Preventing companies and government agencies from gathering embarrassing or damaging personal information about you may be a fool’s errand, a White House panel on privacy in the age of big data said on Thursday.
Instead, lawmakers and regulators should focus their efforts on preventing the dissemination or other use of damaging personal data, according to the report from the President’s Council of Advisers on Science and Technology Policy.
In some cases that damaging data may be as personal as an individuals’ genome that, if shown to a potential employer, could lead to job discrimination based on her likelihood of developing a degenerative disease. In other cases, organizations may collect the most common characteristics of terrorists or criminals, which could lead to discrimination against people who have those characteristics but are neither terrorists nor criminals.
The report follows a three-month study led by White House Counselor John Podesta on how the explosion of new data sources and new tools to gather intelligence from them will affect Americans’ privacy.
The term “big data” generally refers to data from Internet and smartphone activity, video and other sources that don’t fit neatly into a spreadsheet. Within the past decade, computer programmers have developed new tools to analyze those masses of data with positive and negative consequences.
“For example, large-scale analysis of research on disease, together with health data from electronic medical records and genomic information, might lead to better and timelier treatment for individuals but also to inappropriate disqualification for insurance or jobs,” the report found. “GPS tracking of individuals might lead to better community-based public transportation facilities, but also to inappropriate use of the whereabouts of individuals.”
Protecting individuals’ privacy by limiting data collection is likely impractical, first, because “the beneficial uses of near-ubiquitous data collection are large, and they fuel an increasingly important set of economic activities,” the report found.
Second, much of the data that companies collect -- either through the device you create the data on, such as a smartphone app, or through sensors that collect “born-analog data” -- is perfectly innocuous unless combined with other innocuous data to paint a larger picture. Government attempts to regulate the collection of any small grain of data that might one day form part of a larger privacy invasion would be impossible and impractical, the report said.
Technologies that anonymize data are “increasingly easily defeated by the very techniques that are being developed for many legitimate applications of big data,” the report found. “In general, as the size and diversity of available data grows, the likelihood of being able to re-identify (that is, re-associate their records with their names) grows substantially.”
Similarly, it’s impractical to expect citizens’ privacy rights to be protected by terms of service agreements with digital companies, the report found. This is, first, because very few people actually read those agreements and, second, because, in many cases, competition has not produced a viable but fully private competitor to services such as Google and Amazon.
“PCAST believes that the responsibility for using personal data in accordance with the user’s preferences should rest with the provider rather than the user,” the report said.
Consumer protection organizations or app stores might serve as intermediaries, rating companies on their privacy protections and allowing users to choose based on those ratings, the report suggests.
“The federal government could encourage the development of standards for electronic interfaces between the intermediaries and the app developers and vendors,” the report states.
The report also recommends that:
- Policies and regulations aimed at addressing data privacy focus on what’s being exposed rather than the technology that’s exposing it which may be soon superseded or out of date.
- Federal agencies increase research into both the ways personal data is being exposed and the social structures that are enabling or inhibiting that exposure.
- The White House should work with universities and professional societies to encourage digital privacy.
- The U.S. should “take the lead both in the international arena and at home by adopting policies that stimulate the use of practical privacy-protecting technologies.”
The report also urges Congress and the White House to:
- Advance the administration’s Consumer Privacy Bill of Rights
- Pass national data breach legislation along the lines of the administration's 2011 Cybersecurity legislative proposal.
- Extend Privacy Protections to non-U.S. persons
- Enhance protections for data collected about U.S. students
- Use technical expertise to limit the ways big data can be used to discriminate against protected classes in employment, housing and other fields.
- Update the Electronic Communications Privacy Act to reflect modern technology
TechAmerica, a leading coalition of government vendors, gave the report a mixed reception.
“We appreciate the report’s focus on the overall benefits that the effective use of big data can achieve but are somewhat confused as to why the administration has also focused on hypothetical concerns about the use of data,” Mike Hettinger, TechAmerica’s senior vice president for federal government affairs, said. “This creates uncertainty in the minds of Americans about a technology that has so much potential.”
The New America Foundation’s Open Technology Institute praised the report for focusing on the possible discriminatory effects of big data as more information about individuals is potentially exposed.
“The White House report highlights how more work must be done to ensure that big data does not lead to discrimination when it comes to key services and economic opportunities such as housing, employment, and credit,” the group said.