Finally Waking Up
Being ’’ woke” is the trendy word these days. Regarding privacy issues, last year was a year of awakening for many. Too bad it had to come in the form of shocking events like Facebook’s unseemly partnership with a little-known data-mining consulting firm named Cambridge Analytica to raise the alarm. They were hardly alone in the whole-scale invasion into our personal data. It’s just that, the state of politics being what they are, it got the lion’s share of media attention. Facebook was not alone in evoking privacy worries from the public–not by a long shot. No, especially when you consider one high-profile data rupture after another from the likes of Google, Amazon, and Equifax.
Tim Cook’s Solution
Never one to be silent in the past when it comes to privacy concerns, Cook went a step further last week. He called for an unprecedented package of legislative reform measures that would protect and empower consumers. He wrote: “In 2019, it’s time to stand up for the right to privacy — yours, mine, all of ours. Consumers shouldn’t have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives.” Cook cites a major impediment to protecting privacy is the fact that we are probably not even aware that our data is being exploited and ultimately exposed.
In his “Time” magazine essay, Apple’s Cook wrote that, “One of the biggest challenges in protecting privacy is that many of the violations are invisible.” Cook points to a scenario in which you might have bought a product from an online retailer that, right after the transaction, doesn’t reveal that it sold or transferred information about your purchase to a data broker that, in turn, packages your information and sells it to yet another buyer. Alarmingly, all this occurs without the customer’s consent. Hence the need for laws that protect us. He was not alone in requesting laws that would reshape the privacy landscape as other companies separately joined the growing chorus of concern with a view toward protecting our civil rights, punishing violators and limiting government access to our data.
Getting Ahead Of The Curve
The catalyst for coalescing around a uniform law can be found in Europe’s enactment of its stringent General Data Protection Regulations (GDPR). Tech companies see that this type of ham-stringing by the government is inevitable in the U.S. and want not only to be part of the conversation but to tilt it to their advantage. This apparent trend toward heavy government regulation of personal data collection has tech titans discussing support for a federal privacy law for the first time. While tech companies by and large view such regulation as onerous and a limitation on their ability to do business, they see the handwriting on the wall. If such legislation is inevitable, then tech companies feel their best play is to get out in front of it with their own industry-supported legislation that contains terms that are as friendly to them as possible.
Another impetus, and cause for industry worry, is the recent legislation emanating from California. The California Consumer Privacy Act (CCPA) bears similarities to the GDPR and will become fully active on the first day of 2020. Though not quite as stringent overall as the GDPR, the CCPA gives state residents similar rights to know what data companies have collected about them and to require that companies fully remove this data from circulation upon request. The tech industry, fearing a nationwide network of states enacting their own restrictive privacy policies, would much prefer one all-encompassing and possibly softer federal law.
A Compliant Congress?
So what’s the probability Congress will play along? Well, if you look at the billions spent to lobby Congress, I would say the likelihood is pretty good.
“At the risk of being an optimist, there is reason to believe that this Congress will pass substantial privacy legislation,” says Marc Rotenberg, president and executive director of the Electronic Privacy Information Center (EPIC) in Washington, D.C., one of the groups that signed onto the proposed privacy framework. “There are several factors that have made privacy a legislative priority for many members on both sides of the aisle.”
A big worry of privacy advocates is that a tech company-driven data privacy law might be crafted to guard against the more draconian (to them) aspects of the GDPR, and might result in a law giving the appearance of privacy but enabling companies to engage in business as usual in terms of using our information. This will bear watching in the months ahead. Stay tuned.