Yafit Lev-Aretz
Volume 70, Issue 6, 1491-1546
The term “data philanthropy” has been used to describe the sharing of private sector data for socially beneficial purposes, such as academic research and humanitarian aid. The recent controversy over an academic researcher’s alleged misuse of Facebook users’ data on behalf of Cambridge Analytica has brought data philanthropy into the spotlight of public debate. Calls for data ethics and platform transparency have highlighted the urgent need for standard setting and democratic oversight in the use of corporate data for public ends. Data philanthropy has also received considerable scholarly attention in various academic disciplines but has, until now, been virtually overlooked by the legal literature. This Article explains and starts filling in the resulting research gap by providing the first legal accounting of data philanthropy. Following a detailed description of current developments and scholarly thinking, this Article homes in on a normative assessment of privacy risks that are often cited as a conceptual and practical barrier to data philanthropy.
This Article refines the scope of data philanthropy’s informational risks and proposes a framework for mitigating some of these risks through the Fair Information Practice Principles (“FIPs”). Specifically, the purpose specification and use limitation principles, which limit data collection to ex-ante specified purposes, are discordant with the unanticipated, ex-post quality of data philanthropy. Adopting a new “data philanthropy exception” will account for the existence and nature of the privacy risks, the time frame for action, the social risks of using the data, and the allowed retention time following the reuse. The data philanthropy exception reinforces the values at the heart of the FIPs, provides guidance in a field that currently operates in a legal vacuum, and introduces the possibility of responsible sharing by and to smaller market participants.