In an April 6, 2018 article on National Public Radio’s website, the writer, Vanessa Romo never references the soon to be implemented GDPR in Europe. She believes Facebook COO Sanberg’s promise that if they find more examples of data collected by Facebook getting into the wrong hands, they will notify the public. She accepts Sandberg’s apology that Facebook “didn’t do enough” to protect their user’s privacy. The writer seems comfortable with Facebook holding “a massive trove of user data.” With all due respect, Ms. Romo is asking all the wrong questions.
Amid all the political noise about Cambridge Analytica, and the horse-race coverage of Facebook’s stock price, Big Data Collectors have managed to keep the narrative, the press and the politicians away from the real question:
Should Facebook, Google, Amazon, or any other entity be allowed to collect and store extensive personal information about private individuals for the sole purpose of leveraging that information for wealth and power?
In Europe, the General Data Protection Regulation (GDPR) has at least partly answered this question. For more information on GDPR, you can read our November 3, 2017 blog, but in short, the answer in the EU is that they cannot collect data without the specific consent of each individual whose records are being stored. The GDPR goes into effect in May, and with the current attention on Facebook, it is the perfect time for the United States to get proactive about data privacy.
The GDPR has set the groundwork that could be a roadmap for the US. The political gears turn slowly, but two of the six GDPR requirements would be overwhelmingly embraced by Americas, and if proposed would quickly gain public support. If Americans thought they could get the data protections going into effect in Europe, they would demand them.
First, we need to adopt the GDPR’s simple, explicit consent requirement. Before any entity could collect or store personal data, the owner of the data, the individual, would be required to give consent. Legal agreements in the US have become so long and cryptic that they retain little or none of their original intent, unless that intent is deception. Long legal disclaimers that require scrolling and then clicking “OKAY” would not suffice. Instead, we need clear yes/no statements, each that must be answered individually. Imagine these queries before Facebook could add your data to the stockpile:
Can Facebook collect and store the personal data you enter? Y/N
Does Facebook have permission to sell or use your personal data? Y/N
Can Facebook share your data with companies and political organizations? Y/N
Next, we need to require a personal right to have data forgotten or corrected. This again comes directly from Europe’s GDPR. The option to remove data must be clear and easy to find, not hidden behind pages and pages of menus clearly designed to camouflage the relief users are seeking. Currently to change any privacy setting on Facebook you are required to find the hidden settings link at the bottom of a long menu secreted away behind a tiny triangle on the right side of the menu bar. Once in Settings, privacy is in yet another menu. Even then, your privacy choices are significantly limited. When Facebook asks for your phone number, they say it is to “keep your account safe,” but once they have it, your phone number becomes publicly searchable. You can restrict who can search for your phone number and address to only friends, but you cannot make it private. Under “Who can look you up using the phone number you provided?” “No One” is not an option. You cannot delete your phone number. We need easy to find, simple ways to edit or delete our data, a link in a top-level menu clearly labeled “Edit Personal Data.” The choices need to be concise, like, delete my data, correct my data, and restrict my data. Companies like Google, Yahoo, and Apple have your data stored as well, but unlike Facebook, there isn’t an entry page. Google and Apple collect data every time you use your browser or phone.
It is easy to be discouraged that these simple privacy changes might never happen. The deck is certainly stacked against unaffiliated users. The UK Daily Mail reported that Google staff had 427 meetings in the Obama Whitehouse. There are many photos of Facebook’s Mark Zuckerberg with Barack Obama, and there are reports that Facebook staffers met with Cambridge Analytica employees attached to the Trump campaign in Trump Campaign offices. Amazon’s Jeff Bezos owns the Washington Post. Facebook has donated to 46 of the 55 members of the House Energy and Commerce Committee before whom Mark Zuckerberg will testify. The cards are not in the favor of our privacy. Still, it happened in the European Union. It could happen here, but only if the attention on Facebook moves away from the stock price and who will give the most sincere apologies. The question is not who had access to what. The question is do we want all of our personal information stockpiled by private companies that have no repercussions when they misuse it?
On April 9, 2018 TechCrunch reported that Trans-Atlantic Consumer Dialogue (a privacy watchdog), along with the Center for Digital Democracy in the US, and the Norwegian Consumer Council have sent a public letter to Facebook CEO Mark Zuckerberg urging him adopt the GDPR worldwide. The letter asks for GDPR guidelines as the “baseline standard for all Facebook services.” TechCrunch writer Natasha Lomas asserts, “These are protections that all users should be entitled to no matter where they are located.” Momentum is moving in the right direction, but we need something stronger than a request to one of several companies that trade in our data.
— ♦ —
From our offices in the USA and the Netherlands, Frontier Computer provides IT hardware, enterprise computing support, Peplink SD-WAN routers, and IP communications to the world.