Ten Key Take-Aways From the White House Big Data Report
Posted on May 5, 2014 11:55am PDT
On May 1, 2014, the White House Big Data Working Group, led by senior presidential
advisor John Podesta, released a 79-page report that outlines a number
of key observations and recommendations for privacy in both the private
sector and government. Although the report does not create binding law,
it provides insight into the administration’s priorities on a wide
range of privacy and data security issues, from government surveillance
to data breaches. Below are some of the most important themes to emerge
from this report.
-
Data Use vs. Data Collection: Many existing U.S. privacy laws and regulations focus on the collection
of data. The White House report appears to recognize that collection is
increasing at an exponential pace, and suggests that the public is better
served by restrictions on the use and dissemination of personal information.
-
Notice and Consent: Another pillar of the U.S. privacy legal system has long been “notice
and consent.” Under this model, organizations describe their data
collection practices, typically in a very lengthy privacy policy, and
require users to consent, often by checking a box. The Podesta report
questions whether, in light of the ubiquity and complexity of Big Data,
the notice-and-consent model is useful or even possible.
-
De-identification: The report also questions whether it is useful to de-identify personal
data after collection. The report recognizes that de-identification strips
data of its value, and that evolving technologies allow data controllers
to re-identify the information.
-
Digital Discrimination: Focusing on the use of information, Podesta’s group appears particularly
concerned about the use of Big Data to discriminate against certain groups.
For instance, the group cites recent reports that some retailers offered
higher discounts to customers who they believed live in higher-income
neighborhoods. The group writes that “the ability to segment the
population and to stratify consumer experiences so seamlessly as to be
almost undetectable demands greater review, especially when it comes to
the practice of differential pricing and other potentially discriminatory
practices.”
-
Healthcare and Big Data: The report recognizes the tremendous value of using big data for predictive
healthcare analysis (i.e., given an individual’s health characteristics,
what are the risks of certain diseases?). The Podesta report concludes
that the existing healthcare privacy laws, including the Health Insurance
Portability and Accountability Act, may not adequately allow such analytics
or protect individual privacy.
-
Predictive Analytics and Law Enforcement: The report acknowledges law enforcement agencies’ increasing use
of Big Data to conduct criminal investigations. But the authors recognize
that the “presence and persistence of authority, and the reasonable
belief that one’s activities, movements, and personal affiliations
are being monitored by law enforcement, can have a chilling effect on
rights of free speech and association.”
-
Education: The Podesta report recognizes that Big Data creates tremendous opportunities
for innovative approaches to education, such as Massive Open Online Courses.
But the report also warns that schools must ensure that student data gathered
for educational purposes is not misused.
-
Do-Not-Track: The working group appears skeptical about the benefits of “Do-Not-Track,”
which would enable users to prevent the tracking of their activities across
websites. The working group notes that “anti-fraud and online security
activities now rely on these same data flows to track and prevent malicious
activity.”
-
Data Brokers: The working group sharply criticizes data brokers. The report notes that
data brokers are unregulated, even though their information is often used
in the same way as data provided by regulated industries, such as credit
rating agencies. The working group notes that “there is often no
meaningful avenue for either identifying harms or holding any entity in
the decision-making chain accountable.” Some members of Congress
already are attempting to regulate the growing data broker industry.
-
National Data Breach Notification Law: The working group criticizes the “patchwork” of 47 state
laws that set different standards for notifying individuals about data
breaches. The report calls for a uniform national data breach notification
law that “should impose reasonable time periods for notification,
minimize interference with law enforcement investigations, and potentially
prioritize notification about large, damaging incidents over less significant
incidents.”