The time is right to discuss an updated privacy framework for the United States that maintains the ability to think and learn from data while also protecting individuals in a highly observational digital ecosystem. Respected voices from all sides of the privacy debate are seeing the unintended consequences, from controls that are not keeping up with the fast-moving technology environment to the norming on European General Data Protection Regulation concepts like actionable accountability and legitimate data uses (Brazil being the latest to do so).
The IAF’s and Global Accountability Dialogue’s work on accountability, ethics, advanced analytics and AI have informed 12 principles for a U.S. privacy framework. The principles are not legislative language but rather key concepts that may be translated into statutory language. The 12 principles are divided into two parts: four for individual rights and eight for accountability. The principles are intended to encourage innovation while being interoperable with other regimes.
These principles, in many ways, have been designed to deal with the extreme poles in the privacy debate. On one hand, there is a sense that data use has become so toxic that only extreme individual control can protect us from hidden discrimination and manipulation beyond civil bounds. On the other hand, there is the view that data is the driver of the fourth industrial revolution and anything beyond the most minimal restrictions on observation, calculation, and sharing will place too many limits on innovation.
These principles are a recognition that we live in a sensor rich society. Data must be used to innovate in medicine, transportation, safety, education, product development, and other sciences. They are also a recognition that individual space is important, even in a sensor rich environment, but that individual control does not match the complexity of today’s and tomorrow’s ecosystems. Consent is important but not enough.
Instead, the principles recognize that thinking and learning with data is basic to mankind’s progress and that these learnings must be understood and applied in an ethical manner. This recognition requires organizations to be transparent about values, to use their values when driving innovation, and to make sure that people are the end and not the means through internal review and standing ready to demonstrate to thoughtful authorities.
The principles should be seen as pieces of a whole and not elements that stand alone. However, unlike other principles, they are not meant to be linear. The principles take priority not based on their numbers but rather based on the relevant facts as data is created and used.
This framework is anything but final. The IAF will be evaluating the principles in late September at its West Coast Summit. If you have comments please send them to me at email@example.com.
The framework is below:
Fair Processing Principles to Facilitate Privacy, Prosperity and Progress
The information ecosystem in the United States is the world’s most innovative. It has not just driven economic growth, it has facilitated positive changes in all sectors. At the same time, high levels of observation along with advanced analytics have increased angst in individuals and a sense that they may be harmed by the misuse of information from them or about them. To further the discussion about a U.S. privacy regime, the Information Accountability Foundation (“IAF”) puts forth these principles for a U.S. privacy framework. The framework is intended to:
preserve America’s innovation engine,
- be interoperable with other new and emerging privacy regimes,
- protect individuals’ interests in privacy, and
- protect all the benefits of the 21st century information age.
While interoperable with other regimes, this framework is American in its vision and structure and is divided into two parts. The first part describes the rights necessary for individuals to function with confidence in our data driven world. The second part is focused on the obligations that organizations must honor to process and use data in a legitimate and responsible manner. While the framework outlines principles, in some cases it includes means and outcomes to better illustrate a particular principle.
- Transparency Individuals have the right to be free from secret processing of data that pertains to or will have an impact on them. Organizations should provide understandable statements about their data collection, creation, use and disclosure practices and about their policies and governance. Those statements should be directed at enforcement agencies, but they should also be publicly available. Organizations should also provide summaries and other means that make their data collection, creation, use and disclosure practices understandable to individuals.
- Access and Redress As a validation there is no secret collection, creation, use or disclosure taking place and confirmation of adequate data accuracy, individuals have the right to obtain the data they provided, to understand what observational data is created by the organization that pertains to them, and to be told what types of data are inferred by analytical algorithms. Because intellectual property rights may prevent individuals from having the right to request disclosure of inferences made by the organization, and where inferences such as scores potentially have negative consequences for individuals, organizations should provide relevant explanations about their processing, appropriate opportunities for feedback, and the ability for individuals to dispute such processing.
