What is regulation for?
A couple of days ago I was listening to a recorded webinar on K-12 student data privacy. I found out about it through an education blog I sometimes read called deutsch29, where the blog writer was complaining about “data chearleaders” on a panel and how important issues are sure to be ignored if everyone on a panel is on the same, pro-data and pro-privatization side.
Well as it turns out deutsch29 was almost correct. Most of the panelists were super bland and pro-data collection by private companies. But the first panelist named Joel Reidenberg, from Fordham Law School, reported on the state of data sharing in this country, the state of the law, and the gulf between the two.
I will come back to his report in another post, because it’s super fascinating, and in fact I’d love to interview that guy for my book.
One thing I wanted to mention was the high-level discussion that took place in the webinar on what regulation is for. Specifically, the following important question was asked:
Does every parent have to become a data expert in order to protect their children’s data?
The answer was different depending on who answered it, of course, but one answer that resonated with me was that that’s what regulation is for, it exists so that parents can rely on regulation to protect their children’s privacy, just as we expect HIPAA to protect the integrity of our medical data.
I started to like this definition – or attribute, if you will – of regulation, and I wondered how it relates to other kinds of regulation, like in finance, as well as how it would work if you’re arguing with people who hate all regulation.
First of all, I think that the financial industry has figured out how to make things so goddamn complicated that nobody can figure out how to regulate anything well. Moreover, they’ve somehow, at least so far, also been able to insist things need to be this complicated. So even if regulation were meant to allow people to interact with the financial system and at the same time “not be experts,” it’s clearly not wholly working. But what I like about it anyway is the emphasis on this issue of complexity and expertise. It took me a long time to figure out how big a problem that is in finance, but with this definition it goes right to the heart of the issue.
Second, as for the people who argue for de-regulation, I think it helps there too. Most of the time they act like everyone is a omniscient free agent who spends all their time becoming expert on everything. And if that were true, then it’s possible that regulation wouldn’t be needed (although transparency is key too). The point is that we live in a world where most people have no clue about the issues of data privacy, never mind when it’s being shielded by ridiculous and possibly illegal contracts behind their kids’ public school system.
Finally, in terms of the potential for protecting kids’ data: here the private companies like InBloom and others are way ahead of regulators, but it’s not because of complexity on the issues so much as the fact that regulators haven’t caught up with technology. At least that’s my optimistic feeling about it. I really think this stuff is solvable in the short term, and considering it involves kids, I think it will have bipartisan support. Plus the education benefits of collecting all this data have not been proven at all, nor do they really require such shitty privacy standards even if they do work.
mathbabe 
Funny you mention HiPAA. While we think it was set up to protect patient confidentiality, the actual consequence is that it’s a wall protecting insurance companies, hospitals, …,. a wall they often hide behind when challenged about their opaque practices.
Which points to the fact that all regulations have intents and consequences.
Regulations are almost always written by industry lobbyists to make it look like they are protecting the public, but in reality are protecting the vested interests of their industry.
Notice I did not focus on finance because I think this is true across the board.
LikeLike
InBloom is not a “private company,” and it is offering its infrastructure to whomever wants it. If that open door does not present privacy dangers, I don’t know what does.
LikeLike
Agreed about the danger, that’s why I am researching the topic. As a modeler and as a parent.
Why do you not like my characterization of InBloom though? Would you mind expanding on that? I’ve written about it here as well: https://mathbabe.org/2014/01/06/parents-fighting-back-against-sharing-childrens-data-with-inbloom/
LikeLike
As a nonprofit, inBloom is more dangerous than a private company for both the reformers behind it and its capacity to corner the market by not needing profits (it can make itself indispensable by its capacity to be “reproduced” by those utilizing its infrastructure).
LikeLike
“omniscient free agent”, no not really, but I do think they know their circumstances better than a regulator and can therefore make a better decision. Do yo beleive a regulator has perfect knowledge?
LikeLike
Nothing is perfect, of course. But yes, it’s certainly possibly that people whose job it is to keep track of an industry and be vigilant will know more than parents who have other things to do.
LikeLike
Cathy, most regulators are city, state or federal employees who fall into two categories: Ones who could not get a job in private industry, so why would you think they have superior knowledge? And others who are lining up jobs in private industry and would not cross their potential employers. C’est la vie.
LikeLike
I’ll lead with an anecdote. I have neighbor, nice enough guy has worked in politics his entire life. His latest job, he is on the gaming commission that was formed to oversee the building of 3 casinos in the state. Guess how much experience he had in gaming or hospitality industry prior to this job? If you read carefully, you know the answer.
That is the regulation you get, not what you envision (your pie in the sky fantasy of compentent knowledgable omniscient god like people controlling our lives).
I will also grant you that some are probably more knowledgable than my neighbor with their jobs. Will those do a better job? let’s look student privacy, it is a trade-off, you trade privacy for acces to software. Now you as a top quintile mother probably has a lot lower threshold than some one from the bottom quintile. Will a regulator that is knowledgable about of the industry know the individual level of comfort and NEED for the free access? No way.
