What to remember when listening to big tech "embrace privacy"
On 10 October 2018, the US Senate Committee on Commerce, Science, and Transportation, will convene a hearing titled “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act".
The Senate will hear from:
- Dr. Andrea Jelinek, Chair, European Data Protection Board
- Mr. Alastair Mactaggart, Board Chair, Californians for Consumer Privacy
- Ms. Laura Moy, Executive Director and Adjunct Professor of Law, Georgetown Law Center on Privacy & Technology
- Ms. Nuala O’Connor, President and CEO, Center for Democracy & Technology
To date the Committee has only heard from companies.
Consumer advocates and digital rights organisations in the US have been vigorously promoting effective data protection laws for many years. For years too, the tech industry has been blocking such protections. The coming into force of Europe's new privacy law GDPR and the Cambridge Analytica scandals have prompted new initiatives in the US. However, what we've seen from industry's statements to the Commerce hearing on 12 September 2018 is that the big tech industry is striving to pre-empt strong laws by promoting weaker versions.
Therefore it is important to remember:
Data protection is essential for democracy and the protection of human rights
The spaces and environments we inhabit and pass through generate and collect more and more data from human behaviour. This data is used to identify and profile individuals, generate intelligence about groups, and to anticipate and shape future behaviour and automate decision-making. With more and more data in the digital age, protection of people’s data has become vital – not just for the right to privacy but for the protection of other civil, political, social, and economic rights. The exploitation of our data can impact on our freedom of expression, our freedom of assembly – and our access to education, jobs, and health care – just to name a few. As well as exacerbating inequality and discrimination, the exploitation of our data also poses threats to democracy. As has been demonstrated from the fall out of Cambridge Analytica.
Data protection increases transparency and accountability
Data protection is a key tool that can be used to increase transparency, to place limits on the use of data by both states and companies and to hold them to account. For example, Privacy International is using data protection law to probe companies in the data broker and ad tech ecosystem. Well drafted data protection legislation places stringent obligations on both the public and the private sector and provides strong rights for individuals, helping readdress the power imbalance inherent in the data economy. To be effective legislation must be accompanied with implementation in practice and strong enforcement against those who fail to respect their obligations and people’s rights.
Strong data protection fosters trust and innovation
Strong data protection promotes trust and confidence for the users of technologies, which means stronger possibilities for both competition and innovation. GDPR is an example of a framework that balances individual rights and commercial opportunities. GDPR for instance, allows individuals to take (to 'port') their data to a competitor. Indeed the way some of the more progressive companies are adopting their business practices to comply with this new law shows that the monetization models can embrace privacy protecting practices. This way it drives better privacy for all players and promotes innovative solutions
Our Data Protection Guide
Over 120 countries now have data protection legislation, of varying strengths, and there are Bills or reform proposals in many countries, including India, Kenya, and Argentina, and now the US. With this in mind we’ve produced our data protection guide, as a tool for understanding what data protection is, what it encompasses and to facilitate interested actors to analyse proposed data protection law, in order to assess existing legislation, advocate for reform, and rectify any shortcomings. Our experience shows that the law and its implementation is more effective where consumer groups and civil society are involved in its development. This is essential in order to push back against sweeping exemptions and loopholes and ensure that laws uphold and respect fundamental rights.
Be vigilant and hold to account
The principles, rights, obligations, and enforcement and oversight provisions highlighted in the guide should be the floor not the celling. As more and more data is collected, generated, and inferred about us we must be constantly vigilant and consider the wider human rights implications.
As the world wakes up to the ways in which our data is exploited on a day to day basis with far reaching consequences it is important to remember that protecting people’s data is not just a compliance exercise; it’s an essential part of the human rights framework. We must push for better law, more effective implementation and stronger enforcement in order to hold those that exploit our data to account