At the Metadata Era, we’re somewhat obsessed with the FTC, but for good reason: this agency helps shape policy on data security and privacy. And after the giant breaches last year, Congress is beginning to listen. Last week, FTC Commissioner Julie Brill diplomatically spoke on the challenges of protecting privacy in a Big Data world.
Rather than adopting a good-vs-evil perspective, she described a world-view where both privacy and profits can peacefully co-exist by implementing old and new regulatory approaches. The FTC is trying to get ahead of a steep curve: enterprises are expecting to spend $8 million on big data related initiatives in 2014.
Big data benefits
It’s not new news that data is growing exponentially with no signs of slowing. Scientists are even being tasked with figuring out how to keep servers from crashing! CIOs now rank data growth as their top concern as big data creates storage problems and traditional storage can’t keep up. According to Brill, Cisco estimates there’ll be 25 billion(!) devices connected to the internet by 2015—the Internet of Things— and by 2020, as many as 40-50 billion. We can barely begin to guess the discoveries and efficiencies we will gain from zettabytes of data— from medical innovations to reduced CO2 commissions.
Big data risks
In praising the benefits of big data, there are also associated risks. Ms. Brill singled out data brokers for mining our personal data and selling them to marketers: these profiles could potentially affect how we will be treated based on our race, income, health, or sexual orientation.
Big data resolutions
And with every problem there is also an opportunity! Here are a few solutions I found interesting while reading her speech:
- The latest White House report on big data, based heavily on the FTC’s own recommendations, calls for new laws on data security, data breach notification, and baseline privacy rights.
- Another interesting point of view: some privacy scholars believe we should stop trying to provide notice of and consent to the collection and use of data and instead monitor its actual use (or misuse).1
- The FTC released a report recommending a centralized portal where data brokers could identify themselves, describe their information collection and use practices, and provide links to access tools and opt outs.
- The FTC suggested that data brokers should be required to employ reasonable procedures to ensure that their clients do not use their products for unlawful purposes.
- The FTC also calls for legislation requiring those who provide data brokers with information to disclose to the consumer, in a clear manner, that they are sending an individual’s data to a broker, and to provide well-defined choices about any transfer, especially for sensitive information.
- Minimizing data storage while still storing enough data for fraud detection may make sense: the risk of hanging on to old or outdated information for marketing purposes may outweigh the benefits.
- And don’t forget the FTC’s 2012 report called for privacy by design where manufacturers of connected device should think early and often about privacy and security, and hardwire these principles into their engineering
1 CATE ET AL., DATA PROTECTION PRINCIPLES FOR THE 21ST CENTURY, supra note 3, at 10.