The Right to Privacy in the Age of Big Data

The Doctrine of Privacy in the Age of Big Data

by R Tamara de Silva

 

We all have an unthinking certitude about what privacy means.  We are reasonably sure that we retain this right to privacy when we go about our ordinary activities like buying groceries or using the Internet.

But it is not unreasonable to question what our right to privacy means in the digital world of Big Data.  It bears noting that this cursory discussion will not delve into the more complex issue of what the right of privacy actually is and from where it arises.  Case law typically considers the right to privacy when it comes to striking down laws related to the rubric of human sexuality-the familiar topics of abortion, marriage and contraception.  Aside from First Amendment protections and the right to be secure in your home, what is meant by privacy here for our purposes is the idea of what is left for so many of us to retain as our own.  Or stated alternatively, what we do not want to be shared-even when we seem so compelled to seemingly ‘over share’ so much else.

Privacy is a sphere into which the individual does not want the government, or anyone else for that matter, to reach.  Privacy in any case is practically better discussed in this colloquial and ‘common sense’ way than in the legal sense where one’s politics, ideas of judicial interpretation, and judicial activism do not need to be summoned.

The definitions of privacy and the doctrine of privacy in the Law are relatively new concepts.  To most people, the doctrine of privacy extends beyond just their sexuality, it is part of their personhood-something we are pretty certain we possess without having to run and check the current case law.    But legal discussions of personhood are themselves contested and deeply elusive.  What is personhood in the first place?  What is integral to it?  It is easier to point out when we are without liberty or a right to speech- but what constitutes the irreducible essence of  our ‘personhood?’

It may not be surprising to discover that defining it outside of the Law in 2016 is not that easy either.  Consider that our smartphone can track us in real time- what we buy, where we go, what we look at and read are collected and monetized data points.  These are not private and we do not retain them from scrutiny.   When we purchase groceries, our purchases and buying patterns are likewise collected and sold as valuable information by some of the most profitable new tech firms.   Big Data has been an enormous profit center for venture capital.  We are in effect consumer commodities that are being optimized for our ability to be ever better consumers. It is not just that we share so much on social media platforms that would make the question of whether there is anything left in the private sphere, a fair one.

Some of the companies you use everyday like Google, Yahoo, Apple, Facebook and Amazon keep track and gather information about you constantly…even your reading this. Information like where you are, based on location sharing on your mobile devices, your ISP, your phone number, search queries, browsing history, time and date stamps, etc., is being collected in real time and all the time.  This is done by gathering your search queries, device tracking technologies, online profiles, cookies, Double Click, Adsense and third parties.   This is all information that is being harvested passively before you post a single selfie, alienate anyone with a political post, or bore any of your friends with what you are next eating on Instagram. Suppose you send an email to a friend about your Clumber Spaniel, you can expect to see advertisements about pet products when you login to Facebook because companies trawl email accounts like Google’s Gmail and harvest information based on keywords in the header topics of emails.

Of course the government is also collecting data about you and doing so to the point that there is so much data currently being collected, winnowing through it has become a formidable task for everyone in that business.

So where does the right of privacy come into play? According to the terms of service agreement (“TOC”) of most of the websites and programs you currently use, you have likely clicked or agreed it away. What is left and what you retain is uncertain.

Defining Big Data

According to the Electronic Privacy Information Center (Epic.org, hereinafter referred to as, “EPIC”), 90% of the electronic data in existence in the world today has been created over the past two years. [1] And a 2014 White House report on big data and privacy (Big Data: Seizing Opportunities, Preserving Values) notes that, while people upload and share more than 500 million photos every day, and more than 200 hours of video every minute, the amount of data people create about themselves is small potatoes compared to the data created about them daily. [2] “Big data” is a term coined to describe the collecting, storage, and analysis of these massive amounts of data. Relatively recent advances in algorithms and other techniques have made it possible for such enormous amounts of data to be gathered and analyzed for relationships and general trends.

The key to big data analytics lies in the quantity of information collected, not the quality of any particular piece of it. What is different about big data is not only the sheer quantity of it, but also its variety of sources and formats, and the speed at which it is created.

What is Private?

