The Unexamined Life in the Digital Age

Socrates is credited with the saying “the unexamined life is not worth living.” But in today’s world of tracking cookies and social media profiles, the unexamined life is starting to sound pretty good.

“Big data” is not all bad. We can use it to create algorithms to identify cancer and even notify those at risk. We can use it to make businesses more efficient in responding to consumer demand. We also use it to pay for the valuable services of online companies–we sign up for an online service in exchange for our consent to receive advertisements and share our data. In this way, data has become the currency of the internet.

Unfortunately, consumers are not always aware of the price that they are paying for online services. While surveys show that we enjoy the benefits of being tracked, those same surveys show that being tracked without our knowledge makes us more than a little uncomfortable.

The FCC enforces privacy policies for online services, but has yet to set any minimum standards for those policies. Reputable companies and trade groups have attempted to fill this vacuum with industry best practices, which, while laudable, are unenforceable.

My new paper reviews the benefits and risks of “big data,” including how online companies sell user data to data brokers as well as how we use data to help treat cancer. It then surveys current tracking methods and the legal framework currently in place to police them. It then uses regulations developed in the banking industry to suggest a a risk based, disclosure oriented regulatory framework for data.

First, any regulatory framework must adapt to the wide variety of relationships between sites and users, data types, and data uses. For example, when a user sets up an account, the user expects a more permanent relationship and the sign up process provides the opportunity for disclosures to be made. In that case, the risk that users are being tracked without their knowledge is diminished and so the regulatory scrutiny should be likewise diminished. Likewise, the kind of data gathered and the way the company uses that data may increase or decrease the risk to consumers.

Second, the regulatory framework should focus on disclosure, opportunity to opt out, and usage based data collection. In order for consumers to make an informed decision about the price that they are paying for online services, we need to bring that exchange into the light. Uniform disclosures would go a long way to helping consumers know what kind of site they are signing up for and allow them to better control what they are sharing online. Likewise, the opportunity to opt out of some collection would allow companies to customize their offers to consumers and ensure that consumers have the right to end data collection when they choose to stop using the site (but not to be forgotten as in Europe). Last, the amount and type of data gathered should be in proportion with the services provided. Recent uproar over flashlight apps gathering and selling personal information comes to mind. The FCC’s response that shut down one of these apps only complained about the fact that it violated the app’s privacy policy. But there is something inherently wrong about a company taking so much information while providing so little benefit.

Third, the UDAAP standard developed in the banking industry could serve as the standards for enforcing this regulation. These standards prohibit unfair, deceptive, and abusive acts or practices. These standards could be adapted to serve as a tool to regulate the “online currency,” data. Additionally, given the degree of separation between data brokers and consumers, a data broker registry might make good sense. We use a similar registry with money transmitters.

A successful regulatory scheme for data collection must carefully balance consumer protection with the valuable benefits that big data can provide. A risk based, disclosure oriented strategy will accomplish this goal.

The Unexamined Life in the Era of Big Data: Toward a UDAAP for Data

*this paper was accepted for publication in the University of Dayton Law Review’s Summer 2015 edition.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s