Emerging tech drives need to rethink privacy principles, experts say


Written by

Dramatic changes in technology and the capabilities they create are intensifying the need to reevaluate principles used in crafting privacy regulations, a panel of experts said last week.

While comprehensive privacy guidelines have been in place for a generation or so, technologies such as data analytics, cloud computing, the Internet of Things, artificial intelligence and machine learning present new issues for privacy policymakers, said Mark MacCarthy, senior vice president for public policy at the Software & Information Industry Association.

“All these buzzwords in the technology world [in recent] years reflect real developments in software and technology and they all point in the same direction—namely, toward the astonishing power of new analytical techniques to help us improve decision-making in a variety fields, across the economy, and in our social and political life as well,” MacCarthy said during a webinar.

SIIA, which sponsored the webinar, released a new set of guidelines to help privacy policymakers develop regulations against a background of fast-moving technological innovations and circumstances generated by new technologies. 

MacCarthy said the intent is to provide a set of recommendations for privacy policymakers, including government officials who are responsible for developing and implementing measures to protect consumer privacy.

“We don’t want the privacy guidelines either to require or to constitute a new, comprehensive system of privacy principles,” he said. “We think these guidelines can be of use to privacy policymakers who live in the world of comprehensive privacy protections but they can also assist those who are legislating or regulating in particular areas such as student privacy or broadband privacy. The focus is on practical problems faced by regulators rather than abstract, theoretical considerations.”

SIIA’s guidelines suggest that policymakers should embrace two general approaches — one involving consequences, the other context. “The idea in the one case is to focus on the consequences of a privacy regulation and in the other to focus on the context in which data is collected and used,” MacCarthy said.

With regard to consequences, “privacy regulators should rely on careful analysis of the consequences of their decisions and adopt a regulation only on a reasoned determination that its benefits justify its costs,” the guidelines state.

A key bullet point among SIIA’s guidelines is that “technology matters.” The boom in big data analytics, for example, presents particularly thorny issues for policymakers assessing the consequences of their regulations.

“In an earlier technological age, policymakers could successfully protect privacy by a universal data-minimization rule, since it reduced privacy risks and sacrificed no social gains at all,” the guidelines say. “However, in an age of Big Data, this rule would sacrifice considerable social gains. It needs to be rethought.”

The technology guidelines illustrate how technological changes are going to alter the cost-benefit calculus, said Tom Lenard, president and senior fellow at the Technology Policy Institute.

“When you talk about these new technologies, [such as] big data analytics and artificial intelligence, which depend on massive amounts of data, privacy measures that are intended to limit the collection and use of data in various ways—basically the traditional approach to  minimizing data—are more likely to have large costs and deprive society of the benefits that these new technologies can bring,” he said.

-In this Story-

TwitterFacebookLinkedInRedditGoogle Gmail