Privacy, responsibility and the flow of information

This NYT article highlights something I’ve long gone on about – the serendipity of information.

Dr. Arul Chinnaiyan stared at a printout of gene sequences from a man with cancer, a subject in one of his studies. There, along with the man’s cancer genes, was something unexpected — genes of the virus that causes AIDS.

It could have been a sign that the man was infected with H.I.V.; the only way to tell was further testing. But Dr. Chinnaiyan, who leads the Center for Translational Pathology at the University of Michigan, was not able to suggest that to the patient, who had donated his cells on the condition that he remain anonymous.

In laboratories around the world, genetic researchers using tools that are ever more sophisticated to peer into the DNA of cells are increasingly finding things they were not looking for, including information that could make a big difference to an anonymous donor.

The question of how, when and whether to return genetic results to study subjects or their families “is one of the thorniest current challenges in clinical research,” said Dr. Francis Collins, the director of the National Institutes of Health. “We are living in an awkward interval where our ability to capture the information often exceeds our ability to know what to do with it.”

Alas I’d like to spend more time on this, but the ‘bottom line’ here as they say is that the way we do privacy is often wrong. It’s wrong because we seek to “engineer in” the desired level of privacy at the level of the initial interaction and indeed up through a cascade of interactions. The case for privacy has been built around a ‘consensualist’ model which is to say that the advocates of privacy, and then the regulation to which their activism gives rise, is often built on cascading ‘consents’.

Thus a firm receiving your private information will typically pre-announce what they will and won’t use the information for, and even when they do that, they are typically not permitted to pass it onto another party even if they’ve made similar undertakings to respect your privacy.  This hugely over-engineers the privacy mandate.

I was bemused a few months ago when Google was supposed to be being ‘evil’ when it began communicating with itself to aggregate information it knows about its consumers between it’s various divisions. What matters is whether those divisions use it responsibly, and there’s a lot of obvious benefit in their integrating the information I’ve given them across their various divisions (so my ‘contacts’ are integrated across twitter and email for instance) just as there’s a benefit in my being able to take my Google ID elsewhere should I wish.

At any rate one thing we could do to improve the way we handle the competing demands of privacy, utility and other ethical values is to rely less on setting up closed systems to handle private data and instead think about how one might permit the transmission of private data subject  to sanctions if it’s misused.

You see this is not about relatively unimportant things like whether I can integrate my Twitter and email contacts. It’s about the ease with which our various data systems can be integrated. Decent integration of educational databases could enable us to know much more about what is and is not working in our educational system. And Fiona Stanley has shown the power of data integration in WA.

From Wikipedia:

 In 1977, her research group established the WA Maternal and Child Health Research Database. It is a unique collection of data on births from the entire state which has proved a valuable resource in predicting trends in maternal and child health and the effects of preventive programs. Stanley’s research also includes strategies to enhance health and well-being in populations; the causes and prevention of birth defects and major neurological disorders such as cerebral palsy; the causes and lifelong consequences of low birth weight; and patterns of maternal and child health in Aboriginal and Caucasian populations. “Data collected enabled Stanley and her colleagues to explore, for instance, the connection between a lack of folic acid in diets and spina bifida, and markedly reduce it”.

Here work could be far more powerful if she could integrate more data, and she’s pursuing various avenues – many officials of other countries have been more helpful than ours – to increase the number of people in the database. To the extent that she can do so she can hugely accelerate the speed with which associations can be detected and so health enhanced.

But privacy is one of the major bugbears with data suppliers often being wary of prejudicing people’s rights to privacy. The appropriate response is for those dealing with the data at Fiona’s end to have a duty to respect people’s privacy but not to try to stop her centre getting hold of data which could, in principle identify them. Further should they discover something about someone, a duty to respect someone’s privacy is different from a prohibition on one ever communicating with them if you find out something that could be of benefit to them. It’s simply ridiculous (and outrageous) if you find out something about someone that could be of grave importance to them, not to tell them for reasons of ‘privacy’.

This entry was posted in Economics and public policy, Information, Innovation. Bookmark the permalink.
Notify of
Newest Most Voted
Inline Feedbacks
View all comments
9 years ago

jacques – something truly dreadful is happening to layout when I use OPERA today

Jacques Chester
Jacques Chester
9 years ago
Reply to  fxh

The subbies moved us to the new server overnight.

It has not gone as smoothly as they said it would.

9 years ago

mmh – its only on front page not on individual opened articles.

derrida derider
derrida derider
9 years ago

My (extensive, actually) experience is that genuine obstructionism (of the “knowledge is power” or “tell them anything and they’ll only use it to criticise us” variety) is a LOT rarer than it used to be.

Some of the remaining problems do lie in our privacy laws, which draw on a simplistic framework of some sort of a stable balance between a (poorly defined) right to privacy and the (poorly understood) public usefulness of information. Given the average joe’s personal experience of corporate and government misuse of personal data, and his consequent suspicion, I don’t think we’ve got much chance of changing that soon.

But another big problem is a purely economic one. Preparing data in a form that outsiders can actually play with (eg extensive metadata, extensive validation, careful attention to dataset matching possibilities) is surprisingly expensive. From a public good view that expense is potentially a real bargain, but potential public good doesn’t figure in the Budget’s bottom line. Public service managers see that expense as avoidable corporate overhead rather than core function precisely because the benefits are hypothetical (depends on serendipity, remember?) and in any case unquantifiable.