Defending Data: Toward Ethical Protections and Comprehensive Data Governance
51 Pages Posted: 6 May 2019
Date Written: April 10, 2019
The click of a mouse. The tap of a phone screen. Credit card purchases. Walking through an airport. Driving across a bridge. Our activities, both online and offline, are increasingly turned into data and tracked. These troves of data — collected by entities invisible to us, stored in disparate databases — are then aggregated, disseminated, and analyzed. Data analytics — algorithms, machine learning, artificial intelligence — reveal “truths” about us; weaponize our data to influence what we buy or how we vote; and make decisions about everything from the mundane — which restaurant a search engine should recommend — to the significant — who should be hired, offered credit, granted parole.
This Article is the first to chart the terrain of this novel, networked data landscape and articulate the ways that existing laws and ethical frameworks are insufficient to constrain unethical data practices or grant individuals meaningful protections in their data. The United States’ sectoral approach to privacy leaves vast swaths of data wholly unprotected. Recently enacted and proposed privacy laws also fall woefully short. And all existing privacy laws exempt de-identified data from coverage altogether — a massive loophole at a time when re-identifying de-identified data is often trivial. Existing ethical frameworks, too, are unable to address the complex ethical challenges raised by networked datasets.
Accordingly, this Article proposes a framework capable of maintaining the public’s full faith and confidence in an industry previously governed by an ethos of “move fast and break things.” The CRAFT framework establishes principles capable of guiding ethical decision making across the data landscape and can provide a foundation for future legislation and comprehensive data governance.
Keywords: data, privacy, ethics, law
Suggested Citation: Suggested Citation