A call for digital-privacy regulation 'with teeth' at the federal level

Credit to Author: scot.finnie@gmail.com| Date: Wed, 13 Mar 2024 03:00:00 -0700

How did we get to the point where the tech industry is in the user-data business instead of the tech business?

Every day, Google collects data on billions of people worldwide, according to The Regulatory Review. The dodge that users gain some benefit from ad targeting is fallacy. For example, if Google’s search were decoupled from its advertising, there would be less chance for users to be misled by ignored search terms and seemingly hard-wired results.

There’s nothing beneficial to the user about Google’s sponsored search results. That’s also true of  the adjacent Google ads that follow you around from site to site.

Digital advertising has become very big business for tech companies. For Google and Meta/Facebook, it’s a major revenue stream, and it’s a significant chunk of cash for other big tech companies — and even quite a few smaller ones.

       2023 digital advertising revenues

Amazon

$44.3 billion

Apple

$6.51 billion

Google

$237.8 billion

Meta/Facebook

$131.9 billion

Microsoft

$12.2 billion

        Data provided by Statista.

The US government and Americans in general are letting big tech companies get away with infringing the online privacy of millions of citizens who use “free” services in the form of apps and websites. Big tech’s goal is to connect advertisers with an ideal customer, who, because of some online interaction, is perceived as being more likely to buy products like the ones the advertiser is selling.

These tech companies collect information including search data, purchase history, payment information, facial recognition data, documents, photos, videos, locations, Wi-Fi location, IP address, birth date, mailing address, email address, phone number, activities or interactions such as videos watched, app use, emails sent and received, activity on your device, phone calls — and a lot more. Security.org has a richly detailed analysis on the data types used by Amazon, Apple, Facebook/Meta, Google, and X (formerly Twitter).

Google collects the most types of data; Apple, the least.

The corporate data gatherers and potential data brokers who buy and sell user data create detailed profiles with as much about you as they can muster. If these companies are breached and your data leaks, that info could wind up on the dark web where it might be sold — resulting in possible identity theft.

It should come as no surprise that the companies tracking users employ cryptic legal language to explain what they do with your data. And whatever privacy controls users might have been provided tend to be incomplete, spread out, difficult to find, ambiguous, or needlessly complex. Plus, both the legalese and privacy settings can change without notice.

If, for example, it were in Meta’s and Google’s best interests to make it easy to configure their products to the strictest level of data privacy, they would have done so long ago. (Hint: It’s in their vested interest to make it difficult for you to activate heightened user-data privacy settings.)

Facebook offers a wizard-like set of tools for managing security and privacy settings. While these tools are commendably easy to use, they barely scratch the surface of the data the social media giant collects.

It’s clear that companies harvesting online user data can’t be trusted to self-regulate to protect their users, and it’s long past time for federal regulations to protect user data and privacy like the EU’s GDPR (General Data Protection Regulation) enacted in 2018 and the EU’s DMA (Digital Markets Act) antitrust law, which took effect just last week. Laws like these belong at the federal level, because it’s easier for companies to comply with one broad set of standards than a patchwork of state regulations.

Because of the lack of federal impetus on data privacy regulation, 13 states have passed comprehensive data privacy laws: California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Texas, Florida, Montana, Oregon, and Delaware. Several additional states have lesser regulations on the books or have proposed legislation.

It’s important to enact legislation with penalties that motivate the companies involved. Some big tech firms fined by the EU have simply declined to pay some penalties, or paid them after delays. Fines are not the answer, or at least, not the best answer. Big tech companies make so much money on user data that fines for non-compliance with the GDPR and other regulations could be seen as merely the cost of doing business. Finally, if federal regulation is enacted, AI regulation should be be a part of the discussion.

It’s not possible to fully protect your user data on the Internet, but you can significantly improve your privacy. To do so, you might have to leave your comfort zone a bit and retrain yourself to work in different ways:

http://www.computerworld.com/category/security/index.rss

Leave a Reply