Big Data Rules and Regulations – Part I

The term “big data” is generally used for the collection and analysis of a large amount of electronic data by using special and complex algorithms. The process is to analyze the correlation between large data sets which would not make sense independently. Now, another reason for its expansion is because the cost of storing data has decreased so it has become an easier process.

The problem with big data is that there isn’t a uniform set of rules or regulations that would govern the collection of electronic information. Obviously, the owners of the data sets are usually the consumers who somehow relinquish access to their information. So, privacy and security are major concerns. It’s important to realize that even if metadata (i.e., data about the data) is removed from the information, it can also reveal the user’s identity by looking at the relationship between the pieces of information. Also, it’s important to obtain consent from the users when collecting that information.

The potential privacy concerns have been addressed by using a mechanism called “differential privacy” which is when the data collector makes a promise to the data owner that he or she won’t be affected by giving access to the particular information. It is a type of mathematical guarantee of privacy to the interested party – e.g., the consumer. This type of mechanism has been used by large technology companies and government agencies. Nonetheless, with every new technology or mechanism that has been used by the private or public sector, there have been instances of state or federal litigation. For example, the State of Alabama filed a lawsuit in district court against the United States Census Bureau regarding this new mechanism’s viability. In fact, several years ago, the Obama Administration addressed this issue to minimize the privacy risks. Yet, there are many unanswered questions that should be addressed by lawmakers. For example, what are the potential harms and risks? Is there any kind of uniform law? And if not, should there be state and federal laws focusing on big data? What level of transparency should be required? What type of technological parameters should be implemented? Should we follow other countries’ rules and regulations? In response, the federal government granted an opportunity to the public to disclose their concerns. The government released a Department of Justice 2014 Report as a result of another lawsuit wherein the president was warned about the dangers of law enforcement agency’s predictive analytics. This report was in relation to the general public’s historical data and how a defendant’s actions may impact criminal history.

It’s important to know that big data analytics have transformed our way of life. This new ecosystem has affected our privacy and civil rights and it is arguable we have lost control of privacy when it comes to personal information that’s used in health, education, credit, housing, or employment.

There is no uniform state, federal, or international law that governs big data. However, there are a series of federal statutes – e.g., HIPAA, FERPA, FCRA, FTCA – that were promulgated to govern privacy. Also, there are state statutes – e.g., California’s Online Privacy Protection Act – which require websites to provide clear and concise privacy right statements and grant users the right to know how their information is going to be utilized. Moreover, international laws – e.g., GDPR – can have a direct impact on the European Union and countries within the European Economic Area to create data privacy regulations.

Our law firm has managed legal actions related to big data rules or regulations in state and federal courts. We are ready to assist our clients in matters related to internet, technology, and cyberspace laws. Please contact our law firm to speak with an internet attorney at your earliest convenience.