How the Fair Credit Reporting Act Regulates Big Data

Future of Privacy Forum Workshop on Big Data and Privacy: Making Ends Meet, 2013

6 Pages Posted: 7 May 2014 Last revised: 11 Oct 2023

See all articles by Chris Jay Hoofnagle

Chris Jay Hoofnagle

University of California, Berkeley - School of Law; University of California, Berkeley - School of Information

Date Written: September 10, 2013


This short essay, prepared for the Future of Privacy Forum's Big Data and Privacy: Making Ends Meet event in September 2013, makes two observations concerning "big data." First, big data is not new. Consumer reporting, a field where information about individuals is aggregated and used to assess credit, tenancy, and employment risks, achieved the status of big data in the 1960s. Second, the Fair Credit Reporting Act of 1970 (FCRA) provides rich lessons concerning possible regulatory approaches for big data.

The FCRA is the original US law regulating machine learning (ML) or "artificial intelligence." Consumer Reporting Agencies (CRAs) have used machine learning for decades in order to model risk and to develop credit scores. The FCRA regulates ML by requiring accuracy in inputs to be truthful and verifiable, by allowing consumers to correct those inputs, and by requiring access to credit scores (but not their algorithms) and credit reports. As such, the FCRA provides a model for regulation of "big data" and algorithmic fairness for machine learning/AI.

Some say that "big data" requires policymakers to rethink the very nature of privacy laws. They urge policymakers to shift to an approach where governance focuses upon "the usage of data rather than the data itself." Consumer reporting shows us that while use-based regulations of big data provided more transparency and due process, they did not create adequate accountability. Indeed, despite the interventions of the FCRA, consumer reporting agencies remain notoriously unresponsive and unaccountable bureaucracies.

Like today's big data firms, CRAs lacked a direct relationship with the consumer, and this led to a set of predictable pathologies and externalities. CRAs have used messy data and fuzzy logic in ways that produce error costly to consumers. CRAs play a central role in both preventing and causing identity fraud, and have turned this problem into a business opportunity in the form of credit monitoring. Despite the legislative bargain created by the FCRA, which insulated CRAs from defamation suits, CRAs have argued that use restrictions are unconstitutional.

Big data is said to represent a powerful set of technologies. Yet, proposals for its regulation are weaker than the FCRA. Calls for a pure use-based regulatory regime, especially for companies lacking the discipline imposed by a consumer relationship, should be viewed with skepticism.

Keywords: big data, fair credit reporting act, FCRA, use regulations, collection limitation, artificial intelligence, machine learning, algorithmic fairness

JEL Classification: D18

Suggested Citation

Hoofnagle, Chris Jay, How the Fair Credit Reporting Act Regulates Big Data (September 10, 2013). Future of Privacy Forum Workshop on Big Data and Privacy: Making Ends Meet, 2013, Available at SSRN:

Chris Jay Hoofnagle (Contact Author)

University of California, Berkeley - School of Law ( email )

341 Berkeley Law Building
Berkeley, CA 94720-7200
United States
‭(510) 666-3783‬ (Phone)


University of California, Berkeley - School of Information ( email )

212 South Hall
Berkeley, CA 94720-4600
United States
510-643-0213 (Phone)


Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics