Skip to content

The messy progress on data privacy

    The latest attempt to bring about the first comprehensive national data privacy law in the United States is causing the typical nonsense in Washington. But through the mess in Congress and elsewhere in the US, we are finally seeing progress in defending Americans against the rampant information-gathering economy.

    What emerges is a growing consensus and a set of (imperfect) laws that give people real control and companies more responsibility to tame the near-unlimited collection of our data. Given all the bickering, tacky lobbying tactics and stalemate, it may not seem like a close win. But it is.

    Let me zoom in on the big picture in the US tech companies like Facebook and Google, mostly unknown data brokers and even the local grocery store collecting a piece of data about us that could help their businesses.

    We benefit from this system in some ways, including when businesses find customers more efficiently through targeted advertising. But the existence of so much information about virtually everyone, with few restrictions on its use, creates conditions for abuse. It also contributes to the public distrust of tech and technology companies. Even some companies that have benefited from unlimited data collection are now saying that the system needs to be reformed.

    Smarter policies and enforcement are part of the answer, but there are no quick fixes — and there will be drawbacks. For years, some consumer privacy advocates have argued that Americans need a federal data privacy law that protects them wherever they live. Members of Congress have been discussing such a law in recent years, but they have not passed it.

    The weird thing is that big companies, policy makers on both sides and privacy die-hards seem to agree that a national privacy law is welcome. However, their motivations and visions for such a law are different. This is where it gets frustrating.

    A consortium made up of business and technology trade groups recently embarked on a marketing campaign calling for a federal privacy law, but only under very specific conditions, to minimize disruption to their business.

    They want to make sure that any federal law would override the state’s stricter privacy laws, allowing businesses to follow one guideline instead of dozens of potentially conflicting ones. Companies can also hope that a law passed by Congress is less disruptive to them than anything the Federal Trade Commission, which now has a Democratic majority, implements.

    This is one of those legislative tug-of-war that is inappropriate from the outside and is outraged by longstanding consumer privacy advocates. Evan Greer, director of digital rights group Fight for the Future, told me she sees what corporate lobbyists support as “watered down, industry-friendly laws that provide privacy in name only.”

    Behind the mud, however, there is emerging agreement on many essential elements of a federal privacy law. Even the biggest bottlenecks — whether a federal law should override stronger state laws, and whether individuals can sue for privacy violations — now seem to have workable middle ground. One possibility is that federal law would override future state laws, but not existing ones. And people may be given the right to sue for privacy violations, including repeated violations, under certain circumstances.

    Laws are not a panacea for our digital privacy mess. Even smart government policies lead to unwanted trade-offs, and sometimes poorly designed or inadequately enforced laws make matters worse. Sometimes new laws can feel pointless.

    Most people’s experience with Europe’s sweeping digital privacy regulation of 2018, the General Data Protection Regulation or GDPR, is annoying pop-up notifications about cookies for record-keeping purposes. The first of two of California’s digital privacy policies gives people control over how their data is used in theory, but in practice it often involves filling out tedious forms. And recent data privacy laws in Virginia and Utah mostly gave industry groups what they wanted.

    Is there any of that progress in protecting our data? A little bit yes!

    Some privacy advocates may not agree, but even imperfect laws and shifting mindsets among the public and policymakers are profound changes. They show that the flaws of America’s data-harvesting system are unraveling and that more responsibility is shifting to companies that collect data, not individuals, to preserve our rights.

    “Progress doesn’t seem like quite perfect laws; there is no such thing. It looks like fits and starts,” Gennie Gebhart, the activism director for the Electronic Frontier Foundation, a privacy advocacy group, told me.

    I don’t know if there will ever be a federal privacy law. Gridlock rules and such regulations are tricky. But behind the lobbying and indecision, the terms of the data privacy debate have changed.


    • Yikes in cryptocurrencies: The prices of Bitcoin and other cryptocurrencies have been steadily falling, which according to my colleague David Yaffe-Bellany shows that cryptocurrencies are increasingly similar to risky tech stocks.

      Also, the TerraUSD virtual currency is believed to be worth $1 each, and has collapsed far below that level. Here’s why it matters, from my colleagues at DealBook.

    • The local florist now delivers for Amazon: To speed up deliveries in rural parts of the US, Amazon has been experimenting with paying a few dollars per package to small businesses to deliver orders to nearby homes, Recode reported.

    • Instagram believed that a new dad was interested in “disability” and “anxiety.” A Washington Post columnist examines why disturbing images interrupted his newborn’s Instagram feed and advocates a way to reset social media algorithms when they don’t work for us. (A subscription may be required.)

    puppyppppy come right to your face


    We want to hear from you. Tell us what you think of this newsletter and what else you would like us to discover. You can reach us at ontech@CBNewz.

    If you have not yet received this newsletter in your inbox, then sign up here† You can also read previous On Tech columns