In the latest round of reactions to the Edward Snowden leak, on May 1, 2014, the Obama Administration called for the United States to take a leading role in developing new standards for privacy protections in light of the ongoing “social, economic, and technological revolution.”  In a report titled “Big Data: Seizing Opportunities, Preserving Values,”  the White House tasked a wide range of experts to undertake a review of big data analytics and the benefits and pitfalls thereof in what was fundamentally termed “a scoping exercise.”  While recognizing the enormous gains to be realized through the application of new technologies which generate and gather enormous amounts of data, the report warns that data and privacy protections stemming from the Fourth Amendment and famously enunciated by the dissent of Justice Brandeis in the 1928 Supreme Court case, Olmstead v. United States, might simultaneously be at risk of quiet abrogation by the operation of predictive analytics.

The principal author of the report, senior White House advisor John Podesta, was joined by Secretary of Commerce Penny Pritzker and Secretary of Energy Ernest Moniz, among other administration officials.  To maintain a true interdisciplinary scope, they engaged a multitude of industry representatives, civil rights groups, and other interested parties, organized several academic conferences, and solicited public comment.

The group principally focused on what is colloquially known as “big data” – a term referring to the data being captured and analyzed at an incredible and increasing volume, variety, and velocity due to ever-advancing technological capabilities.  Mindful of the maxim that “technology is neither good nor bad; nor is it neutral,” the report examined both public and private sector data management practices.  Although the government’s intelligence collection practices were largely left unscrutinized, a very real motivation for the review was the lack of consumer awareness over the amount, range, and sources of their personal information that is generated and subsequently used for both public and private purposes.  Increasing the public’s knowledge and awareness of the manner in which their personal data is collected and utilized, is seen by many as the first step towards ensuring that digital rights continue to be protected while the government and commercial sector continue to develop in the internet era.

The Report’s Key Findings

After a 90-day study, the report found “that big data analytics have the potential to eclipse longstanding civil rights protections in how personal information is used” in a variety of applications, ranging from housing, employment, education, and health information.  The risk of data collection to be used discriminatorily has been felt throughout history.  The report cites the government’s use of census data collected during World War II to identify Japanese citizens subject to internment camps as an example.  Modern day civil rights risks raise fresh potential challenges to civil liberties.

For instance, the algorithmic engines that work to predict our next Amazon purchase, or customize the ads we see every day, could result in inequity.  The widespread use of such algorithms caused particular concern to the authors of the report due to the potential for “redlining.”  Redlining refers to the potential to discriminate against the most vulnerable classes of society under “the guise of neutral algorithms.”  For example, some retailers have been found to use algorithms that generate different discounts depending on where their customers live; in application, the retailers applied bigger discounts to customers in affluent areas than those in places with lower income on average, and systematic application of such a process could lead to de facto discrimination on a large scale.  Without review, the report concludes, these practices invite discrimination and open the door to abuse, regardless of whether discriminatory intent exists.

In light of the rising potential for civil rights infringements, the report discussed the need to consider policy shifts in order to protect civilian’s privacy and data rights.  Currently, privacy rights tend to operate on a traditional notice and consent framework, which puts the onus upon the individual supplying the information.  The report notes, however, that given the new applications for and sources of big data, to properly ensure privacy protections a “responsible use” framework may afford better and more practical protection.  Effectively, a responsible use framework would hold data collectors and users accountable for how they manage the data and any harm they cause, rather than turning on whether proper consent was initially obtained.

The Report’s Recommendations

The report offered six recommendations in areas ranging from preserving privacy values, to preventing the use of big data to facilitate discrimination, to harnessing the potential of big data to advance educational and law enforcement capabilities.

  1. Update of Consumer Privacy Bill of Rights.  The report calls for the Department of Commerce to seek public comment on how the Obama Administration’s Consumer Privacy Bill of Rights, released in 2012, could support the innovations of big data, while responding to its risks, and how to apply the responsible use framework.  Following this comment period, the report calls for the Department of Commerce to draft related legislation for the President to submit to Congress.
  2. National Data Breach Standard.  The report calls for Congress to pass a single national data breach standard to replace the patchwork approach currently utilized across the 47 different states.
  3. Global Approach.  In addition to modernizing and bolstering application of existing international agreements in the privacy sphere, the report calls for the Office of Management and Budget to work with departments and agencies to apply the Privacy Act of 1974 to non-U.S. citizens, or in the alternative, to craft policies that protect personally identifiable information regardless of the individual’s nationality.
  4. Discriminatory Awareness.  The report calls upon the government’s lead civil rights and consumer protection agencies to expand their capabilities in order to identify big data applications and analytics that have discriminatory impact over protected classes, and to investigate and resolve violations of law in such circumstances.
  5. Educational Support.  Recognizing the considerable education benefits that big data can have, but also the necessity of protecting students, the report calls for the modernization of existing privacy regulatory framework to support further use of big data to support education while ensuring that students’ data is being used appropriately.
  6. Update of the Electronic Communications Privacy Act.  Finally, the report calls upon Congress to amend the Electronic Communications Privacy Act in order to ensure digital content is properly protected online, particularly in light of increased use of such data by the national security, homeland security, law enforcement, and intelligence communities.

Early Reaction to the Report

At this stage, the reactions to the report have been largely positive.  Privacy advocates are praising the report’s conclusion that legislative updates are necessary in a variety of areas associated with big data.  While some would have preferred that the report address the National Security Agency spying, others have appreciated the tack that the authors of the report took, noting that “[i]t’s thorough, it’s thoughtful, . . . [i]t doesn’t try to bite off more than it should.”  (Gerstein, Josh and Alex Byers, “W.H. ‘big data’ review spotlights privacy debate,” Politico, May 1, 2014.)  Further, some have noted that the recommendations offered by the report have been previously endorsed or pursued in some form by the Obama Administration, with the exception of the recommendation regarding data collection on students being used solely for educational purposes.  (Id.)

Conclusion

This report signals the Obama Administration’s intent to address increasing concerns regarding the collection and use of individuals’ personally identifiable information.  Data collection has grown dramatically as technological advances have allowed both the government and private companies to gather enormous volumes of varied information at incredible rates.  Through direct calls for Congress and various agencies to update data privacy legislation with input from both private and public actors, this report sets the stage for a series of developments in the data privacy arena in the near future.

If you have questions regarding this report, are interested in making public comment, or would like to learn more about our data privacy capabilities, please contact our practice leaders, Pamela J. Harbour, pharbour@bakerlaw.com or 202.861.1239, Gerald J. Ferguson, gferguson@bakerlaw.com or 212.589.4238, and Theodore J. Kobus III, tkobus@bakerlaw.com or 212.271.1504.