White House Report on Big Data and Privacy Largely Ducks Surveillance Issue

John Podesta offers six recommendations

There were no surprises in the highly anticipated release of the White House report on big data and privacy, especially since the most controversial conclusion—that big data could lead to discriminatory outcomes—was leaked to the press last weekend

The 85-page report was compiled by senior White House counselor John Podesta, who was given the daunting assignment by President Obama when he was struggling with the pushback over NSA and other government practices.

Podesta had 90 days to review and make recommendations covering not only government surveillance but also big data and privacy. During that time he consulted with privacy advocates, regulators, academics, technology industry representatives, advertisers, and civil rights groups. 

Although the original charter from the President was to review government surveillance as well as commercial big data and privacy, the report released today was light on recommendations for government surveillance practices.

Steering a middle course, the report acknowledges big data's benefits in helping to save lives, fuel the economy and streamline the government, but also raises questions about whether consumers have meaningful control over their privacy and whether big data has the potential to circumvent civil rights protections in housing, employment, credit and the consumer marketplace.

Podesta said in a statement that he didn't try to cover everything. "We knew better than to try to answer every question about big data in three months," he said.

Here are Podesta's six recommendations.

1. Advance the consumer privacy bill of rights as recommended by the Commerce department in its 2012 report, and draft legislation. Sen. Jay Rockefeller (D-W.Va.) has floated such a bill, but so far, it's gone nowhere.

2. Pass national data breach legislation. There are plenty of bills already being floated in Congress, but a national standard could help avoid the confusion caused by 47-different state statutes.

3. Extend privacy protections to non-U.S. persons, "because privacy is a worldwide value." The government took a big hit when it was revealed that it had been spying on world leaders and others across its own borders.

4. Ensure data collected on students in school is used for educational purposes.

5. Expand technical expertise to stop discrimination. Privacy hawks, some lawmakers and the Federal Trade Commission have become increasingly suspicious that automated, algorithm-driven decision-making could lead intentionally or inadvertently to discrimination or "digital redlining."

6. Amend the Electronic Communications Privacy Act. The 1986 act that restricts government wiretaps on telephones has been the subject of a number of bills in Congress to update it to include today's electronic data. 

For a report that could have been a nightmare for advertising and marketing community, the White House report turned out to be a modest endorsement of the business with some speculation about the potential for abuse.

"It's thorough and thoughtful. It identifies potential concerns without pinning them on business inaccurately," said Stu Ingis, the Venable attorney who represents the Digital Advertising Alliance. "It's a constructive way to get people to evaluate where issues are."

The White House won't get any pushback from any group or industry on its recommendation to update the ECPA and pass a national data breach law.

"It was very positive to see the White House commit to essential, long-overdue-reform to the Electronic Communications Privacy Act," said Jules Polonetsky, co-chair and executive director of the Future of Privacy Forum, a DC-based think tank.

"It is clear that momentum is on the side of [ECPA] reform, and now it is time for the Congress to respond," said Sen. Patrick Leahy (D-Vt.), chairman of the judiciary committee, whose update to the ECPA has been supported by a coalition of 100 organizations. Leahy also has a data breach bill in the works.

In a tweet, Mike Zaneis, evp of the Interactive Advertising Bureau called both recommendations "excellent ideas."

Although supportive of data breach legislation and ECPA reform, advertisers have never been keen on a baseline privacy bill, a perennial favorite among privacy advocates.

"I'm not sure it would be useful," said Dan Jaffe, evp of the Association of National Advertisers. "Legislation is not a panacea; self-regulatory efforts are more nimble in dealing with the fast-moving technology environment."

However, the report shied away from pushing an overall law even as it looked at the individual statutes for specific industries already in place. “The review was an excellent opportunity to examine the existing framework of laws and other protections that already govern how businesses use consumer data,” said Peggy Hudson, the Direct Marketing Associations svp of government affairs.  “With the examination complete, it is clear that the existing self-regulatory protections and sectoral laws – like the Fair Credit Reporting Act (FCRA) – that have protected consumers for decades, continue to ensure that speculative harms do not become realities in the age of big data. One thing is very clear:  there is no harm to consumers when data is used responsibly in the commercial sector.”

For privacy advocates, didn't give them enough to advance their arguments that commercial industry was running roughshod over consumer privacy.

"The report failed to identify the commercial surveillance complex that has been put in place by Google, Facebook, and many other data-driven businesses," said Jeff Chester, executive director for the Center for Digital Democracy. "Indeed, we are concerned that the report may give a green light to expanded data collection, where the principle is collect first and worry about privacy and consumer protection later."