Big Data and the Future of Privacy
Top News
- President Biden Signs Executive Order Requiring More Scrutiny of Tech Mergers and Data Privacy:
President Biden today signed a wide-ranging executive order with the aim of promoting competition. EPIC has long argued that market consolidation in online platform threatens privacy. The Executive Order aims to address the ways in which dominant tech firms are undermining competition and reducing innovation in three ways: 1) greater scrutiny of mergers, especially by dominant internet platforms, with particular attention to the acquisition of nascent competitors, serial mergers, the accumulation of data, competition by “free” products, and the effect on user privacy; 2) encouraging the FTC to establish rules on "unfair data collection and surveillance practices that may damage competition, consumer autonomy, and consumer privacy"; and 3) encouraging the FTC to establish rules barring unfair methods of competition on internet marketplaces. More than a decade ago, EPIC urged the FTC to block Google’s proposed acquisition of DoubleClick. EPIC said that the acquisition would enable Google to collect the personal information of billions of users and track their browsing activities across the web. EPIC correctly warned that this acquisition would accelerate Google’s dominance of the online advertising industry and diminish competition. The FTC ultimately allowed the merger to go forward. EPIC has since repeatedly warned FTC that other mergers posed similar risks to consumer privacy and competition, including Facebook's acquisition of WhatsApp.
(Jul. 9, 2021)
- Congress to Hold Paper Hearing on "Big Data and the Coronavirus": The Senate Commerce Committee has announced an hearing on Thursday, April 9, to explore "Enlisting Big Data in the Fight Against Coronavirus." The Committee said it would "examine recent uses of aggregate and anonymized consumer data to identify potential hotspots of coronavirus transmission and to help accelerate the development of treatments." The Senate Committee "will also examine how consumers' privacy rights are being protected and what the U.S. government plans to do with COVID-related data collected at the end of this national emergency." Since the start of the Coronavirus outbreak, EPIC has worked closely with technology experts, legal scholars, NGOs, public health officials, data protection authorities, human rights experts, and international organizations to promote an effective response to the pandemic and to safeguard privacy and fundamental rights. EPIC's key recommendations include (1) a fundamental emphasis on effective public health measures and evidence-based policy, (2) strong enforcement of privacy obligation and robust techniques for deidentifcation, (3) new accountability measures for data uses and due process safeguard, and (4) avoidance of a centralized system of mass surveillance that will be difficult to dismantle after the pandemic. EPIC President Marc Rotenberg recently told Buzzfeed, "People say, 'well, we need to strike a balance between protecting public health and safeguarding privacy' — but that is genuinely the wrong way to think about it. You really want both. And if you're not getting both, there's a problem with the policy proposal." (Apr. 3, 2020)
More top news
- Over 40 Civil Rights, Civil Liberties, and Consumer Groups Call on Congress to Address Data-Driven Discrimination (Feb. 13, 2019) +
EPIC joined 43 civil society organizations in a
letter to Congress calling on legislators to protect civil rights, equity, and equal opportunity in the digital ecosystem. The organizations wrote that any privacy legislation must be consistent with the
Civil Rights Principles for the Era of Big Data, which include: stop high-tech profiling, ensure fairness in automated decisions, preserve constitutional principles, enhance individual control of personal information, and protect people from inaccurate data. The groups said: "Platforms and other online services should not be permitted to use consumer data to discriminate against protected classes or deny them opportunities in commerce, housing, and employment, or full participation in our democracy." EPIC supports
"algorithmic transparency", the public's right to know the data processes that impact their lives so they can contest decisions made by algorithms.
- European Parliament Adopts Resolution on Big Data (Mar. 24, 2017) +
The European Parliament has adopted a
resolution on the fundamental rights implications of big data. The resolution stresses that "the prospects and opportunities of big data" can only be realized "when public trust in these technologies is ensured by a strong enforcement of fundamental rights and compliance with current EU data protection law." The resolution discusses the importance of data protection, accountability, transparency, data security, and privacy by design. EPIC has warned about the risks of
big data and launched campaigns on
"Algorithmic Transparency" and
data protection.
- White House Report Points to Risks with Big Data (May. 5, 2016) +
A new White House report
"Big Data: A Report on Algorithmic Systems, Opportunity, and Civil Rights" points to risks with big data analytics.
According to the authors, "[t]he algorithmic systems that turn data into information are not infallible--they rely on the imperfect inputs, logic, probability, and people who design them." An earlier White House
report warned of "the potential of encoding discrimination in automated decisions." EPIC launched a
campaign on "Algorithmic Transparency" after
warning about the risks of secretive decision making coupled with
"big data."
- President Announces $19 billion Cybersecurity Plan (Feb. 23, 2016) +
President Obama has proposed a $19 billion
Cybersecurity National Action Plan that aims to
modernize government IT and improve Americans' cybersecurity. The government will reduce reliance on social security numbers and promote increased use of multi-factor authentication. The plan will also establish a Commission on Enhancing National Cybersecurity. A
Federal Privacy Council will coordinate federal privacy guidelines but lacks authority to enforce Privacy Act obligations. EPIC has
repeatedly urged federal agencies to uphold
Privacy Act protections.
