Big data, as its proponents have been saying for nearly a decade now, can bring big benefits: advertisements focused on what you actually want to buy, smart cars that can help you avoid collisions or call for an ambulance if you happen to get in one anyway, wearable or implantable devices that can monitor your health and notify your doctor if something is going wrong.
It can also lead to big Privacy problems. By now it is glaringly obvious that when people generate thousands of data points every day — where they go, who they communicate with, what they read and write, what they buy, what they eat, what they watch, how much they exercise, how much they sleep and more — they are vulnerable to exposure in ways unimaginable a generation ago.
It is just as obvious that such detailed information, in the hands of marketers, financial institutions, employers and government, can affect everything from relationships to getting a job, and from qualifying for a loan to even getting on a plane. While there have been multiple expressions of concern from Privacy advocates and government, there has been little action to improve privacy protections in the online, always connected world.
It was more than five years ago that the Obama administration published a blueprint for what it termed a Consumer Privacy Bill of Rights (CPBR), in February 2012. That document declared that, “the consumer privacy data framework in the U.S. is, in fact, strong … (but it) lacks two elements: A clear statement of basic privacy principles that apply to the commercial world, and a sustained commitment of all stakeholders to address consumer data privacy issues as they arise from advances in technologies and business models.”
Three years later, in February 2015, that blueprint became proposed legislation by the same name, but it was immediately attacked, both by industry groups, who says it would impose “burdensome” regulations, and by privacy advocates, who says it was riddled with loopholes. It never made it to a vote.
The CPBR declaration that the, “consumer privacy data framework in the U.S. is, in fact, strong …” ironically came about a year before revelations by former NSA contractor Edward Snowden that the U.S. government was, in fact, spying on its citizens.
Beyond that, government hasn’t been able to agree on other privacy initiatives. The so-called broadband privacy rules issued by the Federal Communications Commission (FCC) just before the 2016 election, which would have limited data collection by Internet service providers (ISPs), were repealed by Congress in March, before they took effect.
Susan Grant, director of consumer protection and privacy at the Consumer Federation of America (CFA), called it “a terrible setback,” and says it would allow ISPs, “to spy on their customers and sell their data without consent.” Others, however, have argued that putting limits on ISPs would still leave other online giants like Google free to collect and sell the data they collect, and consumers would see few, if any, benefits.
Given all that, it should be no surprise that experts say privacy risks are even more intense, and the challenges to protect privacy have become even more complicated. Organizations like the CFA, the Electronic Privacy Information Center (EPIC) and the Center for Democracy and Technology (CDT), along with individual advocates like Rebecca Herold, CEO of The Privacy Professor, have enumerated multiple ways that big data analytics, and resulting automated decision-making, can invade the personal privacy of individuals. They include:
EPIC declared more than three years ago, in comments to the U.S. Office of Science and Technology Policy that, “The use of predictive analytics by the public and private sector … can now be used by the government and companies to make determinations about our ability to fly, to obtain a job, a clearance or a credit card.
