Some privacy commentators consider ‘big data’ to be a newspeak phrase that attempts to repackage older familiar terms like ‘personal information’ in a way that reframes the concept and limits the way people think about the privacy issues.
Others enthusiastically embrace the term as a useful new construct that points to new possibilities for analysis, innovation, public good and private profit.
A third group sees the phrase as one that has for good or ill entered the public policy debate and needs to be understood and engaged with.
Each of these diverse groups have attempted to engage with the privacy issues surrounding ‘big data’ uses and practices and several have in recent weeks offered possible privacy approaches, guidelines or principles. It is worth briefly highlighting a few recent published reports that offer recommendations for better practice in the area of big data.
The International Working Group on Privacy in Telecommunications – more commonly abbreviated in privacy circles to ‘the Berlin Group’ – recently released its “Working Paper on Big Data and Privacy” subtitled “Privacy principles under pressure in the age of Big Data analytics”.
The Berlin Group is the most expert group of privacy commissioners and privacy regulators that are working internationally on privacy issues in telecommunications issues for 30 years so their insights are well worth study. Its working paper is an excellent primer on the privacy issues in the area of big data. Its strong opening recommendation that valid consent from individuals should be obtained for big data profiling of individuals will not be welcomed by practitioners of big data analysis. But this recommendation is coupled with more nuanced comments about the circumstances in which consent might properly be dispensed with. There are also a series of other thoughtful recommendations.
Coming from a slightly different perspective is the Information Accountability Foundation. This is a collaborative foundation funded by corporations that take the view that businesses should be held accountable for their information handling. In a recent set of comments to the US National Telecommunications and Information Agency, they promoted a framework for the ethical uses of big data.
Finally, the national privacy regulator in Britain, the Information Commissioner’s Office (ICO), has set out in a recent report how big data can - and must - operate within data protection law. It is understood that the ICO is the first data protection authority to articulate guidance at this level of detail though it is unlikely to have the last word.
Perhaps if these promising new approaches are applied to ‘big data’, we may be able to look forward to ‘doubleplusgood’ outcomes for privacy?