LikeLike
Interestingly, in my state the board of education is exempt from run-of-the-mill protections, such as FERPA, and can even track social security numbers. The intent, as I understand it, is to allow researchers access to college completion data, etc. Ostensibly, legislators want to encourage data-mining in schools, if it will show ROI.
LikeLike
Which state? Can you send me a link to their statement of intent on this issue? Thanks!
LikeLike
I agree with your comments about Finance: a key reason for regulation is to create a safe(r) environment for non-experts. That is particularly true for consumers but even in corporate banking that is, or should be, the case: see the cases of Gibson Greetings and P&G which date back decades. There is an argument for a two-tier financial products market: regulated ‘safe’ products that non-experts can understand, and everything else. Many banks, including the one I work for, use a similar approach for selling derivatives to non-financial corporate clients: simple products can be sold to anyone, complex products require more disclosure on the bank’s side, and assurance from the client’s board of directors that they understand what they’re buying.
LikeLike
As a former derivatives trader I am curious what “simple” derivatives products can or should “be sold to anyone.”
LikeLike
I wonder if you think all people have the same needs? I mean, at best a regulator can create regulations that are best for a plurality of people. The more diverse the needs, the less people are served. Forget about regulatory capture, timing issues, diversity of products and everything else and you still left with the fact that most times, most people will not be best served by regulations.
Which leads me back to my original comment and the dismissiveness of people that believe in deregulation. They do not believe in “omniscient free agent”s, but rather in better knowledge of the problems and trade-offs by the people themselves.
People in favor of regulation must believe in singular needs (or very close), omniscient regulators (or very close as they would have to know as much about both parties involved – about the products, trade-offs, etc. to make better decisions) and in the specificity of regulation to a particular time, circumstance and issue. Pretty tall order. Regulators deal in generalities for good reasons.
disclosure is of course good, though I doubt we would agree again. At some point you have to allow grown people to make their own decisions based on their tolerance for risk. No matter how much disclosure is required their will always be people that regret their decision.
yet deregulators are called naive and pie in the sky. funny.
LikeLike
You make some good points about not being dismissive of people skeptical of regulation.
But you are being similarly dismissive of those of us who think good regulation is possible.
You say “People in favor of regulation must believe in singular needs (or very close), omniscient regulators (or very close as they would have to know as much about both parties involved”
Good regulation doesn’t require omniscience or one-size-fits-all rules.
Credit card statements and legal agreements are clearer now than they used to be. This has lead to people paying less in bank fees because they know about them.
Free market people would say this saving is just offset by less service or higher costs elsewhere. Interestingly, an academic study (including a professor from U of Chicago business school) was unable to find such offsetting effects
Different people can make different choices. Good regulation can help people make those choices better.
And it isn’t just disclosure. Payday lending is almost always a trap. It is, of course, true that there are some cases that people really do just need a quick tied-me-over loan that they will pay off. But empirical work shows that almost all people who engage in payday loans end up rolling them over much longer, and paying enormously more interest, than they expected. it is a good thing to rein them in.
LikeLike
less in bank fees? I suggest you look at some Cathy’s past posts. Those people that are not paying bank fees are the ones that can no longer open accounts. And if you think NATIONAL regulation can be specific, you are too naive to have a serious discussion.
LikeLike
I am old enough to have welcomed the promise of deregulation under Reagan. Having seen the results, all I can say is what a fool I was!
LikeLike
Hmmm, evidently your memory is fading. Carter was by far the bigger deregulator, Reagan doesn’t even come close. But let me ask you this, without deregulation – do you think you would have a smart phone?
LikeLike
One of the first economics blogs I started reading in ’08 was Johnson and Kwak’s blog, http://baselinescenario.com/ . A lot of financial types read it. I was struck by how so many of them opposed consumer protection regulation, because the thought that their financial knowledge and sophistication justified taking advantage of those who lacked it. A real poker table mentality.
LikeLike
“I think that the financial industry has figured out how to make things so goddamn complicated”…I agree, watched the health insurance business do the same thing, why, it makes money for them of course and you know that. Electronic medical records originally created to help doctors, well gee, payers got in there and now we have great up rise of “scribes” to help the doctors document medical records as the insurers complicated the heck out of it turning it into an insurer tool instead of a doctor’s tool. New installations of medical record systems at hospitals now when launched include a crew of scribes right of the bat to work in the ERs and then later they add more as needed to specific areas.
HIPAA doing much, it’s the greatest law ever written with absolutely nobody around to enforce, in other words I think we have had only 2 cases in about the 15 years it’s been around and you read about medical records being dumped out there all the time. I said a while back republish the HIPAA rules in new places where did not apply before, at least make it easy to find them instead of digging through the silos at HHS.
The lawyers all sit around and focus on verbiage only with laws, etc. while the computer code runs hog ass wild everywhere as models are built to where they can be interpreted to not be breaking any laws…digital centric laws I hope one day.
LikeLike