The White House released its report on big data, “Big Data: Seizing Opportunities, Preserving Values,” on Thursday, May 1, 2014, which looks at the ways that businesses and the government are able to perform analytics on massive data sets culled from a wide variety of sources to develop new observations and measurements about individual consumers. The Report offers findings and recommendations, based on 90 day review of big data and privacy led by White House counselor John Podesta and an executive branch working group, including the Secretaries of Commerce and Energy, the President’s Science and Economic Advisors and other administration officials at the request of President Obama. The working group sought public input from academic researchers, privacy advocates, advertisers, civil rights groups and the public during its review in an effort to evaluate the opportunities and challenges presented by big data.
The Report recognizes the inherent value big data has added to society, citing as examples the ability of big data analysis to enhance and improve medical treatment of premature infants, increase efficiencies across transportation networks and utility providers, and identify fraud and abuse in Medicare and Medicaid reimbursements. However, the Report also acknowledges serious privacy concerns, noting that big data may reveal intimate personal details of an individual user, and that big data tools may lead to discriminatory outcomes, particularly with regard to housing, employment and credit.
The Report offered several policy recommendations:
- Move forward with the Consumer Bill of Rights. In 2012, the President announced the concept of a Consumer Bill of Rights, which establishes certain baseline consumer privacy principles such as offering transparency about data privacy and security practices, providing consumers control over data practices, respecting the context in which the data was collected, increasing the accuracy of data files, and providing the opportunity for consumers to access collected data. This Report reiterates the importance of passing legislation to enforce the Bill of Rights principles, but also questions whether the principles are well-suited to the world of big data. Perhaps, the Report suggests, there should be a greater emphasis placed on how the data is used and reused rather than an emphasis on establishing notice and consent for the initial data collection.
- Pass National Data Breach Legislation. The Report notes that the amalgamation of so much information about consumers results in much greater harm to the consumer in the event of a data breach, and finds an even greater need for Congress to pass national data breach legislation to preempt the 47 different state laws currently in effect.
- Extend privacy protections to non-US persons. The Report urges government departments and agencies to apply the Privacy Act of 1974 and other privacy protections to all individuals, regardless of nationality.
- Ensure data collected on students in schools is used for educational purposes. Acknowledging the growing and valuable use of educational technologies in schools, the Report calls for protections to ensure that student data is not used inappropriately when it is collected in an educational setting. The Report suggests modernizing COPPA and FERPA to protect student data in the digital age, while still encouraging innovation in the educational technology industry.
- Expand technical expertise to stop discrimination. Businesses decisions affecting consumers’ access to healthcare, education, employment, credit and goods and services are increasingly made on the basis of big data algorithms. The Report calls on the DOJ, the FTC, the CFPB and the EEOC to develop their technical expertise to be able to detect whether these automated decision-making processes have discriminatory effects on protected classes of people, and to develop tools to redress such discrimination.
- Amend the Electronic Communications Privacy Act (ECPA). The Stored Communications Act, which is part of the ECPA, articulates the rules for obtaining the content of stored communications including email and cloud servers, but was written well before personal computing, email, texting, cloud storage, and smart phones were used as the primary means of communication. The Report calls on Congress to amend the ECPA to ensure the standards of protection for digital online content is consistent with the protections afforded in the physical world.
While the Report provides a useful overview of the big data phenomenon, its benefits and its challenges, it remains to be seen what impact this Report will have on the industry. By and large, the Recommendations do not contain wholly new ideas. The ECPA is widely considered to be antiquated and there have been repeated calls for reform. There have been many attempts to offer national data breach notification legislation, but no bill has made it through Congress to date. The White House first offered its support for a Consumer Bill of Rights in 2012, but spent the last 2 years involved in multi-stakeholder meetings without producing draft legislation. This recent Recommendation shows little evidence of advancing the ball significantly on that front, as calls for additional “stakeholder and public comment” before crafting the legislative proposal. However, the call for greater protections for student data is well-timed, as one of the largest school technology providers, inBloom, was forced to shut down over privacy concerns just a few weeks prior to the Report’s release.