Data Industry Must Step Up to Protect Consumer Privacy
We are awash in data. Every time we go online or use a smartphone or credit card, our purchases and movements are tracked. We keep our schedules, plan trips and celebrate birthdays online. When we go outside, ubiquitous CCTV and security cameras capture our movements. And a world of interconnected refrigerators, thermostats and other everyday devices -- the Internet of Things -- lies just ahead.
Advocates of big-data analytics promise tremendous benefits. Some benefits -- helping companies determine which ads you see online, which articles a newspaper recommends to you and which book to recommend you read next -- are relatively mundane. Other benefits could be utterly transformative -- keeping kids in high school, preventing infections in premature children and conserving our natural resources by making our use of electricity more efficient.
To reap these rewards, we're told we need to scrap many of the basic privacy principles. Some big-data enthusiasts dismiss transparency, choice, accuracy, data minimization and other protections as unworkable. Others argue that the drawbacks of applying basic privacy principles outweigh the benefits.
Crossing the line
Brushing these principles aside has led some companies to adopt a "collect first, ask questions later" approach to personal data. Some are selling consumer-specific data for purposes that fall right on -- or just beyond -- the boundaries of the Fair Credit Reporting Act and other laws. Others are using personal data to make "eligibility" determinations, such as whether an individual is too risky to do business with, has engaged in fraud or is ineligible to enroll in certain clubs, dating services, schools or other programs. Still others are collecting and using big data to make sensitive predictions about consumers, such as those involving their health conditions, sexual orientation and religion.
Data brokers, marketers and other companies that join the big-data stampede while ignoring basic privacy principles do so at their own peril. Inaccuracies, unexpected disclosures and the use of sensitive data can cause real harm to consumers, not to mention potentially violate the law.
New laws would help. But there is more we can do right now to address the fundamental challenge of helping consumers regain control of their most sensitive and private information. To this end, I am calling on the data-broker industry to join a comprehensive initiative, which I call Reclaim Your Name.
The concept is simple. Through creation of consumer-friendly online services, Reclaim Your Name would empower the consumer to find out how brokers are collecting and using data; give her access to information that data brokers have amassed about her; allow her to opt-out if a data broker is selling her information for marketing purposes; and provide her the opportunity to correct errors in information used for substantive decisions.
Improving the handling of sensitive data is another part of Reclaim Your Name. Data brokers that participate in Reclaim Your Name would agree to tailor their data handling and notice and choice tools to the sensitivity of the information at issue. As the data they handle or create becomes more sensitive -- relating to health conditions, sexual orientation and financial condition, for example -- the data brokers would provide greater transparency and more robust notice and choice to consumers.
The user interface is also critical. It should be user-friendly, and the industry should provide a one-stop shop so consumers can learn about the tools all data brokers provide, and the choices consumers can make about the use of their data.
Another important challenge is to bring the technology of credit reporting into the 21st century. The process of collecting and synthesizing data into individual credit profiles is too error-prone for too many Americans. So is the industry's "dispute resolution" system, which fails to resolve many disputes -- especially where consumers have identical or similar names. New technological tools also must be developed to help consumers more easily obtain and understand their credit reports, and to give consumers a better, privacy-enhancing interface for correcting their credit information across multiple credit-reporting agencies.
Internet of Things
We must also take into consideration the privacy challenges of the Internet of Things. Many connected devices have no user interface, and consumers may not even realize that the devices they are using are connected, let alone sending data to third parties. Engineers and technologists will have to ensure that connected devices build in privacy from the start, collecting the minimum of data necessary to make a device function, and creating a consumer-friendly dashboard that explains the data the device collects, the uses of the data and who might see the data.
Moving forward, it will be crucial to incorporate transparency, choice, access and other basic privacy principles into big-data analytics. It will require the focused efforts of companies and experimentation by technologists. The result can be a system that respects consumer privacy and engenders consumer trust, allowing big data to reach its full potential to benefit us all.