Big Data Brings Big Privacy Concerns

WASHINGTON — When CIOs think of big data, they might envision the technical challenges and opportunities posed by the vast reservoirs of information their companies are collecting and analyzing. But when some policy makers contemplate the same situation, their concerns turn to questions of privacy, and what steps data-rich companies are taking to safeguard consumers’ personal information.

Consumer Privacy

In recent years, lawmakers and regulators have voiced mounting concerns about the volume of data that businesses are collecting, how that information is then used and if it is sold, and whether consumers are given meaningful notice about those companies’ practices.

In the Senate, John Rockefeller (D-W.V.), the chairman of the Commerce Committee, opened an inquiry into the practices of nine data brokers in October. Committee staffers will continue the probe in the new Congress as Rockefeller and other lawmakers contemplate new legislation to protect consumer privacy in the Internet age.

“We have gotten involved in data brokers and big data — quote unquote — because it’s very clear that we’re approaching this place where more and more of consumers’ lives are going to be online,” Erik Jones, deputy general counsel for Rockefeller’s committee, said during a panel discussion here at the annual State of the Net conference hosted by the Advisory Committee to the Congressional Internet Caucus.

“Because of that there’s a digital footprint that is now available. There are certainly benefits to that,” Jones adds. “But there are also concerns that are raised. And what we are trying to do on the committee is better understand what that means for consumers.”

Online Data Collection Policies

Jones stresses that Rockefeller and other members working on privacy issues are keenly aware of the balancing act they would face in drafting a law that provides meaningful protections for consumers without hobbling emerging business models built around benign uses of consumer data, including all the content and applications that Internet companies offer for free, generating revenue through advertising tailored to users with increasing precision.

About two months after Rockefeller sent letters to the data brokers asking for information about their information-collection and marketing policies, the Federal Trade Commission followed suit with its own set of orders demanding similar information from nine firms. Of those, three data brokers — Acxiom, Datalogix and Rapleaf — also received letters from Rockefeller.

In issuing its orders, the FTC said that it would use the information the data brokers provided to inform its understanding of the privacy practices of the industry, which senior officials have identified as an area of particular concern in the agency’s ongoing policy work on Internet privacy.

“The power of big data is the ability to make inferences on, you know, reasonably fine-grained groups of people. And that’s the very thing that causes the privacy violation as well,” says Paul Ohm, a senior policy adviser with the FTC. “You can have really, really, really aggregated data that we would all agree could never be violated in anything we would consider privacy. Turns out that’s the data that’s the least useful.”

In the Senate, Rockefeller has been one of the leading voices calling for meaningful online privacy protections, though if any legislation with his name on it is to become law, it will have to win passage in the 113th Congress. Rockefeller has announced that he will retire after the end of his term in 2015, rather than seek reelection.

In the meantime, efforts to extract detailed information from industry players about their data-collection practices have been frustrated by a lack of specificity, according to Jones.

“What we’re trying to understand is what exactly is this information people are collecting, the companies are collecting, and what are they selling it for,” Jones says. “The concerns that are being raised on the committee are no one really knows what this information is. We’ve had plenty of meetings where individuals will come in and talk about the benefits on the marketing side, because that’s what we’re focusing on, and how it helps drive the growth of the Internet and it’s very helpful for you to find the right product that you need. But what we’re not hearing is well, how specific is this information? Where is it being collected from? I think it’s important for consumers and for Congress to understand really what this information is. And at this point it’s essentially a black box.”

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.

Follow everything from CIO.com on Twitter @CIOonline, on Facebook, and on Google +.