Part of the "2016 Annual Conference: Big Data, Health Law, and Bioethics" held at Harvard Law School on May 6, 2016.
This conference aimed to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S.
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School 2016 annual conference was organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich.
Learn more at http://petrieflom.law.harvard.edu/events/details/2016-annual-conference.
2. Aim
§ Individualistic conceptions of privacy insufficiently protect
individuals against the invasive effects of Big Data analytics
that involve classification of people (or data describing people)
§ Group privacy is proposed as a third interest to balance
alongside individual privacy and social, commercial and
epistemic benefits when assessing the ethical acceptability of
automated knowledge work in general, and algorithmic
classification systems in particular.
6/14/16Problems of Context and
Abstraction in Big Data Page 2
3. Types of groups
§ Collectives – A group intentionally joined due to collective
interests, shared background or other explicit common traits
and purposes.
§ Examples: patient advocacy group, labour unions
§ Ascriptive groups – A group whose membership is
determined by inherited or incidentally developed
characteristic.
§ Examples: genetic groups, patient cohorts
§ Ad hoc groups – A group whose membership is assembled
for a third party interest according to perceived links between
members
§ Examples: market segments, profiling groups
6/14/16Problems of Context and
Abstraction in Big Data Page 3
4. § European Data Protection Directive/Regulation and Common Rule
both protect privacy of identifiable individuals.
§ “Privacy laws apply only to identified or identifiable persons;; one is
not a ‘person’ in the absence of identifiability.” (Knoppers and
Saginur 2005, 925).
Privacy for Identifiable Individuals
6/14/16Two Ethical Challenges
for the IoT Page 4
5. Big data analytics treat
individuals as types.
Within analytics, Alice’s identity
is shared with other data
subjects. It is constituted from
shared behavioural identity
tokens
Alice
9. Privacy for groups: the right to inviolate
personality
§ Based on concept of informational identity (Floridi)
§ Privacy as identity-constitutive
§ Privacy violations as attacks on self-defined identity
§ Right to immunity from unknown, undesired, or unintentional
changes in one’s own identity (Warren and Brandeis)
§ Analytics as attack on shared group identity
6/14/16Problems of Context and
Abstraction in Big Data Page 9
10. Who should hold a right to group privacy?
§ Individual right vs. group right
§ Group rights
§ Precedent: Rights of collectives (e.g. national sovereignty, union’s
rights to assemble)
§ Requirements: Collective identity and collective agency
§ Ad hoc groups have neither, but can be considered moral
patients
§ Ad hoc groups deserve to be rights-holders due to shared
ownership of behavioural identity tokens
6/14/16Problems of Context and
Abstraction in Big Data Page 10
11. A strong or weak right
§ Strong
§ Valid claims (e.g. control) can be made on processes that create
identity-constituting information
§ Weak
§ A claim to be educated and empowered about identity-constitutive
processes so as to make more informed decisions with one’s data
§ Moderate
§ Oversight, e.g. rights-holders kept ‘in-the-loop’ by data processors
6/14/16Problems of Context and
Abstraction in Big Data Page 11
12. Proactive or reactive protections
§ Proactive
§ Prevention of construction of certain types of profiles through
Big Data analytics
§ Prevention of certain forms of knowledge generation about a
group
§ Reactive
§ A duty to inform individuals of group membership and new
knowledge about the group
§ A right to control external identities
6/14/16Two Ethical Challenges
for the IoT Page 12
13. Group privacy in biomedical Big Data
§ Applicable in principle to any type of analytics
§ Commercial Big Data analytics (e.g. hiring, wellness programmes, health
insurance)
§ Redress information asymmetry between data subjects and commercial
processors
§ Digital epidemiology
§ Lack of existing social contract for research
§ Risk stratification/personalized medicine
§ Group privacy to be balanced with individual privacy rights and the
social, commercial and epistemic benefits of medical data
processing
§ Group privacy as theoretical framework for consent reforms
6/14/16Problems of Context and
Abstraction in Big Data Page 13
14. Open questions
§ What new types of vulnerable groups will Big Data analytics
create?
§ Which new attributes/classes require protection?
§ How can an ad hoc group’s right to group privacy be enforced
without collective agency?
§ Stewardship
§ Auditing
6/14/16Problems of Context and
Abstraction in Big Data Page 14
15. ACKNOWLEDGEMENTS
This research is supported by a John Fell Fund
Major Grant.
brent.mittelstadt@oii.ox.ac.uk
COPYRIGHT DISCLAIMER. Texts, marks, logos, names, graphics, images, photographs,
illustrations, artwork, audio clips, video clips, and software copyrighted by their respective
owners are used on these slides for non-commercial, educational and personal purposes only.
Use of any copyrighted material is not authorized without the written consent of the copyright
holder. Every effort has been made to respect the copyrights of other parties. If you believe that
your copyright has been misused, please direct your correspondence to:
brent.mittelstadt@oii.ox.ac.uk stating your position and I shall endeavour to correct any misuse.