Americans Should Demand Control Over Their Personal Data
A fundamental question: Why are tech titans allowed to share our data — without our permission?
By now, most Americans are familiar with the experience of searching for something on the Internet, and then seeing a plethora of ads for that something on virtually every other website they visit. Whether they realize it or not — or worse, think it’s great — such data sharing represents a massive invasion of privacy. And yet a fundamental question remains unanswered: Why are tech titans allowed to share our data — without our permission?
With an exception for “fair use” that permits one to copy small portions of an original work for certain purposes such as scholarship or commentary, when one creates that work, copyright law protects one from having that work shared or exploited without specific permission. Yet despite the fact that we are all unique individuals, “data brokers” glean and sell personal information, not only without our permission, but without our knowledge.
Unsurprisingly, Congress has failed to adequately address the issue. The “Data Broker Accountability and Transparency Act” was introduced by the Senate — in 2014, 2015, 2016 and 2017 — but has yet to go anywhere other than the Committee on Commerce, Science, and Transportation. Moreover, it is the essence of toothless legislation, requiring only that data brokers obtain and disseminate accurate information and “provide individuals a cost-free means to review their personal or identifying information.”
Requiring permission to disseminate that data? Nowhere to be found.
In 2016, the FCC adopted privacy rules that required Internet Service Providers (ISPs) like Comcast and Verizon to get customers’ permission to sell their data to marketers. That adoption followed a 3-2 vote along party lines, and it was Democrats, not Republicans, who opted to protect consumers. The rules would have required the ISPs to not only notify their customers about what information is collected and how it is shared, but require opt-in consent rather than opt-out consent. The distinction is important because the latter option automatically defaults to the companies’ interests, not those of the consumer.
Unfortunately, the FCC’s ruling never went into effect. In March 2017, both the Republican-controlled Senate and House voted to nullify the FCC’s proposal. President Donald Trump signed that nullification into law last April.
The GOP’s rationale? ISP providers convinced them the regulation would put them at a competitive disadvantage with companies like Google and Facebook, which are regulated by the Federal Trade Commission (FTC). Republicans insisted the FCC overstepped its authority and that it was up to the FTC to keep those so-called edge providers — as in companies that provide content, application or service over the Internet as opposed to those who provide Internet service itself — in line. Republicans further asserted that having the FCC and the FTC regulate different aspects of Internet use by consumers would “create confusion within the Internet ecosystem and end up harming consumers,” as Rep. Marsha Blackburn (R-TN) put it.
In terms of personal privacy, that distinction is specious nonsense, and Sen. Ed Markey (D-MA) asked the essential question: “How much privacy are people in this country entitled to?”
Not much, apparently. Not when ISPs and edge providers can sell our data without our permission.
What data? The FCC sought user permission before tech giants could share the following: precise geolocation; children’s information; health and financial information; Social Security numbers; web browsing and app usage histories; and the content of communication.
Craig Aron, CEO of Free Press, a public advocacy group, hammered the legislation prior to the its passage. “There is literally no public support for this bill,” he stated. “Its only advocates are the nation’s biggest phone, cable and Internet companies. There’s no longer any question — if there ever was — whose needs this administration intends to serve. But people everywhere are on high alert to the serious threat to the free and open Internet. And they will fight back.”
Will they? A 2016 survey conducted by Pew Research reveals that while 74% of Americans insist it is “very important” to them to be in control of their data, only half expressed confidence that they understood how that data might be used.
Moreover, their “risk-benefit calculations,” as in what data they’re willing to release to obtain services, products, etc., are all over the map. For example, a 52% majority would willingly share health information, but only 27% would opt for installing a “smart” thermostat in their homes.
Yet most telling, those surveyed used words such as “resigned,” “inevitable,” “hopeless” and a “way of life” to describe how they felt about the possibility of resisting the collection of their personal data.
More disturbing, experts canvassed by Pew “argued that privacy was no longer a ‘condition’ of American life. Rather, they asserted that it was becoming a commodity to be purchased,” the website stated.
In short, reality bites. “An average Facebook user has no way of knowing or appreciating the mountain of data the company has collected on them,” columnist Kevin Carty explains.
Even worse? “America’s biggest tech giants have at least as much power as John D. Rockefeller and J.P. Morgan did in the early 20th century; it is just much harder to see,” he adds.
Carty advocates using anti-trust laws to “go after the biggest tech platforms” and “resume the trust-busting that freed Americans from companies like Standard Oil and plutocrats like J.P. Morgan.”
Given the predatory business practices many of these tech giants engage in, as well as their use of “instituted algorithms that allow for the suppression of opinions with which their highly opinionated management disagrees,” as columnist Angelo Codevilla aptly states, that is a noble goal. But it will do nothing to protect Americans’ personal data.
The European Union is addressing the problem. On May 25, 2018, the General Data Protection Regulation (GDPR) will take effect following three years of negotiations among member nations. While it still allows entities like Google and Amazon to process data to provide their services, GDPR will prevent them from using that data for any other purposes without user permission. This “purpose limitation” requires personal data to be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”
The law further notes that broad, non-specific consent doesn’t cut it. “A purpose that is vague or general, such as for instance ‘Improving users’ experience’, ‘marketing purposes’, or ‘future research’ will — without further detail — usually not meet the criteria of being ‘specific,’” it states.
The law also requires data collecting entities to appoint a data protection officer, and companies that fail to do so can be fined as much as 4% of their global annual turnover.
American should demand similar, or even more stringent legislation. With a possible exception for criminal records, there is no reason whatsoever why Americans must resign themselves to living in a world where something as precious as personal privacy becomes “a commodity to be purchased.” The alternative? Living in a society that would make George Orwell blush.