Lenard, Rubin Warn Familiar Remedies are Barrier to Innovation
Contact: Amy Smorodin
December 4, 2013 – There is no evidence that the use of “big data” for commercial and other non-surveillance purposes has caused privacy harms according to a new paper, “The Big Data Revolution: Privacy Considerations,” by Technology Policy Institute’s Thomas Lenard and Paul Rubin. Moreover, the familiar remedies embodied in the Fair Information Privacy Practices (FIPPs) are ill-suited to the world of big data and are potentially a serious barrier to much of the innovation we hope to see from the big data revolution.
In their paper, Lenard, TPI President and Senior Fellow, and Rubin, TPI Senior Fellow and Emory University Professor of Economics, provide numerous examples of the beneficial uses of big data, including tracking health risks, detecting financial fraud, helping underwrite loans to individuals who would otherwise not qualify, and helping consumers find the lowest prices on goods and services.
Lenard and Rubin warn against limiting the re-use and sharing of data, which is often recommended by advocates and government officials, explaining that “[b]ecause big data analysis involves finding correlations and patterns that might otherwise not be observable, it almost necessarily involves uses of data that were not anticipated at the time the data were collected.” In addition, many of the innovations cited use multiple sources of data, which involves transferring data to third parties.
The authors address concerns voiced by FTC officials and others that using data to create predictive models is somehow harmful to consumers. While the use of predictive models is not new, Lenard and Rubin explain, “The use of big data should lead to fewer consumers being mis-categorized and less arbitrariness in decision-making.”
Lenard and Rubin also examine the data on identity fraud and data breaches, finding that there is no evidence that the advent of big data has resulted in an increase in either. “Despite concerns voiced by the FTC and others, the overall incidence of identity fraud has been flat since 2005. During the same period, the total dollar amount of fraud has fallen – from an average of $29.1 billion for 2005-2009 to $19.6 billion for 2010-2012.” The cost of identity fraud per $1,000 of US GDP has also been declining since 2005. In addition, “the trend in records breached since 2005 is relatively constant or even declining slightly, and the trend in records breached deflated by ecommerce volume is somewhat more negative.” In fact, the use of data by credit card companies to spot unusual behavior would be expected to reduce identity fraud.
Lenard and Rubin note that “the first task of a regulator should be to perform a cost-benefit analysis, which the FTC has explicitly avoided doing in producing its recent privacy guidelines. Given this lack of data and analysis, particularly in a new market such as the electronic use of information, it is much more likely that an uninformed regulator will stifle innovation rather than provide net benefits. The standard solutions, such as the FIPPs that would limit the reuse or sharing of data, would be particularly harmful because they are inconsistent with the new ways in which big data are being used.”
“The Big Data Revolution: Privacy Considerations” is available on the TPI website.
The Technology Policy Institute
The Technology Policy Institute is a non-profit research and educational organization that focuses on the economics of innovation, technological change, and related regulation in the United States and around the world. More information is available at https://techpolicyinstitute.org/.