It’s Past Time For A National Data Privacy Law
January 23, 2019
It’s been nearly twenty years since the Federal Trade Commission (FTC) recommended that Congress adopt legislation to ensure adequate protection of consumer privacy online. By the turn of the century, it was already apparent that self-regulation of online privacy wasn’t working, yet Congress failed to act. The parade of privacy scandals that have been grabbing media attention over the last few years are the predictable results of this Congressional inaction.
This isn’t a difficult policy problem. The appropriate solution has been in front of Congress for decades. In its 1998 report to Congress about online privacy, the FTC identified widely accepted and well established principles for fair data practices—consumer notice, access, control, and security—principles that are as true today as they were in the last century. Apple CEO Tim Cook recently urged Congress to adopt these principles, and a legislative framework proposed by the Business Roundtable last month also appears to be based on them.
The reason for Congressional inaction is primarily political. Google and Facebook, two of the companies that have gained the most from the failure of federal privacy oversight, are among the top five largest public companies by market value and the top spenders on lobbying Capital Hill.
Their political power isn’t limited to lobbying or their financial resources. Google and Facebook have enormous power to influence public opinion through their own platforms.
According to Robert Epstein, a senior research psychologist at the American Institute for Behavioral Research and Technology, “Google’s search algorithm can easily shift the voting preferences of undecided voters by 20 percent or more—up to 80 percent in some demographic groups—with virtually no one knowing they are being manipulated.” With the current lack of transparency or government oversight, there is nothing stopping Google from using its capabilities to shift votes from candidates that are hostile to its preferred policies to candidates that support Google.
In 2016, Google openly admitted to using the “redirection” capabilities of its monopoly search and targeted advertising platforms to manipulate the political ideologies of violent internet users on an individualized basis, including those whom Google categorizes as belonging to the “far right in America.” This Google project has since become “Moonshot CVE,” which apparently offers “counter-messaging” capabilities to help its “clients” respond to “violent extremism effectively.” Though Moonshot CVE’s website and name imply that its projects are limited to countering violent extremism, there does not appear to be any public information regarding the scope of its efforts or the clients it serves—and it appears its “redirection” techniques could be used to manipulate internet users on any issue.
Facebook’s ability to alter behavior, including voter turnout, is also well known. A report prepared for the Senate Intelligence Committee recently found that a Russian agency has “adapted existing techniques from digital advertising to spread disinformation and propaganda” on Facebook and other social media platforms. According to Oxford University’s Computational Propaganda Project and Graphika, which prepared the report, “this strategy is not an invention for politics and foreign intrigue, it is consistent with techniques used in digital marketing.”
It now appears that Russia’s efforts have opened Pandora’s box. According to this investigative report by a quartet of journalists as the Washington Post, Democratic campaign operatives “used tactics inspired by Russian disinformation teams” to secretly influence the 2017 Senate election in Alabama.
The Oxford University report’s frank acknowledgment that digital marketing techniques are being used to spread disinformation in electoral campaigns and the use of such tactics by domestic political operatives should lay to rest any further doubts about the need for a national data privacy law. The very legitimacy of representative democracy is at stake.
By Fred Campbell
Originally published by Forbes
June 25, 2019
June 19, 2019
March 19, 2019
Data Catalyst Institute and India-based think Tank, ICRIER, Partner on March 25th Data Regulation Conference
March 11, 2019