Big Data, Innovation, Competitive Advantage & Privacy Concerns

by on April 27, 2012 · 8 comments

This morning I spoke at a U.S. Chamber of Commerce event on “Responsible Data Uses: Benefits to Consumers, Businesses and the Economy.” In preparing for the event, I dusted off some old working notes for speeches I had delivered at other events about privacy policy and “big data” and expanded them a bit to account for recent policy developments. For what it’s worth, I figured I would post those notes here.  (I apologize about the informality but I never write out my speeches, I just work from bullet points.)

—————–

Benefits of “Big Data”

  • “big data” has numerous micro- and macroeconomic benefits
  • Micro benefits:
    • data aggregation of all varieties has powerful social and economic benefits that are sometimes invisible to consumers and citizens but are nonetheless enjoyed by them
    • big data can positively impact the 3 key micro variables – quality, quantity & price – and benefit consumers / citizens in the process
  • Macro benefits:
    • Data is the lifeblood of the information economy and it has an increasing bearing on the global competitiveness of companies and countries
    • In the old days, when we talked about comparative and competitive advantage, the focus was on natural resources, labor, and capital.
    • Today, we increasingly talk about another variable: information
    • Data is increasing one of the most important resources that can benefit economic growth, innovation, and the competitive advantage of firms and nations.

Privacy Concerns

  • of course, “big data” also raises big privacy concerns for many groups and individuals
  • this has led to calls for regulatory action and virtually all levels of government – federal, state, local, and international – are considering expanded controls on data collection and aggregation

America’s Privacy Regime

  • I want to address what I regard as the most powerful myth that governs this debate
  • namely, I speak of the myth that America doesn’t have a privacy framework that can balance these goals and concerns about “big data” and data collection in general
  • we hear various advocates say that America needs a new privacy regime, and many of these advocates suggest that that regime should more like Europe’s

Europe’s Regime

  • first, what is that European regime?
    • a more preemptive top-down approach / data “directives” / stringent requirements on data use
    • basically, under the EU regime, privacy trumps almost all other considerations, regardless of cost or complexity.
    • It’s more of a “Mother, May I” regime in which innovation needs to be “permissioned”
  • what’s wrong with European approach?
    • We can relate this back to the question of competitive advantage
    • The European approach leaves less room for innovative uses of data and ongoing marketplace experimentation
    • There’s also some evidence that this regime might influence industry structure and competitiveness as well as the quality and quantity of choices for the consumer
    • Anecdotally-speaking, we can ask ourselves this simple question: Can any of us name a global leader in the modern digital economy that was born in Europe?
    • I suppose there are a few, but I struggle to name them
    • Now, why is that?
    • It could be high taxes and the lack of healthy market for venture capital.
    • But it also must have something to do with regulatory structure that Europe has adopted.

America’s Current Advantages

  • Regardless, here’s what we do know: America’s digital economy innovators and social media operators are household names across the globe. Our firms are the envy of the world
  • Moreover, while many sectors of the U.S. economy are struggling, I bet if you stopped the average Joe in the street and asked them to name one sector of America’s economy that is currently thriving and an example of innovation that others should emulate, most of them would probably mention information technology and the digital economy.
  • Again, many factors may contribute to our current success relative to Europe but certainly our “light-touch” legal and regulatory approach must have had some bearing on that outcome

America’s Privacy Regime

  • So, what exactly is America’s privacy regime?
  • Again, some say we don’t have one and that regulation is, therefore, needed
  • I beg to differ
  • America does have a privacy regime; it is one that is:
    • governed by a set of evolutionary norms,
    • ongoing online marketplace interactions and experiments, contractual negotiations,
    • public and press pressures,
    • self-regulatory systems,
    • educational efforts and user empowerment,
    • personal responsibility,
    • and targeted legal enforcement and the use of state torts when true harms can be demonstrated.
  •   compared with Europe, our legal regime:
    • More bottom-up enforcement
    • Issue-specific / Sectoral approach to addressing
    • Relies on common law / case law / torts
    • States have role; often more stringent than fed law
    • evolving industry Self-regulation
  • That’s been the uniquely American approach to privacy protection and we should not abandon it lightly.

It’s the Same Regime We’ve Used to Address Online Safety

  • Importantly, it’s largely the same approach we have taken in this country toward online speech and child safety matters.
  • There, too, we have focused on what I call the “3-E” approach:
    • Education
    • Empowerment, and
    • Enforcement against particularly bad apples
  • Thus, in both the online child safety space as well as the privacy policy space, we have made great strides in pushing both personal responsibility and corporate responsibility as the first line of defense, not the last.
  • Now, it has always been true, and will always be the case, that “more can be done.”
  • Consumers could do more: We need to constantly encourage consumers to take more care to protect the personal data they care most about and to take steps to safeguard that which they do not want collected in the first place
  • Companies could do more: And we also need to constantly encourage companies who collect data to take greater steps to:
    • first consider asking permission to collect and use that data
    • second, to be transparent about what data they are collection and what they are using it for
    • and third, to ensure adequate safeguards are in place to guard against unauthorized use of that data

The Difference between the Traditional American Model & the Emerging “Co-Regulatory” Model

  • in a sense, this vision tracks the Obama Administration’s proposed model for privacy and data collection
  • but here’s the difference: the Obama Administration wants to force this process in a more heavy-handed way by involving various federal agencies in the day-to-day management of how all these decisions get made
  • in essence, it’s a small but certain step toward the European model of “co-regulation”
    • government steers, industry rows
    • “multi-stakeholder process”
    • Everyone has a “seat at the table”
    • But we don’t need “a table” if the table is being set by government
    • there’s nothing wrong with truly voluntary “multi-stakeholder” processes, but when the government is the one setting the “seats at the table” and talking about enforcing the “codes” that the committee comes up with, it opens the door to a co-regulation model  that has some real dangers:
      • If every decision about how information is used or aggregated becomes the equivalent of a committee decision — with everyone “at the table” getting a vote or a veto – then it will almost certainly be the case that less innovation occurs
      • The process could lack traditional democratic accountability / due process if more of an “agency threats” model evolves out of this.  After all, if certain officials are in charge of who gets a “seat at the table” and also responsible for enforcing whatever is decided “at the table,” it raises the question of how much pressure they can bring to bear on the process. (File this under “regulation by raised eyebrow”).
      • Any way you cut it, regulation by committee (in this case, the “multistakeholder” process) could become the equivalent of a tax on innovation and have detrimental impacts on the quality and price of online services

Conclusion

  • For these reasons, we should instead continue to rely on the uniquely American model of privacy policy that balances diverse goals and values in a more spontaneous, evolutionary, and voluntary way without incessant government oversight and intervention.
  • Again, the traditional American model isn’t perfect and sometimes we will need targeted statutes, torts, and even FTC (Sec. 5) enforcement to handle the bad apples out there who cause the most serious problems in terms of privacy violations or data breeches.
  • But that more targeted approach to enforcement, along with the education and empowerment-based approaches I have outlined, can adapt to new challenges in this space and the child safety space while also ensuring our global competitive advantage is not sacrificed in the process.
  • To sum up: let’s not casually trade in the American model for Europe’s. America’s more flexible, evolutionary model of privacy protection has served us well so far and can adapt to balance competing needs without crushing our innovative information economy or America’s global competitiveness.

___________________

Additional Reading:

Previous post:

Next post: