Overview
It is fun and rewarding to find the meaning in a bunch of data. Some people say "let the data speak." In my experience, data do not speak. Data help answer questions but we develop the questions and draw conclusions - that is what makes it interesting for the analyst. Over my years in marketing research, I worked on hundreds of projects. For the vast majority of my projects, we gathered data through surveys. Respondents knew they were being interviewed and their responses were confidential and anonymous. Sometimes we augmented surveys with secondary data such as financial transactions or pharmaceutical prescriptions.
In the current world of "big data" and social media, many times a person does not even know they are a "respondent" or that behavioral data are being gathered about them. Data gathering has become pervasive through Facebook, Amazon, and Google, plus entities such as Equifax, Experian, and TransUnion. The velocity and volume of data may allow companies to move from consumer "insights" to consumer "manipulation." Plus now companies use algorithms and artificial intelligence to determine who should get a loan, should get this job, on and on. Issues are well laid out in Weapons of Math Destruction How Big Data Increases Inequality and Threatens Democracy.
A good example of how the use of data and analysis has changed an industry is the growth of fintech lending. This is a presentation I gave to a graduate finance class in 2019.
I testified before the Texas House Committee on Investments and Financial Services on April 24, 2018 in Austin about my frustration with Equifax. Go to about 2:25:55
And a 2021 comment to the Consumer Financial Protection Bureau on the use of personal data by large payment platforms such as Pay Pal. Good example of asymmetry between fintech companies and consumers.
Our 2022 Comment to the FTC on Commercial Surveillance and Data Security, addressing discrimination in financial decision making and the need for limitations on companies’ collection, use and retention of consumer data.
Most US and EU privacy laws are based on these FIPs.
Data privacy Resources
Consumer concerns about data privacy have been growing over the last few years. Some critics say we now live in the “age of surveillance capitalism.” There has also been an increase in organizations debating the fair balance between consumer rights and corporate rights. A good history of efforts to pass a data privacy law in the US (3 parts). On-going series from the New York Times Privacy Project
The US Department of Commerce - National Institute of Standards and Technology produced their “privacy framework” in 2020. “The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.” I attended a presentation on this in 2020 at CSIS.
Here are a few resources to consider:
Think tanks and academic centers
Kennedy School Shorenstein Center
Yale Information Society Project
Belfer Center - Harvard
Berkman Center - Harvard
Georgetown U Law Center on Privacy and Technology
Georgetown U Law Institute for Technology Law and Policy
NYU AI Now Institute
MIT Media Lab
Stanford Law School Center for Internet and Society
University of Washington Tech Policy Lab
Georgetown U Institute of International Economic Law
Americans for Financial Reform
The CFPB should be more concerned about data privacy in financial services and in particular how the lack of privacy hurts sub-prime borrowers. Keep up with their rulemaking and opportunities for comments
Two other non-governmental groups to watch
The Consultative Group to Assist the Poor CGAP
And throw in Microsoft AI principles for good measure
Congressional committees that should be working on this
House - Subcommittee on Consumer Protection and Commerce
Senate - Subcommittee on Communications, Technology, Innovation, and the Internet
an interesting graphic showing the “marketing technology ecosystem”
Interestingly, a law firm in Dallas that specializes in privacy law Hosch & Morris
And one that seems friendly to privacy issues Fish and Richardson
Latest results from Data Kind competition, I was a judge
Major resources
Center for Democracy and Technology
New York Times privacy project
Electronic Privacy Information Center
Electronic Frontier Foundation
and their Surveillance Self-defense
Aspen Financial Security Program
Pew Research Internet and Technology
New America Open Technology Institute
ACLU privacy and technology project
21st Century Privacy Coalition
and individuals to watch
Matt Bruckner from Howard U
Cathy O'Neil "mathbabe.org"
Frank Pasquale Maryland Law
Shoshana Zuboff Harvard Surveillance Capitalism
and more recently in the NY Times
Ed Mierzwinski US Public Interest Research Group
Chi Chi Wu National Consumer Law Center
Johnny Ryan Irish Council for Civil Liberties
Digital Deceit by Ghosh and Scott
Barbara Cosgrove Workday Blog on AI
Michele Gilman U Baltimore Law
FTC finally starting to push for consumer data privacy
The FTC has launched its largest effort to date to learn about social media and video streaming companies. The companies have been ordered to provide data on how they collect, use, and present personal information, their advertising and user engagement practices, and how their practices affect children and teens.
The FTC is issuing the orders under Section 6(b) of the FTC Act, which authorizes the Commission to conduct wide-ranging studies that do not have a specific law enforcement purpose. The orders are being sent to Amazon.com, Inc., ByteDance Ltd., which operates the short video service TikTok, Discord Inc., Facebook, Inc., Reddit, Inc., Snap Inc., Twitter, Inc., WhatsApp Inc., and YouTube LLC. The companies will have 45 days from mid-December 2020 to respond.
The FTC is seeking information specifically related to:
how the companies use, track, estimate, or derive personal and demographic information;
how they determine which ads and other content are shown to consumers;
whether they apply algorithms or data analytics to personal information;
how they measure, promote, and research user engagement; and
how their practices affect children and teens.
This is a big deal. The data will allow the FTC to move toward greater regulation of these online giants.
And the first report from these orders - What ISPs know about you - examining the privacy practices of 6 major internet service providers
In addition, I am funding research at UT Dallas that examines the benefits and harms of “big data” from the consumer perspective. What are the trade-offs consumers should be aware of when they use Facebook, Google, Amazon, etc? What regulations are needed to achieve a balance between consumer and corporate benefits? How should companies provide security and privacy?
Possibly a way forward will be to base privacy bills around the NIST privacy framework.
Focuses on risk management - identify risks, protect against them, detect issues, respond to incidents, and recover from damage.
The Uniform Law Commission developed a “generic” privacy law which has been introduced in DC. Privacy advocates see this bill as fairly bland - not a strong push for consumer rights.