- Civil Society Leaders in Amsterdam Issue Declaration on Fundamental Rights (Oct. 28, 2015) +
Leading digital rights and consumer privacy organizations meeting in Amsterdam
have issued a declaration
"Fundamental Rights are Fundamental." Calling attention to the
recent success of Max Schrems and the
failure of self-regulation, the organizations said the
"Bridges" report is "remarkably out of touch with the current legal reality and what we need to do to address it." The NGO leaders also criticized the organizers of the
Amsterdam conference for "the failure to engage" many new challenges to data protection, including "Big Data" and
drone surveillance. Privacy campaigner Simon Davies
wrote, "There has never been a moment in history when the privacy regulator community needs to do more to restore trust and relevance. Instead, this week signals a new low in that trust."
- Pew Survey: Vast Majority of Americans Feel Strongly About Privacy, Want Control Over Personal Information (May. 20, 2015) +
The
Pew Research Center has published a new
privacy poll on
Americans' Views About Data Collection and Security. According to the Pew survey, 74% of Americans believe control over personal information is "very important," yet only 9% believe they have such control.Americans also value having the ability to share confidential matters with another trusted person. The vast majority of Americans want limits on how long companies
retain records about their activities. And 65% of American adults believe there are not adequate limits on the telephone and internet data that the government collects.
- EPIC Files Comments with FTC on Merger Review and Consumer Privacy (Mar. 18, 2015) +
EPIC, along with 26 technical experts and legal scholars, has submitted
extensive comments for the
FTC's review of the merger remedy process. EPIC urged the Commission to consider the privacy risks to consumers that result from the merger of big data firms. The comments detailed EPIC's efforts, over 15 years, to warn the FTC about such mergers as
Abacus and DoubleClick, then
DoubleClick and Google, AOL and Time Warner, and most recently
Facebook and WhatsApp. EPIC urged the FTC to asses both competitive and privacy impacts of merger, and to enforce privacy commitments prior to granting merger approval.
- Anthem breach Shows Risks of "Big Data" (Feb. 5, 2015) +
One of the largest health insurers in the country has lost millions of medical records of American consumers. The most recent breach of sensitive medical information shows the dangers of "Big Data" and the mistaken conclusion of the report of the
Presidents Science Advisors, which simply assumed the benefits of data collection. EPIC has urged the
FTC to establish data minimization procedures for companies limit the risks of data breaches.
- White House Report on "Big Data" Explores Price Discrimination, Opaque Decisionmaking (Feb. 5, 2015) +
A White House report on
Big Data and Differential Pricing released today examines new forms of discrimination resulting from big data analytics. The White House explained the risks to consumers, acknowledged the failure of self-regulatory efforts, and called for greater transparency and consumer control over their personal information. Last year, EPIC and a coalition of NGOs
urged the President to establish privacy protections - including
"algorithmic transparency", consumer control, and robust privacy techniques - to address
Big Data risks.
- Obama Calls for Disclosure of Secret Credit Scores (Jan. 12, 2015) +
In a
speech at the Federal Trade Commission today, President Obama called for free access to credit scores. This will improve transparency for companies that profile consumers with
"big data." Last year, the White House explored
"Big Data and the Future of Privacy." EPIC called for "algorithmic transparency" and
urged the White House to end secret profiling that limits opportunities for consumers, employees, students, and others.
- FTC Chair Warns About Risks of Connected Devices (Jan. 7, 2015) +
In a
speech at the CES conference this week, FTC Chair Edith Ramirez
warned of the privacy risks of connected home devices. "In the not-too-distant future, many, if not most, aspects of our everyday lives will be digitally observed and stored," Ramirez said. EPIC has written extensively on interconnected devices, known as the
"Internet of Things." In
comments to the FTC, EPIC described several risks, including the hidden collection of sensitive data. EPIC recommended that companies adopt
Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. For more information, see
EPIC: FTC and
EPIC: Big Data.
- EPIC Recommends Research on "Privacy Enhancing Technologies" (Oct. 23, 2014) +
In
comments to a federal agency developing a privacy research agency, EPIC expressed support for Fair Information Practices and the Consumer Privacy Bill of Rights. EPIC also recommended research on Privacy Enhancing Technologies ("PETs") that "minimize or eliminate the collection of personally identifiable information." EPIC highlighted current privacy issues including identity theft, security breaches, financial fraud, and the increasing use of predictive analytics in big data analysis. Earlier this year, EPIC submitted
comments on
"Big Data and the Future of Privacy" and called for the end of opaque algorithmic profiling. The White House's subsequent
report on Big Data and the Future of Privacy incorporated several recommendations from EPIC and other privacy organizations. For more information, see
EPIC: Big Data and the Future of Privacy.
