White House Calls for Big Data and Cloud Privacy Overhaul

Leading tech groups welcome call for data breach law and outdated cloud privacy statute, but warn against overreaching consumer privacy legislation.

The White House yesterday issued a series of policy recommendations to better protect individual privacy in the era of big data, calling on Congress to write into law a consumer bill of rights for the digital age and update an electronic privacy statute that's more than a quarter century old, among other measures.

Follow everything from CIO on Twitter @CIOonline.

In outlining the new proposals, John Podesta, the counselor to the president who led a three-month study of privacy and big data, took pains to highlight the myriad ways in which data collected from sensors, smartphones and other networked devices and objects can yield valuable social and economic benefits.

Government CIOs

Big data functions like predictive analytics and continuous monitoring can help stem the spread of infectious diseases or provide advance warning about potential mechanical failures in jet engines, for instance.

[Related: Obama Backs 'Consumer Bill of Rights' for Online Privacy]

At the same time, Podesta cautioned that "big data raises serious questions, too, about how we protect our privacy," suggesting that businesses need to provide users with more meaningful ways to understand and control how their information is being collected and used.

"It's undeniable that big data challenges several of the key assumptions that underpin current privacy frameworks."

-- Commerce Secretary Penny Pritzkere

"In particular, our review raised the question of whether the 'notice and consent' framework, in which a user grants permission for a service to collect and use information about them, still allows us to meaningfully control our privacy as data about us is increasingly used and reused in ways that could not have been anticipated when it was collected," Podesta told reporters on a conference call.

White House Jumpstarts Comgress

With the new privacy report, the White House is aiming to spur Congress into action with a number of targeted legislative proposals, some with longstanding support from the tech industry, such as the passage of a national data-breach notification law to replace the patchwork of state laws currently on the books.

Additionally, the administration is calling for an update of the Electronic Communications Privacy Act (ECPA), a 1986 law that set privacy protections for digital content. That law, enacted before the commercialization of the Internet and the advent of the Web, contains what Podesta described as "artificial differences and archaic distinctions" that afford different legal protections for opened and unopened emails, and communications that are stored locally or in the cloud.

[Related: CIOs See Big Data as Internet-Like Innovation Platform for Government]

Several leading tech trade groups quickly lauded those proposals, particularly ECPA reform, which has the backing of a broad range of could computing firms.

"As users increasingly store email and other communications remotely, it is critical to reform ECPA to establish a warrant requirement for access to these communications, regardless of where they are stored," Mark MacCarthy, vice president of public affairs at the Software and Information Industry Association, said in a statement.

Some of those groups were more cautious in their response to the proposal to enact legislation enshrining a consumer bill of rights along the lines of the framework the White House rolled out in 2012. The White House has asked the Commerce Department to convene businesses, privacy advocates and other stakeholders to consider how those principles might be updated to provide consumer protections in light of the big data report.

[Related: NSA Revelations Prompt Tech Industry to Call for Privacy Safeguards]

That set off alarms in some corners of the industry. The trade group TechAmerica said it was "somewhat confused" about the report's focus on "hypothetical concerns about the use of data." SIIA's MacCarthy cautioned that "burdensome new legal requirements would only impede data-driven innovation and hurt the ability of U.S. companies to create jobs and drive economic growth."

Big Data Changes Everything

But the call for Congress to codify the consumer bill of rights comes as an acknowledgement on the part of the administration that existing privacy law has fallen out of step with the ways that businesses are collecting, analyzing and repackaging information about consumers.

"It's undeniable that big data challenges several of the key assumptions that underpin current privacy frameworks," Commerce Secretary Penny Pritzker told reporters.

"It's very clear that data can improve our lives and create economic opportunity," Pritzker said. "However, big data can also raise challenging questions about how we safeguard privacy and civil liberties."

In addition to the recommendations to Congress, the White House report outlines several steps that the administration intends to take on its own.

The report calls on the relevant civil rights and consumer protection agencies within the government to expand their technical expertise to better guard against the use of data profiling to discriminate against certain classes in areas such as housing, employment or consumer credit.

The administration is also looking to ensure that data collected about students through platforms such as online courses is used only for educational purposes.

Additionally, the White House Office of Management and Budget will begin coordinating with other agencies to expand the protections of the 1974 Privacy Act to non-U.S. individuals. That move comes as a nod to the inherently global nature of cloud computing, and appears to be a partial response to the challenges tech firms have experienced in expanding into other countries, where concerns run high about the protections of their data afforded under U.S. law.

"We should be leading in the international conversation on big data that reaffirms our commitment to interoperable global privacy frameworks," Pritzker said. "We have to consider big data as an international issue."

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow Kenneth on Twitter @kecorb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.

Copyright © 2014 IDG Communications, Inc.

Download CIO's Winter 2021 digital issue: Supercharging IT innovation