Menu Close

Washington and Lee Law Review - Vol. 72


by Molly Jackman & Lauri Kanerva

Increasingly, companies are conducting research so that they can make informed decisions about what products to build and what features to change.These data-driven insights enable companies to make responsible decisions that will improve peoples’ experiences with their products. Importantly, companies must also be responsible in how they conduct research. Existing ethical guidelines for research do not always robustly address the considerations that industry researchers face. For this reason, companies should develop principles and practices around research that are appropriate to the environments in which they operate,taking into account the values set out in law and ethics. This paper describes the research review process designed and implemented at Facebook, including the training employees receive, and the steps involved in evaluating proposed research. We emphasize that there is no one-size-fits-all model of research review that can be applied across companies, and that processes should be designed to fit the contexts in which the research is taking place. However, we hope that general principles can be extracted from Facebook’s process that will inform other companies as they develop frameworks for research review that serve their needs.


by Effy Vayena, Urs Gasser, Alexandra Wood, David R. O'Brien, Micah Altman

Emerging large-scale data sources hold tremendous potential for new scientific research into human biology, behaviors, and relationships. At the same time, big data research presents privacy and ethical challenges that the current regulatory framework is ill-suited to address. In light of the immense value of large-scale research data, the central question moving forward is not whether such data should be made available for research, but rather how the benefits can be captured in a way that respects fundamental principles of ethics and privacy.

In response, this Essay outlines elements of a new ethical framework for big data research. It argues that oversight should aim to provide universal coverage of human subjects research, regardless of funding source, across all stages of the information lifecycle. New definitions and standards should be developed based on a modern understanding of privacy science and the expectations of research subjects. In addition, researchers and review boards should be encouraged to incorporate systematic risk-benefit assessments and new procedural and technological solutions from the wide range of interventions that are available. Finally, oversight mechanisms and the safeguards implemented should be tailored to the intended uses, benefits, threats, harms, and vulnerabilities associated with a specific research activity.

Development of a new ethical framework with these elements should be the product of a dynamic multistakeholder process that is designed to capture the latest scientific understanding of privacy, analytical methods, available safeguards, community and social norms, and best practices for research ethics as they evolve over time. Such a framework would support big data utilization and help harness the value of big data in a sustainable and trust-building manner.


by Dennis D. Hirsch, Jonathan H. King

Today, organizations globally wrestle with how to extract valuable insights from diverse data sets without invading privacy, causing discrimination, harming their brand, or otherwise undermining the sustainability of their big data projects. Leaders in these organizations are thus asking: What management approach should businesses employ sustainably to achieve the tremendous benefits of big data analytics, while minimizing the potential negative externalities?

This Paper argues that leaders can learn from environmental management practices developed to manage the negative externalities of the industrial revolution. First, it shows that, along with its many benefits, big data can create negative externalities that are structurally similar to environmental pollution. This suggests that management strategies to enhance environmental performance could provide a useful model for businesses seeking sustainably to develop their personal data assets. Second, this Paper chronicles environmental management’s historical progression from a back-end, siloed approach to a more proactive and collaborative “environmental management system” method. An approach modeled after environmental management systems—a Big Data Management System approach—offers an effective model for managing data analytics operations to prevent negative externalities.

Finally, this Paper shows that a Big Data Management System approach aligns with: (A) Agile software development and DevOps practices that companies use to develop and maintain big data applications, (B) best practices in Privacy by Design and Privacy Engineering, and (C) emerging trends in organizational management theory. At this critical, formative moment when organizations begin to leverage personal data to revolutionary ends, we can readily learn from environmental management systems to embrace sustainable big data management from the outset.


by Craig Konnoth

Secondary health information research requires vast quantities of data in order to make clinical and health delivery breakthroughs. Restrictive policies that limit the use of such information threaten to stymie this research. While the Notice of Proposed Rulemaking (NPRM) for the new Common Rule permits patients to provide broad consent for the use of their information for research, that policy offers insufficient flexibility. This Article suggests a flexible consenting system that allows patients to consent to a range of privacy risks. The details of the system will be fleshed out in future work.


by Carl Tobias

In late April 2015, the Supreme Court of Virginia announced that Justice LeRoy F. Millette, Jr. would retire on July 31, 2015. Democratic Governor Terry McAuliffe expeditiously created an open process for tapping a worthy successor. At July’s conclusion, the Governor appointed Fairfax County Circuit Judge Jane Marum Roush, an experienced, consensus jurist. On a Sunday night, merely two days after Roush swore her oath of office, Republican General Assembly leaders proclaimed their caucuses’ intention to elect another individual, despite conceding that Roush was very qualified. During the August special session, this concerted GOP endeavor prompted a Republican senator to join Democrats who opposed the prospect and concomitantly adjourned. GOP leaders then contended that legislators remained in session, as the Virginia Constitution explicitly prescribes Senate and House of Delegates consent to adjourn. The Governor’s Counsel next penned an opinion that concluded that lawmakers had adjourned, so McAuliffe could appoint Justice Roush to the Court again, a choice that he implemented thirty days after adjournment. Because these efforts precipitated a constitutional standoff and will consequently plague future judicial selection, they warrant analysis.

The initial part of this Article chronicles the rise and evolution of Virginia court selection. Part Two scrutinizes recent machinations, determining that the procedures now merit improvement. The last section proffers suggestions. For the near term, the Assembly ought to promptly elect Roush. She brings twenty-two years of judicial service, including over five months as a justice. Moreover, Roush’s removal for reasons unrelated to her abilities, earlier performance, or future capacity to serve would make a mockery of the selection regime, undermining citizen respect for it, the whole state judiciary, as well as the Governor and the Assembly. Across the longer term, the Commonwealth must evaluate and initiate changes that will enhance selection.


by Stephen Y. Chow

This Essay critiques the creation by the 114th Congress of a federal private right of action under the Defend Trade Secrets Act for the state unfair competition cause of trade secret misappropriation hitherto applied mostly to breaches of express or implied confidential relationships between businesses or with employees. The proposed insertion of the Uniform Trade Secrets Act definition of “misappropriation,” including acquisition by “improper means” exemplified by state commercial mores’ expectation of privacy from aerial reconnaissance, into the Economic Espionage Act framework of theft of a more narrowly defined “trade secret” of a defined “owner,” including such actions abroad by American companies, opens litigation opportunities that are unlikely to fulfill the purposes of the legislation. There is no current need to “harmonize” compliance programs, and the non-preemptive legislation would simply add more issues to be litigated in multiple contexts, including disputes over privacy or confidentiality managed by online terms. The legislation’s limitation of injunctions under a promise of “employee mobility” threatens state practices of contractual restrictions on postemployment competition.