- Data Protection Commissioners Urge Limits on "Big Data" (Oct. 17, 2014) +
The
International Data Protection Commissioners have adopted a
resolution on Big Data. The resolution endorses several privacy safeguards, including purpose specification, data minimization, individual data access, anonymization, and meaningful consent when personal data is used for big data analysis. The data protection commissioners also passed a resolution supporting the UN High Commissioner's report on
Privacy in the Digital Age and the
Mauritius Declaration on the Internet of Things. Earlier this year, EPIC joined by 24 organizations
petitioned the White House to accept public comments on its review of
Big Data and the Future of Privacy. EPIC also submitted extensive
comments detailing the privacy risks of big data and calling for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. For more information, see
EPIC: Big Data and
EPIC: Internet of Things.
- At OECD Global Forum, EPIC Urges "Algorithmic Transparency" (Oct. 3, 2014) +
Speaking to delegates at the
OECD Global Forum for the Knowledge Economy in Tokyo, EPIC President Marc Rotenberg urged OECD member countries to endorse "algorithmic transparency," the principle that data processes that impact individuals be made public. Mr. Rotenberg explained that companies are too secretive about what they collect and how they use personal data. Mr. Rotenberg also spoke about the growing risk of identity theft and cited the recent data breaches at Target, Home Depot, and JP Morgan, and urged OECD countries to update privacy laws. Earlier this year, EPIC submitted extensive
comments on the White House's review of
"Big Data and the Future of Privacy." EPIC called for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. For more information, see
EPIC - Big Data,
The Public Voice,
CSISAC.
- FTC To Explore "Big Data" and Discrimination (Sep. 10, 2014) +
The Federal Trade Commission will host a
workshop entitled "Big Data: A Tool for Inclusion or Exclusion?" The FTC will explore the effects of "big data" analytics on low-income and other underserved communities. Several members of the
EPIC Advisory Board will be participating. Earlier this year, the
FTC published a report on data brokers, warning that, "collecting and storing large amounts of data not only increases the risk of a data breach or other unauthorized access but also increases the potential harm that could be caused." The White House also
convened a task force and
published a report on "big data" this year. At
EPIC's urging, the White House included public participation in the review process.
EPIC submitted extensive comments, warning about the enormous risk to Americans of current "big data" practices but also made clear that problems are not new, citing the
Privacy Act of 1974. In 2009,
EPIC testified in support of new legislation to regulate the data broker industry. For more information, see
EPIC: Big Data and the Future of Privacy, and
EPIC: FTC.
- Home Depot Data Breach Exposes Millions of Credit Card Records (Sep. 4, 2014) +
A data breach at Home Depot might have exposed millions of consumers' credit card records, according to
an announcement from Home Depot's corporate center. "We're looking into some unusual activity that might indicate a possible payment data breach," the announcement read, "If we confirm a breach has occurred, we will make sure our customers are notified immediately." In the last year,
70 million Target customers, 33 million Adobe users,
4.6 million Snapchat users, and potentially
all 148 million eBay users had their personal information exposed by database breaches. In May of this year, the President's science advisors surprisingly
found little risk in the massive collection of personal data by companies. However,
a recent FTC report on data brokers warned that "collecting and storing large amounts of data not only increases the risk of a data breach or other unauthorized access but also increases the potential harm that could be caused."
EPIC has urged the White House to enact the Consumer Privacy Bill of Rights and to promote Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. For more information, see
EPIC: Big Data and the Future of Privacy, and
EPIC: Identity Theft.
- Report - Half of American Adults Data Hacked So far This Year (May. 29, 2014) +
A new report finds that 432 million online accounts in the US have been hacked this year, concerning about 110 million Americans. In the last year,
70 million Target customers, 33 million Adobe users,
4.6 million Snapchat users, and potentially
all 148 million eBay users had their personal information exposed by database breaches. Earlier this month, the
President's science advisors found little risk in the continued collection of personal data. However, the FTC's recent
report on data brokers warned that, "collecting and storing large amounts of data not only increases the risk of a data breach or other unauthorized access but also increases the potential harm that could be caused." Earlier,
EPIC urged the White House to promote Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. For more information, see
EPIC: Big Data and the Future of Privacy,
EPIC: Identity Theft and
EPIC: Choicepoint.
- White House Publishes Report on "Big Data and Future of Privacy" (May. 1, 2014) +
The White House has released a
report on big data and the future of privacy. The report "Big Data: Seizing Opportunities, Preserving Values" makes
several recommendations to the President: "(1) advance the Consumer Privacy Bill of Rights; (2) pass national data breach legislation; (3) extend privacy protections to non-U.S. persons; (4) ensure data collected on students in schools is used for educational purposes; (5) expand technical expertise to stop discrimination; and (6) amend the Electronic Communications Privacy Act." The report identifies discrimination as a key concern, stating "A significant finding of this report is that big data analytics have the potential to eclipse longstanding civil rights protections in how personal information is used in housing, credit, employment, health, education, and the marketplace." The report also recommends the adoption of Privacy Enhancing Technologies. EPIC
urged public participation in the review process. The White House report incorporates several
recommendations from EPIC and other privacy organizations. For more information, see
EPIC: Big Data and the Future of Privacy,
EPIC: "Privacy in the Commercial World."