Sometime in our recent past, technology made leaps to areas the Law has not followed.  The pace of change has been so rapid that the Law is silent entirely in some areas -by default.  The Law was struggling to define the contours of the doctrine of privacy even before technology upped the ante.  Considerations of privacy like the concepts of insider trading and front-running in the financial markets address behaviors that technology has far outpaced-with new behaviors our laws are not equipped to address. Privacy is a complex issue and like Big Data, its meaning even as we unthinkingly presume to understand it, is in a period of rapid change.

For instance, EPIC points out that traditional methods of privacy protection are ill-suited to guarantee privacy in the big data context…surprising likely no one.  Some traditional methods often relied on the idea of an individual’s informed consent to the use of private and personal information.  Think of this in terms of terms of service agreements of which there are many, and that we lack the ability to object to because they are conditions precedent for so many things we use everyday like logging onto Facebook, using Twitter, going on the Internet or searching Google, etc.  We cannot bargain our way to more stringent privacy safeguards because we already use the largest companies that harvest data about us, and we have agreed to this simply by using them.

Nor can we precisely know who owns the Big Data about us and where it is because it is created off-screen, so to speak, so it is impossible to know what the contours of it are and who has it. There is a substantial imbalance of power between those who have Big Data and those who are the subjects of it.   There are few if any discernable legal limitations on what the companies or government that has Big Data can do with it. There are also obvious dangers among which are that:

  • Cybersecurity risks of accidental release, through error, malice or hacking.
  • Because data can now be stored nearly indefinitely, it could be used in the future for a purpose not imagined when it was collected, perhaps not even by a neutral party.
  • Data that purports to be anonymous may not be perfectly so.

Google changed its privacy policies to link types of data. [3] Going forward, Google announced, it will link tracking and user data, which according to its policy means that, “your activity on other sites and apps may be associated with your personal information” for purposes of delivering advertisements. If user data is linked with tracking data, anyone with access can see, for example, a person’s Internet activity associated with political or religious affiliation, medical concerns, and other private information. This is a lot of information you and I have given away.

The most common response is people argue, they have nothing to hide so why does it matter that Big Brother…I mean Big Data, is effectively following you around all the time and reporting on everything you are doing?   To these people, the right of privacy may mean nothing in the first place. They do not need it. But perhaps, one may consider, what if you did? Then what would you do now?  By this reasoning many people should abdicate their First Amendment rights because they really never  actually use them.  It is not a good practice to let those who could not care less about civil liberties, or ever give a thought to the possibility of an overreaching government, dictate what the rest of us all need…the faults of a representative democracy are arguably enough as it is.

A New York Times article explains how companies that collect and retain big data are combining social media data and information derived from the so-called Internet of Things with criminal data, and providing the package to law enforcement to help predict things like likely areas of criminality and sometimes even mapping of individuals associated with criminal activity. [4] For example, according to this article, police in New Orleans used big data sifting capabilities to spot individuals most associated with murders…whatever this means.  Arguably, law enforcement’s access to and use of potentially private information implicates civil liberties in a significant way if a person’s online activity can be examined without their knowledge (let alone consent) and without a warrant or court oversight.  But we already knew this.

Lets hope that preventative law enforcement never becomes a fully accepted practice.   It is one thing to watch the television show, Criminal Minds and root for the Behavioral Analysis team at Quantico to catch a serial killer right out of central casting…it is quite another thing if it is someone else doing the profiling for a faulty reason or less than just motive.

Algorithms look for patterns but they are not always right or useful-some patterns are meaningful and some are not-some correlations sometimes matter and some should be tossed aside.  Also, some correlations matter until they do not.  Intelligence is commonly defined as collecting information to detect patterns and correlations.  However, patterns are often false especially in a complex world with many variables, where it is much more difficult and important to discern what are false patterns and what is irrelevant information.  Why does this matter?  Imagine a scenario in which one were curious and Googled something and suddenly became a person of interest or accused of providing material support to a terrorist group or website you looked at? There are actual cases that skirt the very edges of these scenarios in the criminal law-but far outside the topic of this brief blog.  The movie Minority Report like the Orwell’s 1984 are important reminders of what to avoid and one hopes, does not come to pass-perhaps a reason to start to discuss privacy.

R Tamara de Silva

Chicago, Illinois

  1. https://epic.org/privacybig-data

2.https://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf

3.https://epic.org/2016/10/google-quietly-changes-privacy.html

4.http://www.nytimes.com/2016/11/07/technology/the-risk-to-civil-liberties-of-fighting-crime-with-big-data.html?_r=1