Innovations based on consumer data often are an enormous benefit for individuals and for society writ large. Yet, with new innovations and/or more intensive usage of consumer data there can be new threats to consumers that become possible.
Ideally, our country’s policies and laws concerning personal data should optimize to increase the pace and magnitude of beneficial, data-driven innovations while simultaneously producing new protections to emerging threats. Unfortunately, virtually all draft privacy legislation recently contemplated or introduced accomplish neither of theses goals. At best, the most well-crafted draft privacy legislation seems to only be addressed at resolving current problems with the unpermitted usage, mishandling or poor safeguarding of consumer data.
As an advocate for consumers and for innovators (whose interests often align in unexpected ways) this often makes me want to scream. Staying on this path will only worsen our challenges by enacting laws that are not well matched to where our economy is headed and what protections consumers will need in the future. In short, our lawmakers should be admonished “Don’t fight the last war, prepare for the next one!” so to speak.
The good news is that we are not in a data war. The better news is that Intel’s proposed privacy legislation – perhaps uniquely among draft bills I’ve seen – seems to embody this win-win approach. I highlight several novel provisions:
1) Requiring companies sharing data with third parties to assess the risks of that data sharing and attempt to mitigate any negative consequences from that sharing;
2) Imposing burdens on third party companies who obtain data even indirectly;
3) Requiring companies to consider the consequences, if any, for consumers when the company will process that personal data using emerging technologies such as artificial intelligence, machine learning and/or predictive analytics;
4) Prohibiting misuse of data for wrongly excluding consumers from certain business opportunities, access to services. redlining, harmful price discrimination, misuse of genetic data, violating laws or denying a US person their rights and privileges under the law.
These four provisions would begin to tackle the emerging problems of: vendors and subcontractors repurposing consumer data at an arm’s length from the consumer whose data was collected; data brokers sharing and reselling data to anyone and everyone and obviating any other privacy protections in the law; bias and discrimination creeping into companies’ decisions regarding their customers without any transparency into those advanced forms of processing; and significant new risks to consumers from misusing personalization to manipulate pricing, make all too often erroneous predictions about consumers based on their neighbors, turn the promise of medical and genetic information into a risk to individuals and their families or break laws.
Intel’s attempts to address these issues must be replicated and included in all other federal and state privacy laws going forward.
While I praise Intel for this forward thinking I urge Intel to go further and propose additional legislative language to protect consumers while facilitating innovation. Intel should spell out what a real corporate redress program must look like for those instances when corporations just plainly “get it wrong” and misjudge their customers (or worse) No consumer should be forced to sue on some novel legal theory to not get charged an unfair price or when they are prevented from getting credit (for example) on fair terms. Intel should help Congress by doing the hard work of building out what “corporate due process” should look like that allows customers to rapidly be made whole for corporate mistakes based on advanced uses of or processing of customers’ data. A non-litigation redress mechanism would instill great confidence in the public and speed adoption of new data processing technologies, particularly those done purely or mostly by computers. Surely the balancing act that facilitates innovators having legal clarity and consumers having new legal protections can be struck.
Again, I cannot recall seeing any business lead on these questions so Intel deserves praise for being brave and anticipating the future in which its business (and those businesses its chips make possible) thrives
I hope Intel will press forward and further spell out technology neutral, industry sector-neutral protections for consumers data so that we can have our innovations AND be sure those innovations benefit each of us.