Do Americans Really Care About Internet Privacy?
This week, the world watched as American congressmen questioned Mark Zuckerberg about how Facebook protects private information. At least that was how it started. Then, it went downhill. Ted Cruz asked why specific conservative pages had been shut down by the company, suggesting its bias is harming conservatism. Bobby Rush struck down Facebook's racial ad targeting options but Zuckerberg replied by notifying the representative that the targeting option had been discontinued. Another senator raised concerns about Facebook being monopolistic. Others wanted to know what to do if they don't want to see ads that were targeted using their Facebook account's data.
The problem here is not that the questions are not valid (some are more valid than others). The problem is that congress was supposed to be talking about privacy and data security. This hearing was called for in response to the Cambridge Analytica scandal. It wasn't meant to be a chance for congresspeople to state all their perceived grievances with Facebook, many of which were formed with an insufficient understanding of how the service works.
Just take a look at the EU. Its governing body started working on a response to data security and internet privacy concerns long ago. The result is called the GDPR, and it was completed before the Cambridge Analytica scandal started circulating in the news. This begs the question, "what the heck has the US been doing?" Congressmen don't seem prepared to discuss the topics at hand even now. We've only begun to discuss measures to curb data leaks, and our proposed measures aren't nearly as broad as the EU's. How did Europe get so far ahead? The answer might have something to do with America's current state of dysfunction.
Could the EU's GDPR Have Prevented the Cambridge Analytica Data Breach?
If Cambridge Analytica had been bound by GDPR rules, and wasn't able (or chose not) to circumvent them, the Facebook scandal would not have occurred. One of the reasons is that the GDPR prohibits data from being processed if the purpose of it is not clearly defined in a contract with the end user. Cambridge did not disclose its political affiliation with any of the users of the app it created, which allowed data from over 70 million Facebook users to be obtained deceptively. Some never even used the app.
The requirement to disclose the purpose of info-gathering activities isn't the only safeguard the GDPR mandates. Consent to collect data must be explicit and unambiguous, and it can be withdrawn at any time. Even if Cambridge had found a way to break the rules without being noticed, their punishment would be predesignated by the GDPR. According to GDPREU.org, the company would be fined €20M or 4% of global annual revenue, whichever is higher, plus any damages that are brought to court. In 2017, Facebook generated $40.65B in revenue. That would have meant a $1.6B fine, had GDPR been in place.
The GDPR goes into effect at the end of May, 2018 and applies to all business targeted to EU residents.
What's Next With Regard to Internet Privacy in the US?
We recently witnessed congress and the FCC allowing net neutrality to go by the wayside, pending lawsuit resolution. To many, scrapping net neutrality regulation just would not be acceptable, yet it was always clear that the matter was a partisan one, not an American one. What can we expect with regard to privacy, data and the marketers and end users that operate alongside the issues? It's hard to say. Will this, too, become a divisive, partisan debate? What could be the outcome?
On one extreme, you could have an internet without cookies, tracking, or even advertising. I don't see that happening, but it's one scenario. On the other, you may have a deregulated data marketplace where each individual must choose which information, if any, they risk sharing online. It's another extreme scenario, but one that's not so different from the present reality.
As with the net neutrality issue, there are stakes in internet privacy for multiple parties. Everyone uses the internet and would benefit from better security requirements. Many of the companies that gather and use personal data would lose a gargantuan opportunity if the restrictions become too great. The economy would suffer and we would lose some useful, well-liked online tools. The question is "what's the right balance?" There's little certainty about what will happen next. However, sadly, it's almost certain that some of our leaders will continue to discuss irrelevant issues and non-issues if for nothing but to generate a buzz. Let's just hope that when the dust settles, we'll be having a decent, productive conversation about what really matters.