At today’s conference on Privacy Principles in the Era of Massive Data, co-sponsored by the Georgetown University McCourt School of Public Policy and the Georgetown Law Center, Maureen K. Ohlhausen, Commissioner at the Federal Trade Commission, delivered a thoughtful keynote address on The Power of Data.
She emphasized the value of the new computational techniques that arise in the context of data sets that are larger in volume than traditional data sets, that are composed of a greater variety of data types, and that change at a much faster velocity. These characteristics of volume, variety and velocity enable data scientists to generate insights that were previously impossible to anticipate from traditional static data bases.
This unanticipated quality of the new computational techniques challenges traditional notions of privacy protection. For instance, it creates a tension with the traditionally understood privacy principles of notice and purpose specification. As Commissioner Ohlhausen pointed out succinctly, “…companies cannot give notice at the time of collection for unanticipated uses.” These novel uses also challenge the idea that data collection should be minimized and data discarded as soon as possible:
“Strictly limiting the collection of data to the particular task currently at hand and disposing of it afterwards would handicap the data scientist’s ability to find new information to address future tasks.”
So what should the FTC do? The Commissioner approvingly referenced the FTC’s action in the Spokeo case, where the agency fined the company for failure to follow the requirements of the Fair Credit Reporting Act. Going forward she thinks that the FTC “should use its traditional deception and unfairness authority to stop consumer harms that may arise from the misuse of big data.”
SIIA agrees. In our recent White Paper and comments filed with the FTC in their consumer scoring workshop we urged the Commission to use its existing powers under the current regulatory regime to bring bad actors to task for failing to follow consumer protection rules. This can only help the growth of big data analysis by making sure that edge-riders do not tarnish the new computational techniques.
Moreover, the Commissioner thinks that the FTC should continue its convening role in holding workshops to explore “the nature and extent of likely consumer and competitive benefits and risks.” In this regard, SIIA found the FTC’s March workshop insightful and looks forward to the Commission’s workshop in September on big data and low income and underserved consumers.
As to principles that should govern the FTC’s actions on big data going forward, the Commissioner was clear that the agency “must identify substantial consumer harm before taking action.” SIIA endorses this idea that only a significant risk of substantial consumer harm justifies new regulatory action.
Ben Wittes from the Brookings Institution, commenting as part of the discussion panel that followed the Commissioner’s talk, echoed this theme of focusing on harm, instead of abstract notions of privacy. In his view, when data use is outside of the normal social expectations of data use typical of the context in which the data has been collected, agencies should consider regulatory action only when the data use is hostile to the data subject’s interests. Determining which uses are harmful, then, becomes a primary task for advocates, industry and policymakers.
Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy