Big Data and the Future of Privacy
- President Biden Signs Executive Order Requiring More Scrutiny of Tech Mergers and Data Privacy:
President Biden today signed a wide-ranging executive order with the aim of promoting competition. EPIC has long argued that market consolidation in online platform threatens privacy. The Executive Order aims to address the ways in which dominant tech firms are undermining competition and reducing innovation in three ways: 1) greater scrutiny of mergers, especially by dominant internet platforms, with particular attention to the acquisition of nascent competitors, serial mergers, the accumulation of data, competition by “free” products, and the effect on user privacy; 2) encouraging the FTC to establish rules on "unfair data collection and surveillance practices that may damage competition, consumer autonomy, and consumer privacy"; and 3) encouraging the FTC to establish rules barring unfair methods of competition on internet marketplaces. More than a decade ago, EPIC urged the FTC to block Google’s proposed acquisition of DoubleClick. EPIC said that the acquisition would enable Google to collect the personal information of billions of users and track their browsing activities across the web. EPIC correctly warned that this acquisition would accelerate Google’s dominance of the online advertising industry and diminish competition. The FTC ultimately allowed the merger to go forward. EPIC has since repeatedly warned FTC that other mergers posed similar risks to consumer privacy and competition, including Facebook's acquisition of WhatsApp.(Jul. 9, 2021)
- Congress to Hold Paper Hearing on "Big Data and the Coronavirus": The Senate Commerce Committee has announced an hearing on Thursday, April 9, to explore "Enlisting Big Data in the Fight Against Coronavirus." The Committee said it would "examine recent uses of aggregate and anonymized consumer data to identify potential hotspots of coronavirus transmission and to help accelerate the development of treatments." The Senate Committee "will also examine how consumers' privacy rights are being protected and what the U.S. government plans to do with COVID-related data collected at the end of this national emergency." Since the start of the Coronavirus outbreak, EPIC has worked closely with technology experts, legal scholars, NGOs, public health officials, data protection authorities, human rights experts, and international organizations to promote an effective response to the pandemic and to safeguard privacy and fundamental rights. EPIC's key recommendations include (1) a fundamental emphasis on effective public health measures and evidence-based policy, (2) strong enforcement of privacy obligation and robust techniques for deidentifcation, (3) new accountability measures for data uses and due process safeguard, and (4) avoidance of a centralized system of mass surveillance that will be difficult to dismantle after the pandemic. EPIC President Marc Rotenberg recently told Buzzfeed, "People say, 'well, we need to strike a balance between protecting public health and safeguarding privacy' — but that is genuinely the wrong way to think about it. You really want both. And if you're not getting both, there's a problem with the policy proposal." (Apr. 3, 2020)
- Over 40 Civil Rights, Civil Liberties, and Consumer Groups Call on Congress to Address Data-Driven Discrimination (Feb. 13, 2019) +
- European Parliament Adopts Resolution on Big Data (Mar. 24, 2017) +
- White House Report Points to Risks with Big Data (May. 5, 2016) +
- President Announces $19 billion Cybersecurity Plan (Feb. 23, 2016) +
- Civil Society Leaders in Amsterdam Issue Declaration on Fundamental Rights (Oct. 28, 2015) +
- Pew Survey: Vast Majority of Americans Feel Strongly About Privacy, Want Control Over Personal Information (May. 20, 2015) +
- EPIC Files Comments with FTC on Merger Review and Consumer Privacy (Mar. 18, 2015) +
- Anthem breach Shows Risks of "Big Data" (Feb. 5, 2015) +
- White House Report on "Big Data" Explores Price Discrimination, Opaque Decisionmaking (Feb. 5, 2015) +
- Obama Calls for Disclosure of Secret Credit Scores (Jan. 12, 2015) +
- FTC Chair Warns About Risks of Connected Devices (Jan. 7, 2015) +
- EPIC Recommends Research on "Privacy Enhancing Technologies" (Oct. 23, 2014) +
- Data Protection Commissioners Urge Limits on "Big Data" (Oct. 17, 2014) +
- At OECD Global Forum, EPIC Urges "Algorithmic Transparency" (Oct. 3, 2014) +
- FTC To Explore "Big Data" and Discrimination (Sep. 10, 2014) +
- Home Depot Data Breach Exposes Millions of Credit Card Records (Sep. 4, 2014) +
- Report - Half of American Adults Data Hacked So far This Year (May. 29, 2014) +
- White House Publishes Report on "Big Data and Future of Privacy" (May. 1, 2014) +
- Coalition Urges White House to Recognize EU Opinion; End NSA Telephone Records Program (Apr. 16, 2014) +
