I must admit that this report on Senator Sherrod Brown’s (D-OH) proposal for a data privacy law intrigued me:
Congress has been debating a consumer privacy law since before there were Web browsers, but the United States still doesn’t have one. On Thursday, Brown broke with nearly every past proposal from Democrats and Republicans alike to suggest a more radical idea: allowing companies to take our data only when it’s “strictly necessary.”
For an Internet economy built in part on tracking people, that’s nothing short of a call for revolution. Brown’s new Data Accountability and Transparency Act, released in discussion draft form, would prohibit most collection and sharing of personal data as its starting point. Data could only be used in ways stipulated in the law, such as providing a service you asked for — and no more.
It could mean fewer companies selling your personal information, but also possibly fewer free apps and services.
“It shifts the burden from consumers,” Brown said. It would no longer be on you to read privacy policies to figure out what else is really going on. The reset, Brown said, would also compel companies to figure out business models that don’t depend on surveilling consumers or emphasize collecting only anonymized data. [WaPo]
It’s certainly intriguing, but I wonder how hard it would be to detect infractions.
As far as “… but also possibly fewer free apps and services,” doesn’t get a lot of sympathy from me. The frenzy for free stuff has, I believe, led to a lot more problems, both digitally and in real life, than it’s worth. It’s like cotton candy, hardly worth a damn and yet you can’t stop stuffing your face with it.
Brown’s proposal would be a step along the road to defining the ethics of collecting information about people. We already put restrictions on government intelligence agencies collecting data about us indiscriminately, and require a fairly high bar for even targeted collection.
Go back and read that paragraph again. Just typing it clarified, for me, the idea that, Gee, my data is free for the taking, is already a false statement when it comes to the US Government. Why should commercial entities have more freedom to collect that information than the US Government? I know the libertarian argument would be that the US Government shouldn’t be tracking us, but commercial entities don’t have a reason to do so.
The problem with libertarians is they don’t often think about national adversaries and deceit. They assume a commercial entity is a commercial entity and behaves according to the rules they learned at Milton Friedman’s knee.
But for me, I don’t like the idea that I’m being tracked and analyzed by, say, Google (and, yes, I use DuckDuckGo on this desktop if you’re wondering, but that’s not so easy to arrange on an Android – so I employ Jumbo there), and knowing that the data is out there, packaged and ready for analysis, and vulnerable to data breaches – hell, I’m scaring myself just typing this – and thus letting my data fall into the hands of miscreants. Or worse. And while you can always hope to fade into the background of a few billion other people, quite honestly it’s not appropriate to have to hope for that.
It leads to behaviors which are counter-productive.
I don’t know if Brown’s proposal is good or not. I don’t read legalese, and predicting how complex law will interact with even more complex technology is always an iffy proposition. But having the right principles is a good start, it seems to me.