A comprehensive report on big data released by the White House on May 1, 2014, suggests that “[t]echnological advances that have driven down the cost of creating, capturing, managing, and storing information to one-sixth of what is was,” less than a decade ago, which, along with new sources of data obtained from geospatial technologies, cameras and sensors, “make the notion of limiting information collection challenging, if not impossible.” The result? According to the report, the long-standing “notice and consent” regime may soon be obsolete and regulating data use may be the only way to protect privacy in the era of big data.

The report, Big Data: Seizing Opportunities, Preserving Values, was prepared for President Barack Obama in response to his request for an examination of how big data is transforming the lives of Americans and the “relationships between government, citizens, businesses, and consumers.” The report’s emphasis is on maximizing the societal benefits (e.g., improving the economy, education, health and energy efficiency) and minimizing the risks (e.g., loss of individual privacy and control over one’s identity and information, and discriminatory treatment) associated with big data collection, and the federal government’s role thereto. But, one of the significant conclusions is that “notice and consent” may no longer be sufficient to protect privacy and that “a responsible use framework” can offer superior privacy protection in light of big data trends.

The report describes several big data trends that undermine notice and consent, such as the Internet of Things, facial recognition and wearable technologies. “[B]ig data technologies, together with the sensors that ride on the ‘Internet of Things,’ pierce many spaces that were previously private.” In addition, “[f]acial recognition technologies can identify you in pictures online and as soon as you step outside.” New “wearable technologies” and “the arrival of whole classes of networked devices will only expand information collection further.” The report stresses that “data fusion,” which is the practice of combining disparate sources of data, can make it “very difficult to keep [data] anonymous” and can result in de-identified information becoming re-identified. Finally, although the report acknowledges that notice and consent provides adequate protection “[f]or the vast majority of today’s ordinary interactions between consumers and first parties,” and that these trends do not prevent individuals from participating in the protection of their data, there is a shift towards “collection, use and storage of data by entities that do not have a direct relationship with the consumer or individual” that challenges the efficacy of first party notice and consent.

The advantages of moving towards a responsible use framework include, according to the authors, “shift[ing] responsibility from the individual, who is not well equipped to understand or contest [modern] consent notices.” A responsible use regime would hold data collectors and users accountable for the way they manage data and any harm caused, “rather than narrowly defining their responsibility to whether they properly obtained consent at the time of collection.” Emphasizing responsible use would also focus attention on the issue of how to balance the benefits and risks of big data “in a world where more data is inevitably collected about more things.” A complimentary report prepared by the President’s Council of Advisors on Science and Technology, Big Data and Privacy: A Technological Perspective, also recommends that policies focus on use and outcomes to avoid technological obsolescence. While the focus on use is not without merit, DWT Partner, Christin McMeley speaks out on the continued importance of the role of the individual in protecting one’s own privacy in a recent Bloomberg BNA Privacy & Data Security Law Report interview with her, “Views on Big Data Reports to the White House.”

While technological trends will likely force more responsibility on users of data at some point, the traditional notice and consent model so far remains intact. But, given the ever-growing collection of data and the report’s conclusions, it will become increasingly important for companies to keep tabs on legislative and regulatory actions as policy-makers begin the shift away from notice and consent towards responsible use.