- Coalition Urges White House to Recognize EU Opinion; End NSA Telephone Records Program (Apr. 16, 2014) +
In a
letter to the White House, a coalition of US organizations urged the Administration to recognize the recent
opinion by the Court of Justice, the highest court in Europe, that ended a European data retention mandate. The European law required telephone and internet companies to retain metadata on customers for national security purposes. The European Court of Justice ruled that this practice violates the fundamental right to privacy and is illegal. The US groups argue that the opinion "bears directly on the White House's review of the NSA Telephone Records Collection Program and also the White House study of
Big Data and the Future of Privacy." The groups urged the White House to 1) recognize the Court's decision in its upcoming report on big data and privacy; and 2) end the NSA telephone record collection program. The letter states that the decision by European Court "is the most significant legal opinion from any court in the world on the risks of big data and the ongoing importance of privacy protection." Last year EPIC, joined by dozens of legal scholars and former members of the Church Committee,
urged the US Supreme Court to find the NSA's telephone record collection program unlawful. More recently, EPIC submitted extensive
comments warning the White House of the enormous risks of current big data practices. For more information, see
EPIC: Data Retention and
EPIC: Big Data and the Future of Privacy.
- Court Upholds FTC Authority to Safeguard Data Privacy (Apr. 11, 2014) +
A federal judge has
ruled that the Federal Trade Commission has the power to enforce data security standards. In the case
FTC v. Wyndham, the Commission alleged that criminals stole hundreds of thousands of credit card numbers from hotel guests because Wyndham Hotels maintained lax data security. Wyndham responded that the FTC could not bring an enforcement action against the company without first publishing regulations. Judge Esther Salas held that the FTC's authority to investigate
"unfair or deceptive" business practices included data protection. FTC Chairwoman Edith Ramirez stated earlier, "Companies should take reasonable steps to secure sensitive consumer information. When they do not, it is not only appropriate, but critical, that the FTC take action on behalf of consumers." For more information, see
EPIC: Federal Trade Commission, and
EPIC: Big Data and the Future of Privacy.
- Federal Agencies Fail to Safeguard "Big Data," Breaches Doubled in Just a Few Years (Apr. 10, 2014) +
The Government Accountability Office has issued a
report, warning that federal agencies "have not been consistent or fully effective in responding to data breaches." The GAO found that "the number of reported information security incidents involving personally identifiable information has more than doubled over the last several years." The report further states, "the increasing number of cyber incidents at federal agencies, many involving the compromise of personally identifiable information, highlights the need for focused agency action to ensure the security of the large amount of sensitive personal information collected by the federal government." EPIC recently
warned the White House about the enormous risks to Americans of current "big data" practices. EPIC and more than 20 organizations have
urged the Administrations to establish strong privacy safeguards and improve accountability across the government and private sector. For more information, see
EPIC: Big Data and the Future of Privacy.
- EPIC Warns White House About Privacy Risks of "Big Data" (Apr. 7, 2014) +
In response to a
request from the White House, EPIC has submitted
extensive comments on
"Big Data and the Future of Privacy." EPIC warned the White House about the enormous risk to Americans of current "big data" practices but also made clear that problems are not new, citing the Privacy Act of 1974 which responded to the challenges of "data banks." EPIC noted the dramatic increases in identity theft and security breaches. EPIC called for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. EPIC wrote "It is vitally important to update current privacy laws to minimize collection, secure the information that is collected, and prevent abuses of predictive analytics." EPIC and more than 20 organizations previously
urged the White House to establish privacy protections for user data that is being gathered by large companies and government agencies. A report from the White House is expected on April 17. For more information, see
EPIC: Big Data and the Future of Privacy.
- NGO Coalition Tells President "Establish Privacy Protections for Big Data" (Apr. 2, 2014) +
EPIC along with more than 20 other organizations sent
comments to the White House on
"Big Data and the Future of Privacy." The organization urged the President to establish new safeguards for organizations collecting "big data" including transparency, accountability, robust privacy techniques, and meaningful evaluation. The groups also urged the President to enact the Consumer Privacy Bill of Rights. The incidents of security beaches and identity theft continue to increase in the United States. Meanwhile a
new report reveals that consumers are secretly scored by businesses. And the President recently decided to renew the NSA's ineffective telephone record collection program. The White House
agreed to accept public comments after EPIC and two dozen organizations
petitioned the Office of Science and Technology Policy. The White House has sponsored several conferences on Big Data and the Future of Privacy, though some of the meeting have been closed to the public. A report from the White House is expected on April 17. For more information, see
EPIC: Big Data and the Future of Privacy.
- White House to Accept Public Comments on Big Data and Privacy Review (Mar. 5, 2014) +
The White House is
requesting public comments on the Obama Administration's
"Big Data and the Future of Privacy" review. EPIC, joined by 24 consumer privacy, public interest, scientific, and educational organizations
petitioned the Office of Science and Technology Policy last month to accept public comments. The petition stated, "The public should be given the opportunity to contribute to the OSTP's review of 'Big Data and the Future of Privacy' since it is their information that is being collected and their privacy and their future that is at stake." The letter sets out several important questions, including whether current laws are adequate and whether it is possible to maximize the benefits of big data while minimizing the risks to privacy. Comments are due by March 31, 2014. For more information, see
EPIC: Big Data and the Future of Privacy.