- Engagement and Consent Individuals have the right to know about data uses that are highly consequential to them, and to control those uses through an appropriate level of consent. Individuals also have the right to know that data is disclosed to third-parties beyond the context of the relationship, to request such disclosure not take place, to prohibit solicitations, and to challenge that a data use is not being undertaken in an accountable manner. Individuals have the right to object if they believe that the data about them is inaccurate or being used out of context, is not being undertaken in an accountable manner, or if they believe that uses of data are not legitimate. The right to object to processing does not pertain where data processing and use are permitted by law. Where highly consequential uses, such as health, financial standing, employment, housing and education, are governed by specific laws, those laws take priority.
- Beneficial Purposes Individuals have the right to expect that organizations will process data that pertains to them in a manner that creates benefits for the individual, or if not for the individual, for a broader community of people. They also have the right to expect that data will not just serve the interests of the organization that collected the data. There may be times when objective processing does not serve the needs of each individual, but such processing does serve the broader needs of society. When this is the case, individuals may request an explanation of how processing is beneficial to the broader group. This explanation should be part of understandable summaries required under the Transparency Principle. Where there are negative consequences to individuals, individuals should expect an explanation of the results and the ability to dispute the findings, as provided in the Access and Redress Principle.
Accountable Data Stewardship
- Assessed and Mitigated Impacts All collection, creating, use and disclosure of data should be compliant with all applicable laws, industry codes, and internal policies and practices, and should be subject to privacy, security and fair processing by design. Employees should receive appropriate training for their specified roles, and accountable employees should be identified to oversee privacy, security and fair processing obligations. Specifically, fair processing assessments should identify individuals and groups of individuals who are impacted, both negatively and positively, by the processing, and should guard against identifiable negative consequences. Where there are negative consequences, organizations should mitigate those consequences to the degree possible. If unacceptable consequences still persist for some individuals or groups, the organization should document why the benefits to other individuals, groups and companies are not outweighed by the unacceptable consequences.
- Secure Data should be kept secure at a level that is appropriate for the data.
- In Context Data should be collected, created, used and disclosed within the context of the relationship between the individuals to whom the data pertains and the organization, based on the reasonable expectations of individuals as a group. Public safety, security and fraud prevention are considered within context.
- Legitimate Uses Data should be processed only for legitimate uses that have been disclosed or are in the context of those uses, and only the data necessary for those uses should be collected, created, used or disclosed. When the data is no longer necessary for these uses, it should not be retained in an identifiable manner.
Legitimate uses include the following:
- Where individuals have provided informed consent;
- Freely thinking and learning with data by organizations that demonstrate effective accountability, consistent with the societal objective of encouraging data driven innovation, and that honor the Onward Disclosure Responsibility Principle.
- Uses that create definable benefits for individuals, groups, organizations and society that are not counterbalanced by negative consequences to others, and that are based on assessments established by external criteria.
- Designated public purposes, including public safety and the identification and prevention of fraud, and in response to an appropriate legal request;
- Organizations that stand ready to demonstrate why they believe other uses not listed here that are based on assessments established by external criteria are legitimate;
- Where permitted by law.
5. Accurate Data should be accurate and appropriate for all legitimate uses, and that level of accuracy should be maintained throughout the life of the data.
6. Onward Responsibility Organizations that originate data should be responsible for assuring the obligations initially associated with the data are maintained when the data is disclosed to third parties. All further onward transfers should also maintain those obligations.
7. Oversight Organizations should monitor all uses of data to ascertain that the uses are legitimate, the data is processed fairly, the data is accurately used within the context of the relationship with those to whom the data pertains, and processes that support individual rights and accountable data stewardship are effective and tested. The oversight process, whether conducted by an internal body or an external agent, should be separate from and independent of those persons associated with the processing.
8. Remediation Organizations should stand ready to demonstrate the effectiveness of policies, practices and internal oversight to those that have external authority for oversight. Organizations should consider rectifying negative consequences where they reach a level of significant impact to individuals.