The messy progress on data privacy

(Photo: NYTimes)
The latest attempt to create the first broad national data privacy law in the United States is causing the typical nonsense in Washington. But from the mess in Congress and elsewhere in the US, we’re finally seeing progress in defending Americans from the unrestrained information-harvesting economy.اضافة اعلان

What’s emerging is a growing consensus and a body of (imperfect) laws that give people real control and companies more responsibility to tame the nearly limitless harvesting of our data. Given all the bickering, tacky lobbying tactics and gridlock, it might not look like winning from up close. But it is.

Let me zoom out to the big picture in the U.S. Tech companies like Facebook and Google, mostly unknown data middlemen and even the local supermarket harvest any morsel of data on us that might help their businesses.

We benefit from this system in some ways, including when businesses find customers more efficiently through targeted ads. But the existence of so much information on virtually everyone, with few restrictions on its use, creates conditions for abuse. It also contributes to public mistrust of technology and tech companies. Even some companies that have benefited from unrestricted data collection now say the system needs reform.

Smarter policy and enforcement are part of the answer, but there are no quick fixes — and there will be downsides. Some consumer privacy advocates have said for years that Americans need a federal data privacy law that protects them no matter where they live. Members of Congress have discussed, but failed to pass, such a law over the past few years.

The weird thing now is that big companies, policymakers in both parties and privacy die-hards seem to agree that a national privacy law is welcome. Their motivations and visions for such a law, though, are different. This is where it gets frustrating.

A consortium that includes corporate and technology trade groups kicked off a marketing campaign recently that calls for a federal privacy law — but only under very specific conditions, to minimize the disruption to their businesses.

They want to make sure that any federal law would overrule stronger state privacy laws, so businesses can follow one guideline rather than dozens of potentially conflicting ones. Businesses may also hope that a law passed by Congress is less disruptive to them than anything the Federal Trade Commission, which now has a Democratic majority, implements.

This is one of those legislative tugs of war that is unseemly to watch from the outside and enraging to longtime consumer privacy advocates. Evan Greer, director of the digital rights group Fight for the Future, told me she sees what corporate lobbyists are supporting as “watered down, industry-friendly laws that offer privacy in name only.”

Behind the muck, though, there is emerging agreement on many essential elements of a federal privacy law. Even the biggest sticking points — whether a federal law should override stronger state laws, and whether individuals can sue over privacy violations — now seem to have workable middle grounds. One possibility is that the federal law would overrule any future state laws but not existing ones. And people might be given the right to sue for privacy breaches under limited circumstances, including for repeat violations.

Laws are not a cure-all for our digital privacy mess. Even smart public policies produce unwanted trade-offs, and sometimes poorly designed or inadequately enforced laws make things worse. Sometimes new laws can feel pointless.

Most people’s experience with Europe’s sweeping 2018 digital privacy regulation, the General Data Protection Regulation or GDPR, is annoying pop-up notices about data tracking cookies. The first of two of California’s digital privacy provisions in theory gives people control over how their data is used, but in practice often involves filling out onerous forms. And recent data privacy laws in Virginia and Utah mostly gave industry groups what they wanted.

Is any of that progress on protecting our data? Kinda, yes!

Some privacy advocates may disagree with this, but even imperfect laws and a shifting mindset among the public and policymakers are profound changes. They show that the defaults of America’s data-harvesting system are unraveling and more responsibility is shifting to data-collecting companies, not individuals, to preserve our rights.

“Progress looks like not completely perfect laws; there is no such thing. It looks like fits and starts,” Gennie Gebhart, the activism director for the Electronic Frontier Foundation, a privacy advocacy group, told me.

I don’t know if there will ever be a federal privacy law. Gridlock rules, and such regulation is tricky. But behind the lobbying and the indecision, the terms of the debate over data privacy have changed.

Read More Lifestyle 
Jordan News