Jamie Dimon, the top dog at the nation’s biggest bank seems an unlikely champion for protecting the little guy’s data, but he appears to be embracing that role with gusto.
The chairman and chief executive of JPMorgan Chase (JPM) devoted quite a bit of verbiage to the subject of how client data should be used in his letter to shareholders last month—and again on the latest episode of the Recode podcast posted on Monday morning.
The problem, he stressed in response to a question from Recode executive editor Kara Swisher, is not that consumers agree to give data to third parties in return for services, but that there is so little transparency on what that data is used for down the road. There are a couple of factors at play here. First, very few mortals actually read the terms and conditions they’re agreeing to before agreeing to them. Second, Dimon continued, is that it’s not clear many companies stick to those T&Cs anyway.
“Some people have been taking data for many years after you gave them permission and have stopped using the product,” Dimon remarked. “I don’t think clients understand what data’s being taken and how it’s being used.”
Get Data Sheet, Fortune’s daily technology newsletter.
Is the data being resold? Was that part of the original deal? If it is resold, then liability issues can arise, he warned.
“If you wake up tomorrow and there’s no money in your bank account, that’s my problem. But if you gave your passcode away to a company and that company itself did something wrong, that’s your problem,” Dimon argued, as he did in his letter which also posited that most third parties gather “far more information” than they need and that most of those third parties also sell or trade that information without the customers necessarily knowing that.
A New York Times story questioned some of the assertions Dimon made in his shareholder letter, including whether a third-party had parlayed users’ passcodes to breach their bank accounts. The newspaper also cited a breach that JPMorgan itself suffered, ultimately compromising some data pertaining to more than 80 million account holders.
For more, read: The Question of Who Owns Your Data Is About to Get More Complicated
The fact that every company—even a huge bank with lots of resources—is subject to attack actually reinforces the idea that consumers need to know more about what data they share, with whom, for what purposes, and for how long. Data ownership is becoming a very big deal in the era of big data aggregation.
To see what Jamie Dimon has to say about Bitcoin, watch:
It’s unlikely that a big bank will disappear any time soon. But what about a tech startup that’s on shaky ground? In a doomsday scenario outlined by The Atlantic, if a startup facing financial stress has a lot of customer data, won’t it be tempted to sell it off to the highest bidder? Are there terms and conditions that can preclude that, and if so, would we even know about them?
As data about us flows from and between the myriad devices comprising the Internet of things—Fitbits, appliances, cars, etc.—do we really know that each part of that supply chain is secure? Do we even know which of those stops along the way now can claim ownership of our data?
The era of big data is setting up an era of big questions.