- White House and MIT to Host Conference on Big Data and Privacy (Feb. 24, 2014) +
On March 3, 2014, the White House and MIT will cohost
"Big Data Privacy: Advancing the State of the Art in Technology and Practice." The conference is part of the White House's
Big Data and the Future of Privacy initiative and will feature keynotes from Counselor to the President John Podesta and Secretary of Commerce Penny Pritzker. Scholars, privacy advocates, government representatives and private sector leaders will explore the opportunities and challenges of big data and examine the use of Privacy Enhancing Techniques. President Obama
has called for a "comprehensive review of big data and the future of privacy." In response, EPIC and a coalition of consumer and scientific organizations outlined
key questions for the White House to explore, and also asked the Office of Science and Technology Policy to encourage public participation. For more information see
EPIC: Big Data and the Future of Privacy,
EPIC: Privacy and Consumer Profiling, and
EPIC: Privacy Tools.
- Senators Rockefeller and Markey Propose Data Broker Legislation (Feb. 13, 2014) +
Senators Rockefeller and Markey have
introduced the
The Data Broker Accountability and Transparency Act of 2014 (DATA Act). The proposed Act imposes transparency and accountability requirements on
data brokers and other companies that profit from the collection and sale of consumer information. Under the DATA Act, consumers would be able to access their personal information, make corrections, and opt out of marketing schemes. The DATA Act would empower the FTC to impose civil penalties on violators, and would prohibit data brokers from collecting consumer data in deceptive ways. In 2009, EPIC
testified in support of new legislation to regulate the data broker industry. In 2005, EPIC's
complaint to the FTC against data broker Choicepoint lead to a $10 million settlement. For more information, see
EPIC: Federal Trade Commission,
EPIC: Choicepoint and
EPIC: Privacy and Consumer Profiling.
- EPIC, Coalition Urge White House to Listen to Public on "Big Data and Privacy" (Feb. 10, 2014) +
EPIC, joined by 24 consumer privacy, public interest, scientific, and educational organizations
petitioned the White House's Office of Science and Technology Policy to accept public comments on the
Big Data and The Future of Privacy study now underway. The Office's primary function is to advise the President on scientific and technological issues. The President announced the Big Data review during a
recent speech on NSA reform. The petition calls on the Office of Science and Technology Policy to incorporate the concerns and opinions of the public and lays out a number of important questions to consider, including whether current laws are adequate and also whether it is possible to maximize the benefits of big data while minimizing the risks to privacy. For more information, see
EPIC: Privacy and Consumer Profiling.
- FTC Chair Ramirez Urges Senate to Act on Data Security Legislation (Feb. 5, 2014) +
The
Senate Judiciary Committee hearing on
"Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime" followed a series of major data breaches at
Target,
Neiman Marcus, and
Michaels, which compromised the personal data of tens of millions of consumers. Senator Leahy, who has introduced important
data privacy legislation, said "In the digital age, Americans face threats to their privacy and security unlike any time before in our Nation's history."
FTC Chair Edith Ramirez expressed strong support for federal data security legislation. (2h18m). In 2012 President Obama set out a framework for consumer privacy protection, the
Consumer Privacy Bill of Rights, which is supported by consumer privacy organizations. For more information, see
EPIC: Privacy Legislation,
EPIC: Identity Theft, and
EPIC: Federal Trade Commission.
- White House Announces Review of "Big Data and the Future of Privacy" (Jan. 23, 2014) +
Following the President's
speech on reform of the intelligence collection programs, White House counselor John Podesta has announced "a
comprehensive review of the way that 'big data will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy." This is the first major privacy initiative announced by the White House since the release of the
Consumer Privacy Bill of Rights in 2012. The undertaking will involve key officials across the federal government, including the President’s Science Advisor and the
President's Council of Advisors on Science and Technology. EPIC has participated in several
workshops and studies concerning the intersection of privcy and "big data."
- "Big Data and Security in Europe: Challenges and Opportunities" (Jan. 21, 2014) +
Marc Rotenberg,
EPIC President
Research Councils UK
Bibliothéque Solvay
Brussels Belgium
January 21, 2014
- Senate Report Shines Light on How Data Brokers Operate (Dec. 18, 2013) +
A Senate Committee Majority Staff
report released today highlights the oft-concealed practices of Data Brokers. The report finds that data brokers lack transparency and collect sensitive personal information, while individuals lack basic rights to know what data is collected or how it is used. The brokers, the report notes, prevent business customers from revealing how data is obtained. The report also exposed how personal information is often used to target the financially vulnerable. Thus far, the data broker industry has largely escaped federal regulation. In 2009, EPIC
testified in support of new legislation to regulate the data broker industry. In 2005, EPIC's
complaint to the FTC against data broker Choicepoint lead to a $10 million
settlement. For more information, see
EPIC: ChoicePoint and
EPIC: Federal Trade Commission.
