New capabilities to gather, analyze, disseminate, and preserve vast quantities of data raise new concerns about the nature of privacy and the means by which individual privacy might be compromised or protected, says a report issued in May by the President’s Council of Advisors on Science and Technology.
The report likely will factor into the ongoing consideration of how governmental policies may be crafted in the future that could affect the private sector, including financial services, which already faces considerable responsibilities regarding the protection of customer data.
The council looked into the relationship of emerging technologies and the changing nature of protecting privacy. For example, it expands the definition of “privacy” to include not only the traditional right to be left alone, but also the ability to share information selectively but not publicly.
“Today’s concerns about big data reflect both the substantial increases in the amount of data being collected and associated changes, both actual and potential, in how they are used,” the report says.
It concludes that it is the actual use of data, particularly through analytics, rather than the particular technologies associated with collecting data, that produces the majority of concern regarding the protection of individual privacy. In addition, it believes that “the responsibility for using personal data in accordance with the user’s preferences should rest with the provider rather than with the user.”
The group’s objective for this study was not to recommend specific privacy policies, but rather to make a relative assessment of the technical feasibilities of different broad policy approaches. Along those lines, the report discusses the implications of current and emerging technologies for government policies for privacy protection.
Regarding this, it concludes: “The use of technical measures for enforcing privacy can be stimulated by reputational pressure, but such measures are most effective when there are regulations and laws with civil or criminal penalties. Rules and regulations provide both deterrence of harmful actions and incentives to deploy privacy-protecting technologies. Privacy protection cannot be achieved by technical measures alone.”
However, the crafting of any such potential laws or regulations must be balanced against inhibiting the positive and desirable aspects made possible by big data and its analysis and use, the report makes clear.
The council recognizes that big data collection and analysis can and does have desirable attributes. “PCAST believes strongly that the positive benefits of big-data technology are (or can be) greater than any new harms,” it says at one point in the report. Later it expands on this: “The beneficial uses of near-ubiquitous data collection are large, and they fuel an increasingly important set of economic activities. Taken together, these considerations suggest that a policy focus on limiting data collection will not be a broadly applicable or scalable strategy—nor one likely to achieve the right balance between beneficial results and unintended negative consequences (such as inhibiting economic growth).”
In its list of recommendations to the president, foremost is that “policy attention should focus more on the actual uses of big data and less on its collection and analysis.”
Other recommendations include:
- Policies and regulation, at all levels of government, should not embed particular technological solutions, but rather should be stated in terms of intended outcomes.
- Various government agencies should strengthen U.S research in privacy-related technologies and in the relevant areas of social science that inform the successful application of those technologies.
- The government, with appropriate education institutions and professional societies, should encourage increased education and training opportunities concerning privacy protection, including career paths for professionals.
- The United States should take the lead both in the international arena and at home by adopting policies that stimulate the use of practical privacy-protecting technologies that exist today.