BACK TO PAPERS

The Datatrust Privacy Guarantee: Protecting the Datatrust from Compelled Disclosure

  1. Introduction: Why we need to understand privacy rights.
  2. A quick overview of federal privacy law.
  3. Implications for data collectors today.
  4. Implications for the datatrust.

I. Introduction: Why we need to understand privacy rights.

What’s more personal to you? Papers you have in your home or documents you store in the cloud? The prescription drugs you keep in your medicine cabinet or medical data stored at your pharmacy? The questions you ask your spouse in bed or the questions you type into your search engine?

In the U.S., the Fourth Amendment protects us from unlawful search and seizure, meaning that the police can’t just come barging into your home unless they have “probable cause” that you have committed a crime.

But now so much of what we consider “personal” is in the form of data, i.e., bits that can be easily replicated, shared, and stored in places very far from our homes, cars, or any other physical space that is protected by the Fourth Amendment.

It's not just a question of, “What can the government find out about you from Facebook?”

What can the government find out about you from third parties? From companies and businesses that have your data without your consent or even your knowledge?

Pharmacies sell prescription data that includes you; cellphone-related businesses sell data that includes you. So much of the data economy involves companies and businesses that don’t necessarily have you as a customer, and thus even less incentive to protect your interests.

Some of this data is anonymized, some of it is not. But even data that’s supposedly de-identified or anonymized isn't actually private. We know that such data can be combined with another dataset to re-identify people.

And we at the Common Data Project, in creating a datatrust, are stepping right into the middle of all of this.

We seek to create a new kind of institution, a datatrust, where organizations can safely release personal data without compromising individual privacy. Like any organization or business that stores a lot of personal information, we know that law enforcement officials may end up very interested in the data that we have. We need to understand how existing laws and proposed reforms might apply to us, and to be thoughtful and creative about what it means to protect privacy rights today. We don’t have all the answers, but we need to start with defining the questions.