1 64 STAN. L. REV. ONLINE 63 February 2, 2012 SYMPOSIUM ISSUE PRIVACY IN THE AGE OF BIG DATA: A TIME FOR BIG DECISIONS Omer Tene* & Jules Polonetsky** We live in an age of big data. Data has become the raw material of production, a new source of immense economic and social value. Advances in data mining and analytics and the massive increase in computing power and data storage capacity have expanded, by orders of magnitude, the scope of information available to businesses, government, and individuals. 1 In addition, the increasing number of people, devices, and sensors that are now connected by digital networks has revolutionized the ability to generate, communicate, share, and access data. 2 Data create enormous value for the global economy, driving innovation, productivity, efficiency, and growth. At the same time, the data deluge presents privacy concerns that could stir a regulatory backlash, dampening the data economy and stifling innovation. 3 In order to craft a balance be- The Privacy Paradox: Privacy and Its Conflicting Values. * Associate Professor, College of Management Haim Striks School of Law, Israel; Senior Fellow, Future of Privacy Forum; Visiting Researcher, Berkeley Center for Law and Technology; Affiliate Scholar, Stanford Center for Internet and Society. I would like to thank the College of Management Haim Striks School of Law research fund and the College of Management Academic Studies research grant for supporting research for this Essay. ** Co-Chair and Director, Future of Privacy Forum. 1. See, e.g., Kenneth Cukier, Data, Data Everywhere, ECONOMIST, Feb. 27, 2010, at 3-5, available at 2. See, e.g., Omer Tene, Privacy: The New Generations, 1 INT L DATA PRIVACY LAW 15 (2011), available at 3. Consider, for example, the draft Regulation proposed on January 25, 2012, by the European Commission to replace the 1995 Data Protection Directive. It is poised to significantly increase sanctions, expand the geographical scope of the law, tighten requirements for explicit consent, and introduce a new right to be forgotten. See Commission Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data 63
2 64 STANFORD LAW REVIEW ONLINE [Vol. 64:63 tween beneficial uses of data and the protection of individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of personally identifiable information, the role of consent, and the principles of purpose limitation and data minimization. BIG DATA: BIG BENEFITS The uses of big data can be transformative, and the possible uses of the data can be difficult to anticipate at the time of initial collection. For example, the discovery of Vioxx s adverse effects, which led to its withdrawal from the market, was made possible by the analysis of clinical and cost data collected by Kaiser Permanente, a California-based managed-care consortium. Had Kaiser Permanente not connected these clinical and cost data, researchers might not have been able to attribute 27,000 cardiac arrest deaths occurring between 1999 and 2003 to use of Vioxx. 4 Another oft-cited example is Google Flu Trends, a service that predicts and locates outbreaks of the flu by making use of information aggregate search queries not originally collected with this innovative application in mind. 5 Of course, early detection of disease, when followed by rapid response, can reduce the impact of both seasonal and pandemic influenza. While a significant driver for research and innovation, the health sector is by no means the only arena for transformative data use. Another example is the smart grid, which refers to the modernization of the current electrical grid to achieve a bidirectional flow of information and electricity. The smart grid is designed to allow electricity service providers, users, and other third parties to monitor and control electricity use. Some of the benefits accrue directly to consumers, who are able to reduce energy consumption by learning which devices and appliances consume the most energy, or which times of the day put the highest or lowest overall demand on the grid. Other benefits, such as accurately predicting energy demands to optimize renewable sources, are reaped by society at large. Traffic management and control is another field witnessing significant data-driven environmental innovation. Governments around the world are establishing electronic toll pricing systems, which set forth differentiated payments based on mobility and congestion charges. Users pay depending on their (General Data Protection Regulation), COM (2012) 11 final (Jan. 25, 2012), available at 4. Rita Rubin, How Did Vioxx Debacle Happen?, USA TODAY, Oct. 12, 2004, at D1, available at 5. See Google Flu Trends: How Does This Work?, GOOGLE, (last visited Jan. 25, 2012). Also consider Google Translate, which provides a free and highly useful statistical machine translation service capable of translating between roughly sixty languages by relying on algorithms and data freely available on the Web. See Inside Google Translate, GOOGLE, (last visited Jan. 25, 2012).
