This part begins by considering the existing legal constraints on the collection and use of big data in the privacy and confidentiality context. It then identifies gaps in the current legal landscape and issues in designing a coherent set of policies that both protect privacy and yet permit the potential benefits that come with big data. Three themes emerge: that the concepts used in the larger discussion of privacy and big data require updating; that how we understand and assess harms from privacy violations needs updating; and that we must rethink established approaches to managing privacy in the big data context.

The notion of ‘big data’ is interpreted as a change in paradigm, rather than solely a change in technology. This illustrates the first central theme of this part of the book. Barocas and Nissenbaum define big data as a “paradigm, rather than a particular technology,” while Strandburg differentiates between collections of data, and collections of data that have been “datafied,” that is, “aggregated in a computationally manipulable format.” She claims that such datafication is a key step in heightening privacy concerns and creating a greater need for a coherent regulatory structure for data acquisition. Traditional regulatory tools for managing privacy – notice and consent – have failed to provide a viable market mechanism allowing a form of self-regulation governing industry data collection. Strandburg elucidates the current legal restrictions and guidance on data collection in the industrial setting, including the Fair Information Practice Principles (FIPPs) dating from 1973 and underlying the Fair Credit Reporting Act (FCRA) from 1970 and the Privacy Act from 1974. Strandburg advocates a more nuanced assessment of trade-offs in the big data context, moving away from individualized assessments of the costs of privacy violations. The privacy law governing the collection of private data for monitoring purposes should be strengthened, in particular, a substantive distinction should be made between datafication and the repurposing of data that was collected as a byproduct of providing services.