Washington, D.C.—There are many things to like in the Administration’s report on data and privacy, Big Data: Seizing Opportunities, Preserving Values, which was released on May 1, 2014. Consumer Federation of America (CFA) strongly supports some of the policy recommendations in the report, specifically those calling for advancing the Consumer Privacy Bill of Rights, ensuring that data collected about students is protected from being shared or used inappropriately, expanding government expertise to identify big data practices that have a discriminatory impact on protected classes, and amending the Electronic Communications Privacy Act to bring the privacy protections that it affords up to date.
While the findings in the report are generally thoughtful and balanced, there are some issues that are glossed-over, some assertions that are flat-out wrong, and some recommendations with which CFA disagrees. For instance, the report largely side-steps the issue of NSA data collection and the recommendation to extend U.S. privacy protections to non-U.S persons is unlikely to provide individuals in other countries with much comfort, given the inadequacy of those protections. The report fails to acknowledge the serious shortcomings of the U.S.-E.U. Safe Harbor program, from which the European Parliament has voted to withdraw, and refers to the current efforts to save it as “discussing how best to enhance” it. The report acknowledges that the sectoral privacy regime in the U.S. sometimes leaves “unregulated potential uses of information that fall between sectors” but then contends that protecting privacy of “small” data has been effectively addressed in the U.S., a conclusion with which CFA vigorously disagrees. The U.S. still has far to go in order to protect individuals’ personal data, no matter the size of the data sets. Without a baseline privacy regime that recognizes the rights of individuals to control the collection as well as the use of their personal information, it will be difficult for the U.S. to address the profound challenges that big data present and that the report so ably describes.
The report recommends passage of national data breach legislation but fails to delve into the problem of data breaches or to provide a detailed rationale for why such legislation is needed. With 47 states now requiring data breach notification and in light of the fact that federal legislation would likely preempt the states from regulating in this area, CFA is concerned that unless federal requirements are sufficiently strong, consumers could be left with weaker rights and protections.
CFA is also concerned about the recommendation that the Department of Commerce (DOC) should play the lead role in seeking public comment about how the Consumer Privacy Bill of Rights should address big data issues and drafting legislation to implement the principles into law. The DOC is not the lead agency in the U.S. on privacy policy, nor should it be, as its primary role is to promote business interests. As an independent agency that has studied privacy issues for many years, the Federal Trade Commission would be best-placed to lead that effort.
Notwithstanding these concerns, CFA appreciates the Administration’s initiative on big data and looks forward to working with the White House and relevant agencies to advance the protection of individual privacy and autonomy in the digital age.
Contact: Susan Grant, 202-939-1003
The Consumer Federation of America is an association of more than 250 nonprofit consumer groups that was established in 1968 to advance the consumer interest through research, advocacy, and education.