Atkin did, with such clarity and resonance in the landmark case for the law of negligence in Donoghue v Stevenson  AC 563 it will then be seen that what has been creeping up, almost unnoticed, through the undergrowth has emerged into the bright and ever accommodating light of the Common Law is a fully articulated brand new branch of Property, called Personal Information.
If the property model for Personal Information were to be adopted then far from becoming redundant, data protection laws will assume even greater relevance than hitherto. The reason for this is that search engines, data aggregators and social media sites who up to now have assumed that they own the data which they are harvesting will recognise that they have a vested interest in making sure that they following best practice in the way in which they acquire and use the information about individuals. What it will mean is that those data protection laws will not need to be so detailed and bureaucratic in their approach. Nor will one have vainly to try to rationalise the competing regimes for data protection which have grown up in the U.S, Europe and Asia. Property is a concept that all legal regimes recognise, so relying on the property right inherent in personal information will solve many of the current drafting problems for the legislators in this field.
The property right approach will also save both industry and individuals money and energy. There will be no need for long winded privacy policies; there will just be a shared understanding of the trust based nature of the relationship between the in rem rightholder and the in personam collector of information. In this way, there will be created a healthier balance of risk and obligation as between owners of personal information and those whom they allow to process it on their behalf. The ownership paradigm will encourage the use of privacy enhancing technologies and state of the art security measures to protect data. Those who hold vast quantities of personal information will realise the risks inherent in losing the property of vast numbers of third parties and the risk of consequent class actions for damages for having done so. This will not eradicate the occurrence of security breaches, but it will encourage the use of better processes and systems for the protection of personal information, which was one of the fundamental aims of data protection law in the first place. And, the law of Information will have taken a significant step forward towards the sunlit uplands that await us in this ever fascinating Information Age.