Background of Big Data

Big data has been around for years and it has only been recently that the issues
surrounding big data have become a concern. Big data refers to the massive amounts of digital
information collected about people and their surroundings that is used by companies and
government (Cloud Security Alliance 2012). It is estimated that 2.5 quintillion bytes of data are
being produced daily by humans (Cloud Security Alliance 2012). As a result these large amounts
of data that are being produced the security and privacy issues become magnified by velocity and
volume (Cloud Security Alliance 2012). The rapid increase in technology, which creates more
data, prevents the current data from being monitored not as fast resulting in the need to
implement a new policy to increase security and to protect privacy. Big Data has been around for
years and it can be used to solve complex problems and to generate economic prosperity (White
House 2014). It is important to understand the role privacy and security will have in the future
when dealing or working with big data.
Policy Alternatives
Status Quo: Limited Regulation of Data Collection
Currently there is limited regulation of data collection in the United States. As big data
continues to grow potential privacy issues become a concern. Presently, in the United States
there have not been any established laws or regulations for using big data (Klosek 2014). If a
company would like to undertake big data processing operations, it will need to comply with the
existing privacy and data laws as well as contractual commitments and policy obligations
(Klosek 2014). This is to ensure that rights, security, and privacy of the consumer are protected.
If financial institutions decide to use non-public personal information (NPI) they need to make
sure that they are in compliance with the Gramm-Leach Billey Act (GLBA) if they are using data

processing operations (Klosek 2014). Most companies however will de-identify the data to
reduce the risks that big data poses. At both the state and federal level there has not been any
progress to regulate the use of big data (Klosek 2014). However, the Federal Trade Commission
(FTC) in 2013, proposed an initiative to give individual greater awareness and control over the
data that is held about them by data brokers involved with big data (Klosek 2014). FTC is
currently the only agency in the United States considered to be the leading regulating authority
of online privacy issues (Ybarra 2011). Yet, even FTC has limitations in their power and have
noted they, lack the authority to require firms to adopt information practice policies or to abide
by the fair information practice principles on their Web sites (Ybarra 2011).
This past year, current FTC Commissioner Julie Brill wanted to create Reclaim Your
Name program. The program would allow people to see what information is stored in databases,
learn how the information is being used and collected, and allow them to prevent companies
selling the information for marketing purposes (Price 2013). However, people will not be able to
delete their information, Brill stated it would help diminish, the fundamental challenge to
consumer privacy in the online marketplace: our loss of control over our most private and
sensitive information (Price 2013).
A proposed bill by Congressman Boucher would allow the FTC more power to monitor
and enforce informational privacy rights. The goal of the bill goal is to enhance electronic
commerce. The FTC would be responsible for enforcing this act, and have the ability to amend it
if necessary (Ybarra 2011). In the United States has provided constitutional privacy rights but
these rights have not been focused on informational privacy (Ybarra 2011). Because of the
federal and state governments sporadic regulation of informational privacy, only serious

invasions of privacy interests have been recognized (Ybarra 2011). The new bill would allow
the enforcement and regulation of informational privacy rights.
Normative Opacity Tools: Strict Regulation of Data Collection
Strict Regulation of Data Collection focuses on the differences between public and
personal data. Currently in Europe there is a strict regulation of data. European legislators view
privacy, as the basis for democracy and it needs to be protected from the government. However,
in the United States policy makers are focused on how to use the collected data correctly. The
European Union in 1995, passed EU Directive 95/46/EC or commonly called The Data
Protection Directive, with the purpose of monitoring and regulating data. EU believed big data
was on the rise and wanted to create a policy to provide protection to individuals with regard to
the processing of personal data (EU Directive 95-46-EC). It was adopted in 1995, when several
Member states had already begun to adopt national data protection laws. They realized big data
was on the rise and wanted the free movement of goods, capital services, and people within the
internal market could rely on a uniform high level of data protection (European Union Agency
for Fundamental Rights 2014). Article 8 of the EU Directive states, the right to protection
against the collection and use of personal data forms part of the right to respect (EU Directive
95-46-EC). EU believes in the balancing the rights of protection under personal data is not an
absolute right, but must be considered in relation to society (European Union Agency for
Fundamental Rights 2014). The rapid increase of technology and how it is processed is
continually changing the way data is collected, accessed, and being used.
Currently in the EU there has been a push to reform the data protection policy. The
European Commission in 2012 has proposed to reform the Data Protection Directive to increase
protection of online privacy and to boost Europes digital economy (European Union Agency for