- Spotlight: FBI Pushes Forward with Massive Biometric Database Despite Privacy Risks (Dec. 10, 2013) +
EPIC's
Spotlight on Surveillance Project returns to put the spotlight on the Federal Bureau of Investigation's Next Generation Identification program. A
billion dollar project to increase the Bureau's ability to collect biometric identifiers on millions of individuals in the United States. The FBI is currently adding facial, iris, and voice identification techniques that will greatly increase the Bureau’s ability to pursue mass surveillance. EPIC is pursuing a Freedom of Information Act
lawsuit to learn more about the program. Many of the techniques now being deployed in the US were developed by the US Department of Defense for war zones. EPIC has urged greater Congressional oversight of the program and new privacy safeguards. See EPIC's
Spotlight on Surveillance on FBI's Next Generation Identification Program.
- How Data Determines Your Fate at the Airport (Oct. 29, 2013) +
How Data Determines Your Fate at the Airport
Khaliah Barnes,
EPIC Administrative Law Counsel
Kojo Nnamdi Show
WAMU.ORG
October 29, 2013
- Cyber Security: The Emerging Debate Over How Virtual Information Should Be Controlled and Protected (Oct. 10, 2013) +
Cyber Security: The Emerging Debate Over How Virtual Information Should Be Controlled and Protected
Alan Butler,
EPIC Appellate Advocacy Counsel
National Association of Mutual Insurance Companies
Washington, DC
October 10, 2013
- FTC Chairwoman Calls for Transparency in Big Data (Aug. 19, 2013) +
In a keynote
speech at the Technology Policy Institute Aspen Forum, FTC Chairwoman Edith Ramirez called upon companies to "move their data collection and use practices out of the shadow and into the sunlight." Chairwoman Ramirez highlighted the risks of big data including indiscriminate collection, data breaches, and behind-the-scenes profiling. She stressed the importance of protecting consumers' privacy and said, "with big data comes big responsibility." EPIC previously
testified before Congress and called for the regulation of data brokers because there is too much secrecy and too little accountability in their business practices. EPIC has also consistently
recommended that the FTC enforce Fair Information Practices, such as those contained in the Administration's Consumer Privacy Bill of Rights, against commercial actors. For more information, see
EPIC: Choicepoint and
EPIC: Privacy and Consumer Profiling.
- White House Launches Open Data Project (May. 10, 2013) +
The President issued an
Executive Order and
memorandum this week outlining the administration's new "Open Data Policy." According to the White House, the goal is to make information "accessible, discoverable, and usable by the public" and to "promote interoperability and openness." The Executive Order states that agencies should also "safeguard individual privacy, confidentiality, and national security." The White House has launched
Project Open Data, a collection of code, tools, and case studies to help agencies adopt the open data policy. An article in Foreign Policy this week
"Think Again: Big Data" raises provocative questions about the actual value of "Big Data." For more information on Open Government issues, see:
EPIC: Open Government and
EPIC: Privacy Act.
- European Privacy Agencies Issue Report on Privacy and Big Data (Apr. 16, 2013) +
Responding to growing interest in privacy and "big data," representatives of the data protection agencies in Europe have issued an
opinion on the purpose limitation principles in the context of big data. The Article 29 Working Party recommends that personal data should be collected for "specified, explicit and legitimate purposes" and that personal data not be "further processed in a way incompatible with those purposes." The group also recommended that the proposed
EU data protection regulation incorporate a list of factors to aid in determining compatible uses. Last fall, EPIC Executive Director Marc Rotenberg
testified in support of the proposed reform before the European Parliament, and a group of transatlantic consumer organizations wrote a
letter expressing their support. For more information, see
EPIC: EU Data Protection Directive.
Overview
"Big data" is a term for the collection of large and complex data sets and the analysis of these data sets for relationships. The quantity of data in these sets prevents traditional methods of analysis from being effective. Rather than focusing on precise relationships between individual pieces of data, big data uses various algorithms and techniques to to infer general trends over the entire set. What counts is the quantity rather than the quality. Big data looks for the correlation rather than the causation--the "what" rather than the "why."
Big data has only become possible in recent years with advances in collection, storage, and interpretation of data. The process of datafication allows for the reinterpreting of information into usable sets. Data collection--from medicine, financial institutions, social networking, and many other fields--has exploded over the past decade. And storage costs for this data have plummeted, which makes it easier to justify holding onto data instead of discarding it. These factors, along with better techniques for analyzing the data, have allowed relationships to be discovered in ways that would not have been possible in years past.
While there are many benefits to the growth of big data analytics, traditional methods of privacy protections often fail. Many notions of privacy rely on informed consent for the disclosure and use of an individual's private data. However, big data means that data is a resource that can be used and reused, often in ways that were inconceivable at the time the data was collected. Anonymity is also eroded in a big data paradigm. Even if every individual piece of information is stripped of personal information, the relationships between the individual pieces can reveal the individual's identity.