- Court Upholds FTC Authority to Safeguard Data Privacy (Apr. 11, 2014) +
- Federal Agencies Fail to Safeguard "Big Data," Breaches Doubled in Just a Few Years (Apr. 10, 2014) +
- EPIC Warns White House About Privacy Risks of "Big Data" (Apr. 7, 2014) +
- NGO Coalition Tells President "Establish Privacy Protections for Big Data" (Apr. 2, 2014) +
- White House to Accept Public Comments on Big Data and Privacy Review (Mar. 5, 2014) +
- White House and MIT to Host Conference on Big Data and Privacy (Feb. 24, 2014) +
- Senators Rockefeller and Markey Propose Data Broker Legislation (Feb. 13, 2014) +
- EPIC, Coalition Urge White House to Listen to Public on "Big Data and Privacy" (Feb. 10, 2014) +
- FTC Chair Ramirez Urges Senate to Act on Data Security Legislation (Feb. 5, 2014) +
- White House Announces Review of "Big Data and the Future of Privacy" (Jan. 23, 2014) +
- "Big Data and Security in Europe: Challenges and Opportunities" (Jan. 21, 2014) +
- Senate Report Shines Light on How Data Brokers Operate (Dec. 18, 2013) +
- Spotlight: FBI Pushes Forward with Massive Biometric Database Despite Privacy Risks (Dec. 10, 2013) +
- How Data Determines Your Fate at the Airport (Oct. 29, 2013) +
- Cyber Security: The Emerging Debate Over How Virtual Information Should Be Controlled and Protected (Oct. 10, 2013) +
- FTC Chairwoman Calls for Transparency in Big Data (Aug. 19, 2013) +
- White House Launches Open Data Project (May. 10, 2013) +
- European Privacy Agencies Issue Report on Privacy and Big Data (Apr. 16, 2013) +
More top news
"Big data" is a term for the collection of large and complex data sets and the analysis of these data sets for relationships. The quantity of data in these sets prevents traditional methods of analysis from being effective. Rather than focusing on precise relationships between individual pieces of data, big data uses various algorithms and techniques to to infer general trends over the entire set. What counts is the quantity rather than the quality. Big data looks for the correlation rather than the causation--the "what" rather than the "why."
Big data has only become possible in recent years with advances in collection, storage, and interpretation of data. The process of datafication allows for the reinterpreting of information into usable sets. Data collection--from medicine, financial institutions, social networking, and many other fields--has exploded over the past decade. And storage costs for this data have plummeted, which makes it easier to justify holding onto data instead of discarding it. These factors, along with better techniques for analyzing the data, have allowed relationships to be discovered in ways that would not have been possible in years past.
While there are many benefits to the growth of big data analytics, traditional methods of privacy protections often fail. Many notions of privacy rely on informed consent for the disclosure and use of an individual's private data. However, big data means that data is a resource that can be used and reused, often in ways that were inconceivable at the time the data was collected. Anonymity is also eroded in a big data paradigm. Even if every individual piece of information is stripped of personal information, the relationships between the individual pieces can reveal the individual's identity.
Following the President's speech speech on reform of the National Security Agency's bulk metadata collection program under Section 215 of the USA Patriot Act, White House counselor John Podesta announced "a comprehensive review of the way that 'big data will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy." This was the first major privacy initiative announced by the White House since the release of the Consumer Privacy Bill of Rights in 2012. The undertaking involved key officials across the federal government, including the President's Science Advisor and the President's Council of Advisors on Science and Technology.
Soon after the announcement, EPIC and a coalition of consumer groups wrote a letter, to John Holdren, the Director of the Office of Science and Technology Policy. EPIC urged OSTP to provide the public an opportunity to comment and suggested that the review take into consideration (but not be limited to) the following important questions about the role of Big Data in our society:
(1) What potential harms arise from big data collection and how are these risks currently addressed?
(2) What are the legal frameworks currently governing big data, and are they adequate?
(3) How could companies and government agencies be more transparent in the use of big data, for example, by publishing algorithms?
(4) What technical measures could promote the benefits of big data while minimizing the privacy risks?
(5) What experience have other countries had trying to address the challenges of big data?
(6) What future trends concerning big data could inform the current debate?
On March 4, 2014, in response to suggestions from EPIC and other consumer privacy groups, the Office of Science and Technology Policy published a Request for Information, which provides the public an opportunity to comment on the Podesta Big Data Review. EPIC submitted comments to the review, emphasizing how the current Big Data environment poses enormous risks to ordinary Americans. EPIC emphasized the data security risks and substantial risks to student privacy that exist in the current big data regulatory environment and called for the Administration to better implement the Fair Information Practices (FIPs) first set out in 1973.Other groups comments included: Center for Democracy and Technology, The Future of Privacy Forum, The Privacy Coalition, The Internet Association, The Consumer Federation of America, and the Federation of American Societies for Experimental Biology.
On May 1, 2014, the White House released the Big Data Privacy Report. The report noted that "[b]ig data technologies will be transformative in every sphere of life" and that they raise "considerable questions about how our framework for privacy protection applies in a big data ecosystem." The review also warned that "data analytics have the potential to eclipse longstanding civil rights protections in how personal information is used in housing, credit, employment, health, education, and the marketplace. Americans' relationship with data should expand, not diminish, their opportunities and potential.
The President's Council of Advisors on Science and Technology ("PCAST") released a report on the same day, entitled, "Big Data and Privacy: A Technological Perspective."PCAST wrote that "[t]he challenges to privacy arise because technologies collect so much data (e.g., from sensors in everything from phones to parking lots) and analyze them so efficiently (e.g., through data mining and other kinds of analytics) that it is possible to learn far more than most people had anticipated or can anticipate given continuing progress. These challenges are compounded by limitations on traditional technologies used to protect privacy (such as de-identification). PCAST concludes that technology alone cannot protect privacy, and policy intended to protect privacy needs to reflect what is (and is not) technologically feasible."
In February 2015, the White House released an interim progress report on its big data initiative. The administration wrote that "[p]olicy development remains actively underway on complex recommendations [from the report], including extending more privacy protections to non-U.S. persons and scaling best practices in data management across government agencies."
Data brokers are large commercial organizations that collect vast swaths of data on millions--and sometimes hundreds of millions--of consumers in order to resell the data or utilize it in targeted marketing campaigns. The data broker industry, by its own estimation, includes at least 3,500 to 4,000 companies. One data broker--Acxiom--has admitted to having profiles for over 500 million people worldwide including "nearly every U.S. consumer."
Recently, the data broker industry as a whole has come under a great deal of scrutiny from the Federal Trade Commission and the Senate Commerce Committee. FTC Commissioner Julie Brill has announced an initiative titled "Reclaim Your Name", which is designed to promote more transparency in the data broker industry and give consumers greater control over their individual data. The Senate Commerce Committee, under the leadership of Senator Jay Rockefeller (D-WV) undertook an examination of the data broker industry in 2013, holding hearings, hearings on the issue, and releasing a report, A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes of their findings. And in December 2014, the FTC brought complaint against LeapLab, a commercial data broker, accusing it of buying the payday loan applications of "financially strapped consumers" and selling their information to marketers.
In March 2015, Senators Ed Markey (D-MA), Senator Richard Blumenthal (D-CT), Senator Sheldon Whitehouse (D-RI), and Senator Al Franken (D-MN), released a bill entitled The Data Broker Accountability and Transparency Act. This act is designed to provide some broad guidelines for regulating the data broker industry.
- Google is more than 1 million petabytes in size and processes more than 24 petabytes of data a day, a volume that is thousands of times the quantity of all printed material in the U.S. Library of Congress.
- 32 billion searches are performed each month on Twitter.
- More than 1 billion unique users visit YouTube each month and over 6 billion hours of video are watched each month on YouTube - that's almost an hour for every person on Earth, and 50% more than last year.
- 90 percent of the data in the world today has been created in the past two years.
- In 2012, data was forecasted to double every two years through the year 2020.
- In 2020, the amount of digital data produced will exceed 40 zettabytes, which is the equivalent of 5,200 gigabytes for every man, woman and child on planet earth.
- * 1 Gigabyte = Approximately 1 full-length feature film in digital format; 1 Petabyte= One Million Gigabytes or a Quadrillion Bytes; 1 Exabyte = One Billion Gigabytes; 1 Zettabyte = One Trillion Gigabytes or One Million Petabytes.
- Ronald J. Krotoszynski, Jr., Reconciling Privacy and Speech in the Era of Big Data: A Comparative Legal Analysis, 56 Wm. & Mary L. Rev. 1279 (2015).
- Sharona Hoffman, Medical Big Data and Big Data Quality Problems, 21 Conn. Ins. L.J. 289 (2015).
- Michael Mattioli, Disclosing Big Data , 99 Minn. L. Rev. 535 (2014).
- Neil M. Richards & Jonathan H. King, Big Data Ethics, 49 Wake Forest L. Rev. 393 (2014).
- Nicholas Diakopoulos, Ph.D., Algorithmic Accountability Reporting: On The Investigation of Black Boxes, Tow Center for Digital Journalism (February 2014).
- Ryan Calo, Consumer Subject Review Boards: A Thought Experiment, 66 Stan. L. Rev. Online 97 (September 2013).
- Ian Kerr & Jessica Earle, Prediction, Preemption, Presumption: How Big Data Threatens Big Picture Privacy, 66 Stan. L. Rev. Online 65 (September 2013).
- Cynthia Dwork & Deirdre K. Mulligan, It's Not Privacy and It's Not Fair, 66 Stan. L. Rev. Online 35 (September 2013).
- Joseph Janes, As the Big Data beast fattens, will privacy and ethics get gobbled up?, Am. Libraries (May 2012).
- Ira S. Rubinstein, Big Data: The End of Privacy or a New Beginning?, N.Y.U. Public Law & Legal Theory Working Papers, Paper No. 357 (2012).
- Frank Pasquale, Restoring Transparency to Automated Authority, 9 J. on Telecomm. & High Tech L. 235 (Winter 2011).
- Danah boyd & Kate Crawford, Six Provocations for Big Data, A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society (September 2011).
- Paul Ohm, Broken Promises of Privacy: The Surprising Failure of Anonymization, 57 UCLA L. Rev. 1701 (2010).
- Executive Office of the President, Big Data 2015 Interim Progress Report.
- Federal Trade Commission, Complaint Against Data Broker LeapLab (December 2014).
- Executive Office of the President, Big Data: Seizing Opportunities, Preserving Values (May 2014).
- The Data Broker Accountability and Transparency Act.
- National Consumer Law Center, Big Data: A Big Disappointment for Scoring Consumer Credit Risk, March 2014.
- The White House and Massachusetts Institute of Technology, Big Data Privacy Workshop: Advancing the State of the Art in Technology and Practice, March 3, 2014.
- Letter to OSTP regarding Big Data, February 10, 2014.
- MIT Big Data Initiative at CSAIL.
- John Podesta, Counselor to the President, Big Data and the Future of Privacy, January 23, 2014.
- President Obama, Remarks by the President on Review of Signals Intelligence, January 17, 2014.
- Privacy and Consumer Profiling, EPIC website.
- EPIC ChoicePoint, EPIC website.
- Big Data and Privacy: Making Ends Meet, Stanford Center for Internet and Society and the Future of Privacy Forum, September, 2013.
- Big Data and Big Challenges for Law and Legal Information, Georgetown University Law Center Legal Symposium: A Meeting of Minds on Data and Decision Making, January 30, 2013.
- Project Open Data, White House.
- Executive Order Implementing Project Open Data, White House.
- European Union, Article 29 working Party Report, Article 29 Working Party Committee.
- Rotenberg Testimony on "The Reform of the EU Data Protection Framework: Building Trust in a Digital and Global World, EPIC website.
- Julie Brill, Commissioner of the FTC, Big Data, Big Issues, Address at Forham University School of Law, March 12, 2012.
- Consumer Data Privacy Bill of Rights, White House, February 23, 2012.
- The Promise and Peril of Big Data, David Bollier, The Aspen Institute, January 1, 2010.
- Testimony by Marc Rotenberg, Executive Director of the Electronic Privacy Information Center, on H.R. 2221, the Data Accountability and Trust Act, on May 5, 2009, EPIC website.
- Jeff Jonas, Big Data. New Physics. Jeff Jonas Blog, November 18, 2010.
- Jeff Jonas on Analytics IBM Data Protection and Law Policy Newsletter Jeff Jonas Interview.
- Jeff Jonas, Confessions of an Architect. Privacy By Design Slide Show Presentation.
- U.S. Department of Health, Education & Welfare, Report of the Secretary's Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens, (The HEW Report) (MIT 1973).
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.