4 66 STANFORD LAW REVIEW ONLINE [Vol. 64:63 WHAT DATA IS PERSONAL? We urge caution, however, when drawing conclusions from the reidentification debate. One possible conclusion, apparently supported by Ohm himself, is that all data should be treated as personally identifiable and subjected to the regulatory framework. 9 Yet such a result would create perverse incentives for organizations to abandon de-identification and therefore increase, rather than alleviate, privacy and data security risks. 10 A further pitfall is that with a vastly expanded definition of personally identifiable information, the privacy and data protection framework would become all but unworkable. The current framework, which is difficult enough to comply with and enforce in its existing scope, may well become unmanageable if it extends to any piece of information. Moreover, as Betsy Masiello and Alma Whitten have noted, while [a]nonym[ized] information will always carry some risk of re-identification.... [m]any of the most pressing privacy risks... exist only if there is certainty in re-identification, that is if the information can be authenticated. As uncertainty is introduced into the re-identification equation, we cannot know that the information truly corresponds to a particular individual; it becomes more anonymous as larger amounts of uncertainty are introduced. 11 Most importantly, if information that is not ostensibly about individuals comes under full remit of privacy laws based on a possibility of it being linked to an individual at some point in time through some conceivable method, no matter how unlikely to be used, many beneficial uses of data would be severely curtailed. Such an approach presumes that a value judgment has been made in favor of individual control over highly beneficial uses of data, but it is doubtful that such a value choice has consciously been made. Thus, the seemingly technical discussion concerning the scope of information viewed as personally identifiable masks a fundamental normative question. Policymakers should engage with this normative question, consider which activities are socially acceptable, and spell out the default norms accordingly. In doing so, they should assess the value of data uses against potential privacy risks, examine the practicability of obtaining true and informed consent, and keep in mind the enforceability of restrictions on data flows. 9. See id. at Ann Cavoukian & Khaled El Emam, Info. & Privacy Comm r of Ont., Dispelling the Myths Surrounding De-identification: Anonymization Remains a Strong Tool for Protecting Privacy 7 (2011), available at 11. Betsy Masiello & Alma Whitten, Engineering Privacy in an Age of Information Abundance, 2010 AAAI Spring Symp. Series 119, 122, available at see also Cynthia Dwork, Differential Privacy, 2006 INT L COLLOQUIUM ON AUTOMATA, LANGUAGES AND PROGRAMMING pt. II, at 8, available at lectures/ss2011/vl_privacy/differential_privacy.pdf (introducing the concept of a privacypreserving statistical database, which enables users to learn properties of a population while protecting the privacy of individuals).
6 68 STANFORD LAW REVIEW ONLINE [Vol. 64:63 not share their personal information. 14 In reality, however, this is not the case. 15 Privacy policies often serve more as liability disclaimers for businesses than as assurances of privacy for consumers. At the same time, collective action problems may generate a suboptimal equilibrium where individuals fail to opt into societally beneficial data processing in the hope of free riding on the goodwill of their peers. Consider, for example, internet browser crash reports, which very few users opt into, not so much because of real privacy concerns but rather due to a (misplaced) belief that others will do so instead. This phenomenon is evident in other contexts where the difference between opt-in and opt-out regimes is unambiguous, such as organ donation rates. In countries where organ donation is opt-in, donation rates tend to be very low compared to the rates in countries that are culturally similar but have an opt-out regime. 16 Finally, a consent-based regulatory model tends to be regressive, since individuals expectations are based on existing perceptions. For example, if Facebook had not proactively launched its News Feed feature in 2006 and had instead waited for users to opt-in, we might not have benefitted from Facebook as we know it today. It was only after data started flowing that users became accustomed to the change. We do not argue that individuals should never be asked to expressly authorize the use of their information or offered an option to opt out. Certainly, for many types of data collection and use, such as in the contexts of direct marketing, behavioral advertising, third-party data brokering, or location-based services, consent should be solicited or opt-out granted. But an increasing focus on express consent and data minimization, with little appreciation for the value of uses for data, could jeopardize innovation and beneficial societal advances. The question of the legitimacy of data use has always been intended to take into account additional values beyond privacy, as seen in the example of law enforcement, which has traditionally been allotted a degree of freedom to override privacy restrictions. CONCLUSION Privacy advocates and data regulators increasingly decry the era of big data as they observe the growing ubiquity of data collection and the increasingly ro- 14. Joseph Turow, Chris Jay Hoofnagle, Deirdre K. Mulligan, Nathaniel Good & Jens Grossklags, The Federal Trade Commission and Consumer Privacy in the Coming Decade, 3(3) I/S: J. L. & POL Y FOR INFO. SOC Y 723, 724 (2007). 15. Id. 16. Consider, for example, the donation rates in Sweden (opt-out) and Denmark (optin), 85.9% and 4.25% respectively; or in Austria (opt-out) and Germany (opt-in), 99.9% and 12% respectively. Notice, however, that additional factors besides individuals willingness to participate, such as funding and regional organization, affect the ultimate conversion rate for organ transplants. Eric J. Johnson & Daniel Goldstein, Do Defaults Save Lives?, 302 SCIENCE 1338 (2003).
7 February 2012] PRIVACY IN THE AGE OF BIG DATA 69 bust uses of data enabled by powerful processors and unlimited storage. Researchers, businesses, and entrepreneurs vehemently point to concrete or anticipated innovations that may be dependent on the default collection of large data sets. We call for the development of a model where the benefits of data for businesses and researchers are balanced against individual privacy rights. Such a model would help determine whether processing can be justified based on legitimate business interest or only subject to individual consent, and whether consent must be structured as opt-in or opt-out.
Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Docket No. 140514424 4424 01 RIN 0660 XC010 Comments of the Information Technology Industry
An Updated Privacy Paradigm for the Internet of Things By Christopher Wolf and Jules Polonetsky Co-Chairs, Future of Privacy Forum November 19, 2013 The Future of Privacy Forum is a think tank whose mission
66 STAN. L. REV. 25 September 3, 2013 PRIVACY AND BIG DATA: MAKING ENDS MEET Jules Polonetsky & Omer Tene* INTRODUCTION How should privacy risks be weighed against big data rewards? The recent controversy
Statement of Latanya Sweeney, PhD Associate Professor of Computer Science, Technology and Policy Director, Data Privacy Laboratory Carnegie Mellon University before the Privacy and Integrity Advisory Committee
Before the Department of Commerce National Telecommunications and Information Administration Docket No. 120214135-2135- 01 Multistakeholder Process to Develop Consumer Data Privacy Codes of Conduct Request
One Year Later: Privacy and Data Security in a World of Big Data, the Internet of Things, and Global Data Flows Keynote Address Before the USCIB/BIAC/OECD Conference on Promoting Inclusive Growth in the
DM Unplugged What's New Contact Us Login MyDMA Home Membership Advocacy Events and Education News Research Corporate Responsibility DMA Bookstore About DMA Search: click here GO! DMA COMMENTS ON STEARNS
Harnessing the potential of Big Data seems to be on the agenda of every mobile operator and rightly so. In today s climate of convergence, in which new technologies and networks are blurring industry lines,
September 2013 Big data: A lot to explore but little to share? Ways towards a regulatory regime for big data Gareth Quested and Sonia Sousa 1 The Big Innovation Centre is an initiative of The Work Foundation
Direct Marketing, Mobile Phones, and Consumer Privacy James Nehf* Professor King rightly observes that protecting consumer privacy in the United States is largely the responsibility of individuals. Although
Microsoft Corporation Tel 425 882 8080 One Microsoft Way Fax 425 936 7329 Redmond, WA 98052-6399 http://www.microsoft.com/ March 31, 2014 Ms. Nicole Wong Big Data Study Office of Science and Technology
The Need for Training in Big Data: Experiences and Case Studies Guy Lebanon Amazon Background and Disclaimer All opinions are mine; other perspectives are legitimate. Based on my experience as a professor
International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 4, Number 5 (2014), pp. 479-484 International Research Publications House http://www. irphouse.com /ijict.htm Cloud
Energy: Price Comparison Tools BEUC response to the CEER public consultation on the draft advice on Price Comparison Tools Contact: Guillermo Beltrà email@example.com Ref.: X/2012/003-17/01/12 Recommendation
BEFORE THE UNITED STATES FEDERAL TRADE COMMISSION WASHINGTON, DC ) COMMENTS OF THE FUTURE OF PRIVACY FORUM ) ) RE - SPRING PRIVACY SERIES: ) CONSUMER GENERATED AND CONTROLLED ) HEALTH DATA, PROJECT NO.