Obama Administration Big Data Review
Following the President's speech speech on reform of the National Security Agency's bulk metadata collection program under Section 215 of the USA Patriot Act, White House counselor John Podesta announced "a comprehensive review of the way that 'big data will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy." This was the first major privacy initiative announced by the White House since the release of the Consumer Privacy Bill of Rights in 2012. The undertaking involved key officials across the federal government, including the President's Science Advisor and the President's Council of Advisors on Science and Technology.
Soon after the announcement, EPIC and a coalition of consumer groups wrote a letter, to John Holdren, the Director of the Office of Science and Technology Policy. EPIC urged OSTP to provide the public an opportunity to comment and suggested that the review take into consideration (but not be limited to) the following important questions about the role of Big Data in our society:
(1) What potential harms arise from big data collection and how are these risks currently addressed?
(2) What are the legal frameworks currently governing big data, and are they adequate?
(3) How could companies and government agencies be more transparent in the use of big data, for example, by publishing algorithms?
(4) What technical measures could promote the benefits of big data while minimizing the privacy risks?
(5) What experience have other countries had trying to address the challenges of big data?
(6) What future trends concerning big data could inform the current debate?
The Big Data Privacy Report and EPIC's Public Comments
On March 4, 2014, in response to suggestions from EPIC and other consumer privacy groups, the Office of Science and Technology Policy published a Request for Information, which provides the public an opportunity to comment on the Podesta Big Data Review. EPIC submitted comments to the review, emphasizing how the current Big Data environment poses enormous risks to ordinary Americans. EPIC emphasized the data security risks and substantial risks to student privacy that exist in the current big data regulatory environment and called for the Administration to better implement the Fair Information Practices (FIPs) first set out in 1973.
Other groups comments included:
Center for Democracy and Technology,
The Future of Privacy Forum,
The Privacy Coalition,
The Internet Association,
The Consumer Federation of America, and
the Federation of American Societies for Experimental Biology.
On May 1, 2014, the White House released the Big Data Privacy Report. The report noted that "[b]ig data technologies will be transformative in every sphere of life" and that they raise "considerable questions about how our framework for privacy protection applies in a big data ecosystem." The review also warned that "data analytics have the potential to eclipse longstanding civil rights protections in how personal information is used in housing, credit, employment, health, education, and the marketplace. Americans' relationship with data should expand, not diminish, their opportunities and potential.
The President's Council of Advisors on Science and Technology ("PCAST") released a report on the same day, entitled, "Big Data and Privacy: A Technological Perspective."
PCAST wrote that "[t]he challenges to privacy arise because technologies collect so much data (e.g., from sensors in everything from phones to parking lots) and analyze them so efficiently (e.g., through data mining and other kinds of analytics) that it is possible to learn far more than most people had anticipated or can anticipate given continuing progress. These challenges are compounded by limitations on traditional technologies used to protect privacy (such as de-identification). PCAST concludes that technology alone cannot protect privacy, and policy intended to protect privacy needs to reflect what is (and is not) technologically feasible."
In February 2015, the White House released an interim progress report on its big data initiative. The administration wrote that "[p]olicy development remains actively underway on complex recommendations [from the report], including extending more privacy protections to non-U.S. persons and scaling best practices in data management across government agencies."
Data Brokers
Data brokers are large commercial organizations that collect vast swaths of data on millions--and sometimes hundreds of millions--of consumers in order to resell the data or utilize it in targeted marketing campaigns. The data broker industry, by its own estimation, includes at least 3,500 to 4,000 companies. One data broker--Acxiom--has admitted to having profiles for over 500 million people worldwide including "nearly every U.S. consumer."
Recently, the data broker industry as a whole has come under a great deal of scrutiny from the Federal Trade Commission and the Senate Commerce Committee. FTC Commissioner Julie Brill has announced an initiative titled "Reclaim Your Name", which is designed to promote more transparency in the data broker industry and give consumers greater control over their individual data. The Senate Commerce Committee, under the leadership of Senator Jay Rockefeller (D-WV) undertook an examination of the data broker industry in 2013, holding hearings, hearings on the issue, and releasing a report, A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes of their findings. And in December 2014, the FTC brought complaint against LeapLab, a commercial data broker, accusing it of buying the payday loan applications of "financially strapped consumers" and selling their information to marketers.
In March 2015, Senators Ed Markey (D-MA), Senator Richard Blumenthal (D-CT), Senator Sheldon Whitehouse (D-RI), and Senator Al Franken (D-MN), released a bill entitled The Data Broker Accountability and Transparency Act. This act is designed to provide some broad guidelines for regulating the data broker industry.
Big Data Statistics
- Google is more than 1 million petabytes in size and processes more than 24 petabytes of data a day, a volume that is thousands of times the quantity of all printed material in the U.S. Library of Congress.
- 32 billion searches are performed each month on Twitter.
- More than 1 billion unique users visit YouTube each month and over 6 billion hours of video are watched each month on YouTube - that's almost an hour for every person on Earth, and 50% more than last year.
- 90 percent of the data in the world today has been created in the past two years.
- In 2012, data was forecasted to double every two years through the year 2020.
- In 2020, the amount of digital data produced will exceed 40 zettabytes, which is the equivalent of 5,200 gigabytes for every man, woman and child on planet earth.
- * 1 Gigabyte = Approximately 1 full-length feature film in digital format; 1 Petabyte= One Million Gigabytes or a Quadrillion Bytes; 1 Exabyte = One Billion Gigabytes; 1 Zettabyte = One Trillion Gigabytes or One Million Petabytes.
Academic Articles
- Ronald J. Krotoszynski, Jr., Reconciling Privacy and Speech in the Era of Big Data: A Comparative Legal Analysis, 56 Wm. & Mary L. Rev. 1279 (2015).
- Sharona Hoffman, Medical Big Data and Big Data Quality Problems, 21 Conn. Ins. L.J. 289 (2015).
- Michael Mattioli, Disclosing Big Data , 99 Minn. L. Rev. 535 (2014).
- Neil M. Richards & Jonathan H. King, Big Data Ethics, 49 Wake Forest L. Rev. 393 (2014).
- Nicholas Diakopoulos, Ph.D., Algorithmic Accountability Reporting: On The Investigation of Black Boxes, Tow Center for Digital Journalism (February 2014).
- Ryan Calo, Consumer Subject Review Boards: A Thought Experiment, 66 Stan. L. Rev. Online 97 (September 2013).
- Ian Kerr & Jessica Earle, Prediction, Preemption, Presumption: How Big Data Threatens Big Picture Privacy, 66 Stan. L. Rev. Online 65 (September 2013).
- Cynthia Dwork & Deirdre K. Mulligan, It's Not Privacy and It's Not Fair, 66 Stan. L. Rev. Online 35 (September 2013).
- Joseph Janes, As the Big Data beast fattens, will privacy and ethics get gobbled up?, Am. Libraries (May 2012).
- Ira S. Rubinstein, Big Data: The End of Privacy or a New Beginning?, N.Y.U. Public Law & Legal Theory Working Papers, Paper No. 357 (2012).
- Frank Pasquale, Restoring Transparency to Automated Authority, 9 J. on Telecomm. & High Tech L. 235 (Winter 2011).
- Danah boyd & Kate Crawford, Six Provocations for Big Data, A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society (September 2011).
- Paul Ohm, Broken Promises of Privacy: The Surprising Failure of Anonymization, 57 UCLA L. Rev. 1701 (2010).
Resources
- Executive Office of the President, Big Data 2015 Interim Progress Report.
- Federal Trade Commission, Complaint Against Data Broker LeapLab (December 2014).
- Executive Office of the President, Big Data: Seizing Opportunities, Preserving Values (May 2014).
- The Data Broker Accountability and Transparency Act.
- National Consumer Law Center, Big Data: A Big Disappointment for Scoring Consumer Credit Risk, March 2014.
- The White House and Massachusetts Institute of Technology, Big Data Privacy Workshop: Advancing the State of the Art in Technology and Practice, March 3, 2014.
- Letter to OSTP regarding Big Data, February 10, 2014.
- MIT Big Data Initiative at CSAIL.
- John Podesta, Counselor to the President, Big Data and the Future of Privacy, January 23, 2014.
- President Obama, Remarks by the President on Review of Signals Intelligence, January 17, 2014.
- Privacy and Consumer Profiling, EPIC website.
- EPIC ChoicePoint, EPIC website.
- Big Data and Privacy: Making Ends Meet, Stanford Center for Internet and Society and the Future of Privacy Forum, September, 2013.
- Big Data and Big Challenges for Law and Legal Information, Georgetown University Law Center Legal Symposium: A Meeting of Minds on Data and Decision Making, January 30, 2013.
- Project Open Data, White House.
- Executive Order Implementing Project Open Data, White House.
- European Union, Article 29 working Party Report, Article 29 Working Party Committee.
- Rotenberg Testimony on "The Reform of the EU Data Protection Framework: Building Trust in a Digital and Global World, EPIC website.
- Julie Brill, Commissioner of the FTC, Big Data, Big Issues, Address at Forham University School of Law, March 12, 2012.
- Consumer Data Privacy Bill of Rights, White House, February 23, 2012.
- The Promise and Peril of Big Data, David Bollier, The Aspen Institute, January 1, 2010.
- Testimony by Marc Rotenberg, Executive Director of the Electronic Privacy Information Center, on H.R. 2221, the Data Accountability and Trust Act, on May 5, 2009, EPIC website.
- Jeff Jonas, Big Data. New Physics. Jeff Jonas Blog, November 18, 2010.
- Jeff Jonas on Analytics IBM Data Protection and Law Policy Newsletter Jeff Jonas Interview.
- Jeff Jonas, Confessions of an Architect. Privacy By Design Slide Show Presentation.
- U.S. Department of Health, Education & Welfare, Report of the Secretary's Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens, (The HEW Report) (MIT 1973).