How the Fair Credit Reporting Act Regulates Big Data
Future of Privacy Forum Workshop on Big Data and Privacy: Making Ends Meet, 2013
6 Pages Posted: 7 May 2014 Last revised: 11 Oct 2023
Date Written: September 10, 2013
This short essay, prepared for the Future of Privacy Forum's Big Data and Privacy: Making Ends Meet event in September 2013, makes two observations concerning "big data." First, big data is not new. Consumer reporting, a field where information about individuals is aggregated and used to assess credit, tenancy, and employment risks, achieved the status of big data in the 1960s. Second, the Fair Credit Reporting Act of 1970 (FCRA) provides rich lessons concerning possible regulatory approaches for big data.
The FCRA is the original US law regulating machine learning (ML) or "artificial intelligence." Consumer Reporting Agencies (CRAs) have used machine learning for decades in order to model risk and to develop credit scores. The FCRA regulates ML by requiring accuracy in inputs to be truthful and verifiable, by allowing consumers to correct those inputs, and by requiring access to credit scores (but not their algorithms) and credit reports. As such, the FCRA provides a model for regulation of "big data" and algorithmic fairness for machine learning/AI.
Some say that "big data" requires policymakers to rethink the very nature of privacy laws. They urge policymakers to shift to an approach where governance focuses upon "the usage of data rather than the data itself." Consumer reporting shows us that while use-based regulations of big data provided more transparency and due process, they did not create adequate accountability. Indeed, despite the interventions of the FCRA, consumer reporting agencies remain notoriously unresponsive and unaccountable bureaucracies.
Like today's big data firms, CRAs lacked a direct relationship with the consumer, and this led to a set of predictable pathologies and externalities. CRAs have used messy data and fuzzy logic in ways that produce error costly to consumers. CRAs play a central role in both preventing and causing identity fraud, and have turned this problem into a business opportunity in the form of credit monitoring. Despite the legislative bargain created by the FCRA, which insulated CRAs from defamation suits, CRAs have argued that use restrictions are unconstitutional.
Big data is said to represent a powerful set of technologies. Yet, proposals for its regulation are weaker than the FCRA. Calls for a pure use-based regulatory regime, especially for companies lacking the discipline imposed by a consumer relationship, should be viewed with skepticism.
Keywords: big data, fair credit reporting act, FCRA, use regulations, collection limitation, artificial intelligence, machine learning, algorithmic fairness
JEL Classification: D18
Suggested Citation: Suggested Citation