This post was written by Paul Bond and Christine Nielsen.
While the national conversation on data collection in the United States has been dominated recently by issues of national security, the FTC remains determined to push consumer privacy. In her keynote address at the recent Computers Freedom and Privacy Conference, Commissioner Julie Brill reaffirmed the Commission’s commitment to address so-called data brokers in a systematic way. The speech, entitled “Reclaim Your Name,” is something of a state-of-the-union on big data matters. Aside from the admittedly catchy name, nothing in this proposal is totally new. However, in terms of tone and timing, this speech suggests that the FTC is looking to retake the privacy discussion and refocus the national debate on commercial data collection and use.
After a passing reference to the Snowden leaks and the tradeoff inherent in the use of consumer data, Commissioner Brill drills down on several substantive points. These include her judgment that an expanded use of the Fair Credit Reporting Act may be needed. She notes, on page 5 of this speech, that “our big data world strains the seams of the FCRA,” and calls for the application of the Act to new situations and new types of information products. For example, in Commissioner Brill’s view, on p. 4, even e-scores used to guide online behavioral marketing may need to eventually be put under the FCRA’s framework. After all, she asks, “What happens if lenders and other financial service providers do away with their phone banks and storefronts and market their loans and other financial products largely or entirely online?” p. 4.
Commissioner Brill also repeats her long-standing call for additional transparency among data brokers. Per Commissioner Brill, “Since most consumers have no way of knowing who these data brokers are, let alone finding the tools the companies provide, the reality is that current access and correction rights provide only the illusion of transparency.” p. 5.
The Commissioner’s third point involves notice and choice. Commissioner Brill used an example she’s cited frequently – that of Target predicting customers’ pregnancy status based on buying behaviors, and marketing pregnancy and baby products accordingly – to suggest that some types of predictive analytics will never be appropriate in some contexts, regardless of notice. She notes:
There is nothing in the context of a retail purchase that implies notice and consent – nothing that reasonably informs the consumer her data might be collected to make predictions about sensitive health conditions or seeks her consent to do so. And if the store were to try to make the notice and consent explicit? Imagine walking into Target and reading a sign on the wall or a disclosure on a receipt that says: “We will analyze your purchases to predict what health conditions you have so that we can provide you with discounts and coupons you may want.” That clear statement would surprise – and alarm – most of us.
Lastly, Commissioner Brill reaffirmed the FTC’s suspicion regarding deidentification: “Because much of big data is created through predictive analysis, and because much of the analytics are for the purpose of gaining insights into specific individuals, chunks of big data will always be, by their very nature, identifiable or linkable to individuals.” p. 9.
As far as solutions, the Commissioner called for increased privacy by design, and voiced support for “the creation of ‘algorithmists’ – licensed professionals with ethical responsibilities for an organization’s appropriate handling of consumer data.” p. 9. Commissioner Brill also said she would welcome legislation on the issue. But lastly, she suggests a voluntary industry initiative:
I would suggest we need a comprehensive initiative – one I am calling “Reclaim Your Name.” Reclaim Your Name would give consumers the knowledge and the technological tools to reassert some control over their personal data – to be the ones to decide how much to share, with whom, and for what purpose – to reclaim their names.
Reclaim Your Name would empower the consumer to find out how brokers are collecting and using data; give her access to information that data brokers have amassed about her; allow her to opt-out if she learns a data broker is selling her information for marketing purposes; and provide her the opportunity to correct errors in information used for substantive decisions – like credit, insurance, employment, and other benefits. Over a year ago, I called on the data broker industry to develop a user-friendly, one-stop online shop to achieve these goals.
While many portions of Commissioner Brill’s recommendations are wholly aspirational, this conversation should be carefully considered by any company developing policies and procedures around predictive analytics and big data.