Biotech is all the rage these days. Fitbit and friends burn VC money at one end, Craig Venter captures imaginations and press cycles and grant funding at the other, and an endless array of startups, big pharma, NYGoodHealth and research foundations fill the middle to bursting. Sequencing genomes is sexy. Folding proteins, stimulating neurons, and hunting superbugs are all sexy.

Even so, my favorite recent biotech project isn’t a startup, new product, or breakthrough in the lab. It’s a government bureacracy, working on compliance, using billing data. No joke.

OK, that’s a bit unfair. It does at least have a Hollywood-killer-robot name: Mini-Sentinel. NPR did a great overview, but in short, it’s an FDA project that mines anonymized(ish) medical records from over half of the American population to discover unexpected drug side effects and reactions.

It’s a noble goal, but admittedly, it’s pretty straightforward big data. The bureacracy itself is actually the part that gets me worked up. The research community salivates at meta-analyses like these, but the data has always been tied up in a straitjacket of regulation, liability, and trade secrecy FUD. Big providers like Kaiser and the VA do similar work on their own data, internally, but this the first project I’ve seen that combines so much data from so many different sources.

It’s far from perfect, of course. The data itself is mainly billing codes, which is temptingly standardized but was never meant for medical research, and the methodology and results are still immature. Still, it’s a big deal.

At a higher level, Mini-Sentinel illustrates what I and others think may be the next defining question of our generation: how do we balance the individual’s right to privacy and control over their data with society’s need to use it for the public good?

Medical records have always skewed toward the individual. Projects like Mini-Sentinel may gradually erode that, but laws like HIPAA and valid privacy expectations will make progress slow and halting.

Other fields like advertising, and more recently national security, have skewed toward the group. The US has never enjoyed clear data privacy protection, unlike the EU, so credit bureaus and online ad networks have run rampant. Likewise, Snowden showed us just how brazenly the NSA has ignored the 4th Amendment in its epic, 9/11-fueled land (and budget) grab.

The waters are murkier elsewhere. Google’s web search, for example, is a public good that most of us depend on every day, but the EU has strong-armed it recently with a Right to Forget doctrine for individuals. Similarly, Google’s environmental map projects are powerful forces for positive change, but Street View has to blur faces and license plates to protect privacy.

In particular, I can’t wait to see how we rethink public and semi-public spaces. US courts have consistently protected our right to take photographs and audio recordings from streets and other public places, but I don’t expect that to last forever. Drones may deliver our packages soon, but they can also hover outside our windows and record video, eventually even through curtains. (Hello, TSA backscatter scanners!)

This is nothing less than the tragedy of the commons in reverse. Everyone loves an underdog, and right now that underdog is individual privacy, under threat from big bad corporate and government wolves. I worry that our bloodlust may lead us to muzzle important, worthy projects like Mini-Sentinel. On the other hand, I also worry about our ongoing failure to reign in power-thirsty behemoths like the NSA and tech oligopolies and provide meaningful privacy and data rights for individuals.

The silver lining, at least, is that we’re talking about the question. We may not be framing it quite the way I’d like, as a balance between individual and group rights, but that’s ok. We’ll be struggling with it for a while to come.