Thinking and learning with data

Privacy is not just about personal protection, it is about the appropriate use of data.  American’s ability to think and learn with data has been a difference maker for innovation, and that innovation has been beneficial beyond our boarders.  New U.S. legislation needs to protect people in what has become an observational world.  However, it also must protect our ability to think and learn with data.  In many ways accountability 2.0, effectively enforced, is the key to innovation with protection.


  1. David Hoffman
    Marty – I completely agree with you. The work you have done over the past 15 years on accountability has provided a path forward. How do you feel about the the level of detail we have in the accountability sections of the bill? We wanted to provide enough information to make clear the obligations to create a robust privacy program, but also provide enough flexibility for different industry sectors or sizes of organizations (small and medium sized companies).

  2. Marty Abrams
    Accountability clicks in both when we are thinking and learning with data, and when we are acting with data. The issues when we are thinking with data relate data security rity and the integrity of the research one is conducting. Typically to risk to others is minimal if data is used in a secure fashion. In work that I did with Paula Bruening and Meg Lata Jones in 2013, we demonstrated that thinking with data is very much like research. The knowledge created counter balances the risk that one is using data where others have interests or maybe even rights. This is very similar to the balancing process related to legitimate interests in Europe. When acting with data, all the traditional privacy principles kick in. I believe that accountability is really connected to the section on consistent uses, and I look there, not just in the explicit accountability section, for accountability in effect. European law says that research is always a compatible purposes. Is that the same with consistency? I see the consistency process as facilitating thinking and learning with data. I would like to hear from others.

  3. David Hoffman
    That is exactly what we were going for. I didn’t want to create a separate “Lawful basis” test like GDPR, but instead believe that if the scope of the “personal nal data” and “privacy risk” definitions are done right, that you can include the right risk analysis into the Consistent Uses section. It should have the effect of encouraging companies to get meaningful consent (because you then do not have to complete the risk analysis), but also provides a mechanism for the growing number of situations where consent is not practicable or possible.

  4. Pam Dixon
    Marty, you have been doing wonderful work on accountability. It’s an important conversation. One of the important elements I hear you discussing in various fora is that data is not not just data- it now creates new data and new knowledge. I have appreciated your work in this area. I just posted some language ideas regarding knowledge creation in the topic White Box Analytics…feedback welcomed!