Foundation Working Group Proposed Recommendations on De-identifying Information for Disclosure to Third Parties The Foundation Working Group (FWG) engaged in discussions around protecting privacy while
United States of America Federal Trade Commission The Social Impact of Open Data Remarks of Maureen K. Ohlhausen 1 Commissioner, Federal Trade Commission Center for Data Innovation The Social Impact of
Privacy Challenges in the Internet of Things (IoT) a European Perspective Alicja Gniewek, PhD Student Interdisciplinary Centre for Security, Reliability and Trust Weicker Building, Université du Luxembourg
Big Data and the New Privacy Tradeoff Robert H. Sloan * and Richard Warner ** Predictions of transformative change surround Big Data. It is routine to read, for example, that with the coming of Big Data,
Northwestern Journal of Technology and Intellectual Property Volume 11 Issue 5 Article 1 2013 Big Data for All: Privacy and User Control in the Age of Analytics Omer Tene Haim Striks School of Law Jules
Hyper-Personalization with MNO Subscriber Data Approaches and Recent Trends Regarding the Use of MNO Data for Hyper-Personalization By Zach Cohen, Shahzad Zia and Carly Christian Private and public-sector
Research Note What is Big Data? By: Devin Luco Copyright 2012, ASA Institute for Risk & Innovation Keywords: Big Data, Database Management, Data Variety, Data Velocity, Data Volume, Structured Data, Unstructured
Response to the European Commission consultation on European Data Protection Legal Framework A submission by Acxiom (ID number 02737212854-67) Correspondence Address: Martin-Behaim-Straße 12, 63263 Neu-Isenburg,
SPEECH/10/279 Neelie Kroes European Commissioner for Digital agenda Bringing European values to the Internet of Things 2 nd Annual Internet of Things Conference Brussels, 1 st June 2010 Ladies and gentlemen,
Position Paper Brussels, 23 December 2015 Orgalime response to the Public consultation on the regulatory environment for platforms, online intermediaries, data and cloud computing and the collaborative
2012 2013 PRIVACY & DATA PROTECTION ANNUAL REPORT CONTENTS 2 Leading the Way 4 A Strong Privacy Advocate 7 Protecting Our Customers 16 The Mobile Revolution PREFACE by Dr. Larry Ponemon Chairman & Founder,
Thinking small about big data: Privacy considerations for the public sector Shaun Brown Partner, nnovation LLP March 30, 2016 Thinking small about big data: objectives Consider big data as a concept Focus
Data Management Platforms Optimize advertising by gaining superior understanding of your customers Glossary DSP Demand Side Platform. A platform for buying online media, used by advertisers and agencies.
TAKING THE PERSONAL OUT OF DATA: MAKING SENSE OF DE-IDENTIFICATION YIANNI LAGOS * INTRODUCTION Data is powerful but scary. Many consumer services rely on data aggregation. 1 A navigation system, for example,
Smart Grid and Privacy An International View 27 November 2013 By: Nader Farah President ESTA International One US Consumer s Reaction in Texas! 2 Source: SmartGridNews.com July 20, 2012 ESTA International
Mr. Michael Paglialonga NYS Department of Labor, Building 12 State Office Campus, Room 509 Albany, New York 12240 Re: Notice of Proposed Rulemaking: Methods of Payment of Wages LAB-21-15-00009-P Dear Mr.
Westlaw Journal AVIATION Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 29, ISSUE 23 / JANUARY 9, 2012 Expert Analysis Top 5 Commercial Data Security And Privacy Issues in
1 Internet Activity Analytics: The Activation of a Stranded Asset The Impact of Over-the-Top Services on Service Provider Growth Subscriber adoption of Over-the-Top (OTT) services is materially impacting
Data protection at the cost of economic growth? Elina Pyykkö* ECRI Commentary No. 11/November 2012 The Data Protection Regulation proposed by the European Commission contains important elements to facilitate
The Lakeland Companies are committed to protecting your privacy. This statement details the steps we take to protect your personal information when you visit our websites. It describes the personal information
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
SHORT FORM NOTICE CODE OF CONDUCT TO PROMOTE TRANSPARENCY IN MOBILE APP PRACTICES I. Preamble: Principles Underlying the Code of Conduct Below is a voluntary Code of Conduct for mobile application ( app
Protecting Privacy in an Era of Electronic Health Records Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Barrie and Community Family Health Team Royal Victoria Hospital Georgian College
Vol. 7, No. 11, November 2011 Can You Handle the Truth? Degrees of De-identification of Clinical Research Data By Jeanne M. Mattern Two sets of U.S. government regulations govern the protection of personal
Aircloak Analytics: Anonymized User Data without Data Loss An Aircloak White Paper Companies need to protect the user data they store for business analytics. Traditional data protection, however, is costly
Big Data, Official Statistics and Social Science Research: Emerging Data Challenges Professor Paul Cheung Director, United Nations Statistics Division Building the Global Information System Elements of
Comments to the FCC on Broadband Consumer Privacy Peter Swire Huang Professor of Law and Ethics Georgia Tech Scheller College of Business April 28, 2015 This document responds to the request from the Federal
Big Data for Educational Institutions A Framework for Addressing Privacy Compliance and Legal Considerations Roadmap Introduction What is Big Data? How are educational institutions using Big Data? What
The big data dilemma an inquiry by the House of Commons Select Committee on Science and Technology Evidence from the UK Computing Research Committee Definitive. 1 September 2015 The UK Computing Research
Privacy & Big Data: Enable Big Data Analytics with Privacy by Design Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014 Agenda? What is 'Big Data'? Privacy Implications Privacy
Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers March 2013 How Target Knew a High School Girl Was Pregnant Before Her Parents Did just because you can,
Big Data Big Data: Introduction and Applications August 20, 2015 HKU-HKJC ExCEL3 Seminar Michael Chau, Associate Professor School of Business, The University of Hong Kong Ample opportunities for business
MEMORANDUM To: Interested Persons From: Claire Gartland, Khaliah Barnes, and Marc Rotenberg, Electronic Privacy Information Center (EPIC) Re: FCC Communications Privacy Rulemaking Date: EPIC is circulating
WHITE PAPER 12 Key File Sync and Share Advantages of Transporter Over Box for Enterprise Cloud storage companies invented a better way to manage information that allows files to be automatically synced
Call for Papers for a Special Issue (Journal of the Association for Information Systems) ICT Challenges and Opportunities in Building a Bright Society Submission Deadline: February 28, 2016 Guest Editors:
Prepared Statement of Paula J. Bruening Staff Counsel The Center for Democracy & Technology before The House Committee On Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection on
I ICO guidance Guidance on political campaigning 3 Guidance on political campaigning Data Protection Act Privacy and Electronic Communications Regulations Contents Introduction... 3 A. Why comply?... 5
Promoting Cross Border Data Flows Priorities for the Business Community The movement of electronic information across borders is critical to businesses around the world, but the international rules governing
Big Data Analytics Empowering SME s to think and act Author: Haricharan Mylaraiah Chief Operating Officer 1320 Greenway Drive, Irving, TX 75038 Contents Executive Summary... 3 Introduction... 4 What Big
Privacy Techniques for Big Data The Pros and Cons of Syntatic and Differential Privacy Approaches Dr#Roksana#Boreli# SMU,#Singapore,#May#2015# Introductions NICTA Australia s National Centre of Excellence
4 External influences PESTLE Analysis A PESTLE analysis is a useful tool to support the investigation and decision process relating to cloud services. PESTLE in general covers Political, Economic, Social,
white paper Big Data for Small Business Why small to medium enterprises need to know about Big Data and how to manage it Sponsored by: Big Data is the ability to collect information from diverse sources
Data Privacy and Biomedicine Syllabus - Page 1 of 6 Course: Data Privacy in Biomedicine (BMIF-380 / CS-396) Instructor: Bradley Malin, Ph.D. (firstname.lastname@example.org) Semester: Spring 2015 Time: Mondays
Danny Wang, Ph.D. Vice President of Business Strategy and Risk Management Republic Bank Agenda» Overview» What is Big Data?» Accelerates advances in computer & technologies» Revolutionizes data measurement»
Federal Trade Commission Exploring Privacy A Roundtable Series Berkeley, CA Remarks of David Vladeck, 1 Director FTC Bureau of Consumer Protection, January 28, 2010 It is great to be here in California.
Security and Fraud Exceptions Under Do Not Track Christopher Soghoian Center for Applied Cybersecurity Research, Indiana University Position Paper for W3C Workshop on Web Tracking and User Privacy 28/29
Issues Change Solution How to get closer to your customers Communicating with customers on their terms Every channel available The Internet enables easier comparison of companies, particularly of price,
Reading List: Big Data, Security and Privacy Abelson, H. and Kagal, L. (2010) Access Control is an Inadequate Framework for Privacy Protection, W3C Workshop on Privacy for Advanced Web APIs 12/13 (July)
Ms. Marcia E. Asquith Office of the Corporate Secretary FINRA 1735 K Street, NW Washington, DC 20006 Re: FINRA Regulatory Notice 13-42: FINRA Requests Comments on a Concept Proposal to Develop the Comprehensive
White Paper Catalysts driving successful decisions in life sciences. The Myth of Anonymization: Has Big Data Killed Anonymity? by Jessica Santos, Ph.D. March 2015 www.kantarhealth.com Anonymization has
The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the
AdvancedMD Online Privacy Statement Effective date: September 1, 2015 This Privacy Statement explains how AdvancedMD uses and discloses personal information that we collect from people who visit our websites