Fundamental Rights 2014). The new proposal General Data Protection Regulation will update
and modernize the 1995 Data Protection Directives guarantee of the protection of privacy and
security rights. It will focus on reinforcing individuals rights, strengthening the EU internal
market, ensuring a high level of data protection in all areas, facilitating international transfers of
personal data, and setting global data protection standards (European Agency for Fundamental
Rights 2014). These changes will allow citizens to have more control over their personal
information and it will be easier for them to access the information (European Commission
2012).
Transparency Tools: Strict Regulation of Data Dissemination
The third policy alternative is the strict regulation of data dissemination in the United
States. Data dissemination would allow the distribution or transmitting of statistical data to
become more transparent (OECD 2013). This would make it more possible for information in an
electronic format such as the Internet or paper publications to become accessible for consumers
(OECD 2013). Transparency will allow the government to be held accountable and provide
helpful information to the citizens (The White House 2015). Before big data can be accepted it
needs to be able to work in ethical terms, the data owners need to have a transparent view of
how our data is being used or sold (Azzara 2014).
The FTC recently released a report providing a detailed account about how data brokers
are operating with a fundamental lack of transparency (White House 2015). They have
recommended enacting a policy that would allow consumers more control over the personal
information that is collected by the data brokers (White House 2015). Transparency allows
consumers to develop trust of the government because it requires the government to stay
accountable. Transparency ensures the constitutional checks and balances in the government and

individual citizens (King and Richards 2014). If security and privacy of the consumers is to stay
protected under big data the consumers need to be in control and have a transparent view of how
their information is being used. The Freedom of Information Act (FOIA) created in 1967
currently gives citizens some control over their information. FOIA allows citizens the right to
access information from the federal government. Federal agencies are required to disclose any
information that is requested unless it falls under personal privacy, national security, and law
enforcement (FOIA.gov 2011). Transparency of data will also help build a better society and
protect the average citizens individual rights (King and Richards 2014).
A Comparison of the Alternatives
In order to determine which policy will be the most effective and politically feasible a
comparison of the three policies status quo: limited regulation of data, normative opacity tools:
strict regulation of data collection, and transparency tools: strict regulation of data dissemination
will be discussed. Public Service, privacy protection, economic efficiency, and political
feasibility are analyzed along with the impact categories to determine the best policy alternative.
Status Quo: Limited Regulation of Data Collection
Public Service. The status quo will medium for security and decision-making. Big data
provides the opportunity to increase value and performance for the American people in the
delivery of government service (White House 2014). It provides the ability to be able to detect
fraud and address waste and improve public trust (White House 2014). The security of big data
due to the limited regulation of data collection is securely stored. However, since it is limited
departments and agencies have not been able to fully utilize advanced big data analytics (White
House 2014).

Privacy Protection. The impact category for privacy protection is prevent unauthorized
data collection and dissemination is low and currently extremely complex. It is nearly
impossible to monitor the amount of data that is processed on a daily basis. National Security
Alliance opened a large data center in Utah with the purpose of using big data for surveillance
ends (Hogan and Shepherd 2015). The physical space of this center is
Economic Efficiency. The status quo, which is already in place, is low in relation to the
positive impact on related industries. For ease of enforcement the score is medium since it is
already in place the policy will not be difficult to implement. Flexibility is high since need for
regulation has become more apparent especially after the NSA overreach (Hogan and Shepherd
2015).
Political Feasibility. The likelihood of successful adoption is high since it is already in
place. Companies already comply with the current laws such as Health insurance Portability and
Accountability Act (HIPPA) to ensure their health information stays protected and remains
anonymous (Klosek 2014). Companies are already complying with the privacy and security laws
that are already in place when making decisions.
Normative Opacity Tools: Strict Regulation of Data Collection
Public Service. The security for public service with the second policy option of
regulating data collection is low. It will be difficult for governmental agencies to monitor
potential acts of terrorism. In 2007, AT&T gave the federal government access to phone records
allowing them to find suspects that use throwaway cell phones (Price 2013). However, this
caused privacy concern among Americans and it turned out the National Security Alliance
surveillance looked into more detail about peoples records (Price 2013). Even though this is an

extreme example of the government using citizens data, if strict regulation is allowed it will be
difficult for agencies to monitor suspects.
Privacy Protection. The prevention of unauthorized data collection and dissemination,
as privacy protection, is high. Congress recently proposed an unnamed bill calling for the
regulation of data collection it was met with criticism. The proposal had allowed for implied
consent which according to privacy advocate Jeffery Chester it forced the consumer to rely on
digital fine print (Ybarra 2011). However, it is high because it does offer improvement over
status quo. The proposed unnamed bill would allow the individual to consent to the collection of
data when visiting websites (Ybarra 2011).
Economic Efficiency. This policy will affect IT companies and they will have to alter
their privacy terms. Advertisers and marketers have argued this policy would be restrictive and
allow everyone to benefit from free Internet service (Ybarra 2011). The flexibility of this policy
is high since it is already in place. The ease of enforcement is also high however more companies
and people are pushing for data to be regulated.
Political Feasibility. Adopting the strict regulation of data collection in the United States
is low. While it offers large potential gains it is an extremely radical change. In May 2010
members of the House of Representatives Subcommittee on Communications, Technology and
the Internet drafted a bill calling for privacy notices to be displayed on websites and to provide
the user information on how the information is stored (Ybarra 2011). They also made
distinctions between data that could be used only with the users consent and data that could be
used until the user opted-out (Ybarra 2011). It was not approved and received criticism from
advertising lobbyists and consumer advocates (Ybarra 2011). As of right now the United States

