From Individuals to Groups in Biomedical Big Data

Brent Daniel Mittelstadt

Aim

§ Individualistic conceptions of privacy insufficiently protect individuals against the invasive effects of Big Data analytics that involve classification of people (or data describing people)

§ Group privacy is proposed as a third interest to balance alongside individual privacy and social, commercial and epistemic benefits when assessing the ethical acceptability of automated knowledge work in general, and algorithmic classification systems in particular.

6/14/16Problems of Context and Abstraction in Big Data Page 2

Types of groups§ Collectives – A group intentionally joined due to collective interests, shared background or other explicit common traits and purposes.

§ Examples: patient advocacy group, labour unions

§ Ascriptive groups – A group whose membership is determined by inherited or incidentally developed characteristic.

§ Examples: genetic groups, patient cohorts

§ Ad hoc groups – A group whose membership is assembled for a third party interest according to perceived links between members

§ Examples: market segments, profiling groups

6/14/16Problems of Context and Abstraction in Big Data Page 3

§ European Data Protection Directive/Regulation and Common Rule both protect privacy of identifiable individuals.

§ “Privacy laws apply only to identified or identifiable persons;; one is not a ‘person’ in the absence of identifiability.” (Knoppers and Saginur 2005, 925).

Privacy for Identifiable Individuals

6/14/16Two Ethical Challenges for the IoT Page 4

Big data analytics treat individuals as types.

Within analytics, Alice’s identity is shared with other data subjects. It is constituted from shared behavioural identity tokens

Alice

Profiling Identity

Privacy for groups: the right to inviolate personality

§ Based on concept of informational identity (Floridi)

§ Privacy as identity-­constitutive§ Privacy violations as attacks on self-­defined identity

§ Right to immunity from unknown, undesired, or unintentional changes in one’s own identity (Warren and Brandeis)

§ Analytics as attack on shared group identity

6/14/16Problems of Context and Abstraction in Big Data Page 9

Who should hold a right to group privacy?

§ Individual right vs. group right

§ Group rights § Precedent: Rights of collectives (e.g. national sovereignty, union’s rights to assemble)

§ Requirements: Collective identity and collective agency§ Ad hoc groups have neither, but can be considered moral patients

§ Ad hoc groups deserve to be rights-­holders due to shared ownership of behavioural identity tokens

6/14/16Problems of Context and Abstraction in Big Data Page 10

A strong or weak right

§ Strong§ Valid claims (e.g. control) can be made on processes that create identity-­constituting information

§ Weak§ A claim to be educated and empowered about identity-­constitutive processes so as to make more informed decisions with one’s data

§ Moderate§ Oversight, e.g. rights-­holders kept ‘in-­the-­loop’ by data processors

6/14/16Problems of Context and Abstraction in Big Data Page 11

Proactive or reactive protections

§ Proactive§ Prevention of construction of certain types of profiles through Big Data analytics

§ Prevention of certain forms of knowledge generation about a group

§ Reactive§ A duty to inform individuals of group membership and new knowledge about the group

§ A right to control external identities

6/14/16Two Ethical Challenges for the IoT Page 12

Group privacy in biomedical Big Data§ Applicable in principle to any type of analytics

§ Commercial Big Data analytics (e.g. hiring, wellness programmes, health insurance)§ Redress information asymmetry between data subjects and commercial processors

§ Digital epidemiology§ Lack of existing social contract for research

§ Risk stratification/personalized medicine

§ Group privacy to be balanced with individual privacy rights and the social, commercial and epistemic benefits of medical data processing

§ Group privacy as theoretical framework for consent reforms

6/14/16Problems of Context and Abstraction in Big Data Page 13

Open questions

§ What new types of vulnerable groups will Big Data analytics create?

§ Which new attributes/classes require protection?

§ How can an ad hoc group’s right to group privacy be enforced without collective agency?

§ Stewardship§ Auditing

6/14/16Problems of Context and Abstraction in Big Data Page 14

ACKNOWLEDGEMENTSThis research is supported by a John Fell Fund Major Grant.

brent.mittelstadt@oii.ox.ac.uk

COPYRIGHT DISCLAIMER. Texts, marks, logos, names, graphics, images, photographs, illustrations, artwork, audio clips, video clips, and software copyrighted by their respective owners are used on these slides for non-­commercial, educational and personal purposes only. Use of any copyrighted material is not authorized without the written consent of the copyright holder. Every effort has been made to respect the copyrights of other parties. If you believe that your copyright has been misused, please direct your correspondence to: brent.mittelstadt@oii.ox.ac.uk stating your position and I shall endeavour to correct any misuse.