Privacy and Big Data: The Biggest Public Policy Challenge of Our Time?
Imagine the government could reduce the likelihood of a deadly terrorist attack by deploying a sophisticated algorithm to sift through the contents of all e-mail correspondence of U.S. citizens. Would the tradeoff of privacy for national security be justified from a public policy point of view? Would it make a difference whether such Big Data analysis helped avert one such attack per decade or two per year? What about if the database included not e-mail contents but only “to/from” and “subject line” routing information? These questions and others have been hurled to the forefront of public debate by the recent revelations about the scope of NSA surveillance. Yet the benefits of Big Data—powerful new ways to collect, analyze and store massive amounts of information—exceed the realm of national security or even government usage and extend to areas such as scientific research, public health and energy conservation by the private sector.
In a paper recently published in the Penn Law Review, Paul Ohm, a professor of law at the University of Colorado and until recently the senior policy advisor to the FTC, diminishes “The Underwhelming Benefits Of Big Data.” Ohm critiques an article written by Jules Polonetsky, CIPP/US, Director of the Future of Privacy Forum (FPF), and myself about the tradeoff between Big Data benefits and privacy costs (see here, published in the Northwestern Journal of Technology and Intellectual Property). He claims, “Too many commentators have too often overstated the benefits of Big Data, inflating studies and praising the merely trivial.” He argues that while some benefits, for example in the field of medical research, are compelling, others are not; stating that “Tene and Polonetsky seem to understand the speciousness of some of the other benefits they herald.”
Yet who is to say that some data-driven innovations are worthwhile while others are not? Are privacy professionals qualified and equipped to make such weighty policy choices, deciding that energy preservation is less important than medical research yet more valuable than fraud detection?
Finding the right balance between privacy risks and Big Data rewards may very well be the biggest public policy challenge of our time. It calls for momentous choices to be made between weighty policy concerns such as medical research, urban planning and efficient use of resources, on the one hand, and individuals’ rights to privacy, fairness, equality and freedom of speech, on the other hand. It requires deciding whether efforts to cure fatal disease or eviscerate terrorism are worth subjecting human individuality to omniscient surveillance and algorithmic decision-making.
Unfortunately, the discussion progresses crisis by crisis, often focusing on legalistic formalities while the bigger policy choices are avoided. Moreover, the debate has become increasingly polarized, with each cohort fully discounting the concerns of the other. For example, in the context of government surveillance, civil libertarians depict the government as pursuing absolute power while law enforcement officials blame privacy for child pornography and airplanes falling out of the sky. It seems that for “privacy hawks,” no benefit, no matter how compelling, is large enough to offset privacy costs; while for data enthusiasts, privacy risks are no more than an afterthought in the pursuit of complete information.
To be sure, Ohm admits in his paper that “Big Data techniques will lead to significant, new, life-enhancing (even life-saving) benefits that we would be ill advised to electively forego.” Yet he argues that “Big Data’s touted benefits are often less significant than claimed and less necessary than assumed.” For example, he criticizes one case cited in our Northwestern paper, where through analysis of anonymized Internet search queries, a group of Stanford scientists were able to confirm that the interaction between two blockbuster drugs, Paxil and Paravachol, causes diabetes. Ohm writes, “the researchers developed their hypothesis through traditional methods, by searching an FDA database of adverse events, and used the novel privacy-invasive step only to support the hypothesis.” To begin with, we do not accept the premise that scientific confirmation is inherently a less important or “worthy” goal than hypothesis building. Moreover, in this specific case, the hypothesis itself was formed through big data analysis—of the FDA Adverse Event Reporting System.
Ohm argues that after putting forward compelling use cases from the field of medical research and sustainable development, Polonetsky and I “begin to slide into much less significant territory, touting benefits that pale in comparison.” Yet these “less significant” benefits, which include fraud detection in the payment card industry and enhanced efficiency in product and ad delivery, appear to us to at least merit serious contemplation. And while we agree that society must come up with criteria to evaluate the relative weight of different benefits (or social values), we claim that such decisions transcend privacy law. The social value of energy conservation, national security or economic efficiency is a meta-privacy issue that requires debate by experts in the respective fields. If privacy regulators were the sole decision-makers determining the relative importance of values that sometimes conflict with privacy they would become the de facto regulators of all things commerce, research, security and speech. This would be a perverse result, given that even where privacy constitutes a fundamental human right, it is not an “über-value” that trumps every other social consideration.
To stage a reasoned discussion of Big Data’s benefits and attendant costs, the FPF has teamed up with the Stanford Center for Internet and Society for a special symposium titled “Privacy and Big Data: Making Ends Meet.” The symposium includes a call for papers (now closed), which yielded a large volume of excellent scholarship from leading academics and practitioners, including lawyers, technologists, sociologists and philosophers. A selection of these papers will be published in a special issue of the Stanford Law Review Online. In addition, the authors will convene with leading policymakers in Washington, DC, on September 10, to debate the results of their research.
About the Author
Omer Tene is Vice President of Research and Education at the IAPP where he administers the Westin Fellowship program and fosters ties between the industry and academia. He is also Vice Dean of the College of Management School of Law, Rishon Le Zion, Israel; an Affiliate Scholar at the Stanford Center for Internet and Society; and a Senior Fellow at the Future of Privacy Forum. He has published extensively in US and European law reviews about big data, online tracking, and international privacy law.