does not seem willing to accept the normative policy and is instead more open to the
transparency of data.
Transparency
Public Service. The impact category of security is high with the transparency of data.
Allowing the transparency of data increases the capability of counterterrorism. Transparency of
government secrets could pose a threat to the national security of the United States (King and
Richards 2014). However too little transparency could lead to unexpected outcomes and lack of
trust of businesses or the government and can carry a risk that inadvertent disclosures will
cause unexpected outcomes that harm privacy and breach confidentiality (King and Richards
2014). The impact category of decision-making is high as well. The transparency of data will
allow citizens to have access to more information for governing purposes.
Privacy Protection. The prevention of unauthorized data collection and dissemination,
as privacy protection, is medium. This policy allows openness from the government of
information at the discretion of the user. Transparency will enable citizens to participate more
closely in the decision-making process and guarantees that the administration is more effective
in protecting their privacy (European Agency for Fundamental Rights 2014).
Economic Efficiency. Increasing the transparency of data would have a positive impact
on companies. Today most companies agree with the idea of increasing the transparency of big
data. Companies such as, AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter, and
Yahoo have all come together as voices of reform proposing a change in the current policy of
big data requesting the government to endorse and enact principles that keep surveillance to
specific known targets, to be subjected to strong checks and balances (Hogan 2015). The ability
to enforce this policy is high because it would create an openness of the data. Consumers would

now be given the option to see where their information goes. This policy will still cost
companies, but they will benefit in the long run. These companies will be seen as more
trustworthy because the public is made aware of the information that is being. The flexibility of
transparency will be high because there is still sensitive information dealing with subjects like;
national security, that will not be made public. The transparency of data will provide more
benefits to companies that allow use it (Baker 2015).
Political Feasibility. The likelihood of successful adoption is medium. There has been
some pushback by the government to allow the transparency of data. Yet more companies are
seeking to become transparent. There are various definitions used to describe big data. As big
data becomes transparent, there will need to be a standardization of terminology among
companies and the government. For example state agencies use a wide variety of data from
different sources and the lack of a solid definition can compromise the meaning of information
collected (Barrett and Greene 2015). If transparency is allowed and this issue is not fixed then
the data collected will not be of any use since it will be difficult to analyze it.
Assessment and Recommendation
After comparing all three policy options, transparency tools: strict regulation of data
dissemination is the best policy. A score was placed in each impact category and added up to
determine the highest score. Transparency was given a score of 16. Transparency will allow an
increase in accountability in the government and it would give citizens more control and
information on their information that was used. There has been some pushback by the
government to allow big data to become more transparent. However, more companies are in the
process of making data more transparent and accessible to consumers.

Works Cited
Azzara, Mike. 2003. Big Data Ethics: Transparency, Privacy, and IdentityOh My! CMO.
http://www.cmo.com/articles/2014/4/3/big_data_ethics_tran.html (November 23, 2015).
Barrett, Katherine, and Richard Greene. 2015. Bad Data. Governing The States and Localities:
24.
Cloud Security Alliance. May 2012. Top Ten Big Data Security and Privacy Challenges.
Cloud Security Alliance.
Directorate, OECD Statistics. OECD Glossary of Statistical Terms - Data Dissemination
Definition. https://stats.oecd.org/glossary/detail.asp?ID=3004 (December 1, 2015).
EU Directive 95-46-EC - Chapter 1 - Data Protection Commissioner - Ireland. 2005.
https://www.dataprotection.ie/docs/EU-Directive-95-46-EC-Chapter-1/92.htm (December 1,
2015).
European Union Agency for Fundamental Rights. 2014. Handbook on European Data
Protection Law. Belgium. https://fra.europa.eu/sites/default/files/fra-2014-handbook-dataprotection-law-2nd-ed_en.pdf (December 1, 2015).
FOIA.gov (freedom of Information Act) Home Page. 2011. http://www.foia.gov (November
30, 2015).
Hogan, Ml, and Tamara Shepherd. 2015. Information Ownership and Materiality in an Age of
Big Data Surveillance. Journal of Information Policy 5.
King, Jonathan H, and Neil M Richards. 2014. Big Data Ethics.
http://ssrn.com/abstract=2384174 (November 23, 2015).
Klosek, Jacqueline. 2014. Regulation of Big Data in the United States. United Kingdom Taylor
Wessing. http://unitedkingdom.taylorwessing.com/globaldatahub/article_big_data_us_regs.html (November 24,
2015).
Price, Tom. 2013. Big Data and Privacy. In Issues For Debate in American Public Policy,
California: Sage, 17189.
Rees, Christopher. 2014. Conflicting Property Rights in Big Data. http://unitedkingdom.taylorwessing.com/globaldatahub/article_big_data_ownership.html (December 3,
2015).
White House. 2014. Big Data: Seizing Opportunities, Preserving Values.
https://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.p
df (December 1, 2015).

White House. Transparency and Open Government.

https://www.whitehouse.gov/the_press_office/TransparencyandOpenGovernment (December
3, 2015).