White House expands data protections to non-citizens

The change comes out of the 90-day review of federal privacy rules as they relate to big data.

abstract head representing big data

Data collected by federal agencies on people who are not citizens or permanent residents will be subject to the same privacy protections afforded those groups once the recommendations of the Obama administration's Big Data report are put into effect.

The change in federal information collection is one of the tangible results of the 90-day review of federal privacy rules as they relate to high-volume collection and high-speed analysis of information, typically described as "big data."

The 79-page report said that big data technology is full of promise, while pointing out attendant risks to privacy and the possibility of using analytics to discriminate.

Big data is already being used by government agencies and the military to accelerate and refine medical research, probe educational data for new teaching strategies, and protect U.S. forces deployed in theaters of war. But the ubiquitous collection of data on consumer transactions, internet activity, medical information and financial data -- not to mention the location and personal information collected by mobile devices, sensors and cameras -- could be used in ways not in keeping with the original intent of the collection.

The review was ordered as part of a broader look at privacy and information issues arising from the revelations of the breadth of U.S. domestic and international surveillance programs by former intelligence community contractor Edward Snowden. The review was launched in January, around the time President Barack Obama announced his intent to revamp some intelligence community data collection practices. However, intelligence collection and analysis did not figure into the review published May 1, which was headed by presidential counselor John Podesta and authored in large part by deputy CTO Nicole Wong.

"The principle focus that we had was what's going on with the technologies in the commercial world, what's going on in the rest of government, what's going on in law enforcement, what's going on in the education sector, including the research sector, and we left the intelligence work to the work streams that were laid down in January," Podesta said on a call with reporters.

Still, some observers wondered if the review and recommendations were a way to deflect criticism over surveillance policies.

"Frankly, channeling public outrage over NSA overreach into the debate around commercial privacy regulation is irresponsible," said Ed Black, president and CEO of the Computer and Communications Industry Association.

The White House review recommends that Congress pass legislation to create a national standard for private companies to report data breaches to consumers, and update the Electronic Communications Privacy Act to standardize the disparate privacy protections that apply to email and other communications stored on hard drives and devices, as well as to email stored in the cloud or via other remote virtual applications.

An effort led by Senate Judiciary Chairman Patrick Leahy (D-Vt.)to update the law have gone nowhere, although multiple data breach bills have been introduced by lawmakers inspired by the recent theft of personal and financial data from Target and other retailers.

The administration plans to draft legislation to enshrine the principles of its Consumer Privacy Bill of Rights into law and take steps to make sure that data collected on students is used only for educational purposes. And the report recommends expanding the level of technical expertise at the Federal Trade Commission, the Justice Department, the Consumer Finance Protection Bureau and other agencies with jurisdiction over consumer protection and civil rights, to watch for discriminatory practices that could be fueled by data analytics and prepare investigative and regulatory responses.

Technology industry groups worried that the focus on discrimination could lead to new regulations.

"We appreciate the report's focus on the overall benefits that the effective use of big data can achieve but are somewhat confused as to why the administration has also focused on hypothetical concerns about the use of data," TechAmerica's senior vice president for federal government affairs, Mike Hettinger, in an emailed statement. "This creates uncertainty in the minds of Americans about a technology that has so much potential."

The provision to apply the standards of the Privacy Act to personally identifiable information on non-U.S. persons stored in government databases is a "major undertaking," according to Podesta, and one that will take time to coordinate across agencies.

The report praises the Department of Homeland Security for its efforts to manage data in its systems using tagging that establishes access control for users, and indicates how different types of information collected are protected from disclosure or sharing by law or regulation. The architecture of the DHS data marts are cited as models for law enforcement and other agencies holding sensitive information to follow.

"Most importantly, I think the president has charged us with building the architecture of privacy protection during the remainder of his administration," Podesta said. "[W]ith the recommendations contained in the report and the analysis contained in the report, we have some additional policy development to do, but we are on our way to providing the protections that are necessary to ensure privacy now and into the future."

The White House report was accompanied by a more-technical look at big data analysis by the President's Council of Advisors on Science and Technology. That report gets into the details of how to apply current data collection standards on notice and consent to an increasingly wired and networked world, in which data is collected by sensors and apps and aggregated in ways often beyond the scope of the individual's knowledge or consent.

The PCAST report suggests that consumers have access to a single privacy profile that companies honor when collecting and sharing data. With so many apps, transactions, and collection points it is "all but impossible for an individual to make fine-grained privacy choices for every new situation or app," the report notes.

The institution of such a system is likely to generate pushback from industry.

"Burdensome new legal requirements would only impede data-driven innovation and hurt the ability of U.S. companies to create jobs and drive economic growth, " said Mark McCarthy, vice president of policy for the Software and Information Industry Association.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.