Data ownership in microservices: who owns the 'user' data?

data ownership in a microservices architecture is a constant source of debate for us. services like authentication, user profile, billing, and notifications all need access to user data. if `auth_service` owns the canonical user record, how do other services get that data? event-driven replication means eventual consistency, which can be tricky for features needing strong consistency. we've explored duplicating data across services, but then you have synchronization issues. is there a 'least bad' approach here? how do you design data ownership boundaries without creating tightly coupled services or massive data duplication that's hard to reconcile?