Ownership of personal data still appears up for grabs
Your personal information is yours.
I’ll repeat that: Your personal information is yours.
Yet that simple idea, which should serve as the basis of all privacy-related laws and regulations in the United States, seems to have eluded those who profess to be the guardians of consumer data.
The White House reiterated its call last week for greater protection of people’s personal info — two years after proposing a “privacy bill of rights” that went nowhere in Congress.
A new report, written by a group led by White House counselor John Podesta, says that “big data” — the various entities that benefit from knowing all there is to know about you — is growing out of control.
“We’re talking about sensors in our homes, cities, wearable devices, that constantly collect and share information about our surroundings, our behavior, our health and our whereabouts,” Podesta told reporters.
His report suggests some modest legislative changes, along with “voluntary, enforceable codes of conduct” for businesses and government agencies to keep consumer data from being abused or getting into the wrong hands.
I don’t know. Seems to me that if sensors everywhere is the problem, voluntary codes of conduct aren’t the solution.
Moreover, while the report addresses the ease with which people’s information can be collected, crunched and put to use, it fails to adequately convey the sense of violation that comes with businesses and government officials knowing your habits, behavior and activities.
Privacy advocates welcomed the administration’s attention to these issues but said the report didn’t go far enough in keeping people’s personal data under wraps.
“It’s nice that there’s recognition of the problem,” said Lee Tien, senior staff attorney at the Electronic Frontier Foundation, a San Francisco digital rights group. “But the report makes it sound like ‘big data’ is just a thing that’s out there.
“It’s like ‘Soylent Green,’” he said. “Big data is people. It’s our information.”
Kevin Bankston, policy director for the New America Foundation’s Open Technology Institute, a tech-related think tank, wondered whether the report was “ultimately a distraction that has needlessly taken focus away from the debate over how to rein in the National Security Agency’s massive surveillance programs.”
There’s probably something to such criticism. President Obama had ordered the privacy report in response to outrage here and abroad over revelations that the NSA was snooping on friends and foes.
The final product, however, didn’t delve deeply into the agency’s activities, seeking instead to focus on broader privacy issues.
And that might have been fine if the report had sought to identify and regulate some of the biggest exploiters of people’s information, often without anyone’s say-so. But it didn’t.
“The report failed to identify the commercial surveillance complex that has been put in place by Google, Facebook and many other data-driven businesses,” said Jeff Chester, executive director of the Center for Digital Democracy, a privacy advocacy group.
“We are concerned that the report may give a green light to expanded data collection, where the principle is collect first and worry about privacy and consumer protection later,” he said.
I wrote recently about Verizon Wireless quietly downloading code into people’s home computers that would transmit your online browsing to marketers, who could then target you with related ads on your smartphone or tablet.
Such corporate spying is apparently legal and, experts say, will become increasingly common as businesses try to track consumers from device to device.
And the more they share people’s information among themselves — a shadowy industry of data brokers already exists — the more they’ll amass digital dossiers containing intimate details about your life, including where you shop, how you pass your weekends and what medicines you take.
The report says that “we must ensure that effective consumer privacy protections are in place to protect individuals.” But it stops short of doing anything about it, such as requiring that private companies disclose to consumers what they know about them.
The report also recommends that U.S. privacy safeguards be extended to non-U.S. citizens “because privacy is a worldwide value.”
This is apparently a bone being thrown to European businesses and governments. Europeans enjoy far more robust privacy protections than Americans and have long complained that their data are unfairly exploited by U.S. companies. The White House wants Europeans to know that we feel their pain.
But that’s not good enough. The Europeans have it right: They begin any discussion of data use with an acknowledgment that all people have a right to privacy — a right that’s only implied, not spelled out, in U.S. law.
“Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose,” declares the website of the European Commission. “Furthermore, persons or organizations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.”
In response to the NSA spying revelations, the European Parliament passed even stricter privacy rules in March. They still have to be approved by the European Union’s 28 member countries, but represent the region’s commitment to individual rights.
The new rules wouldn’t just give people more control over who can obtain their personal info but also grant a right to have online data erased — a so-called right to be forgotten.
We’re a long way from anything so enlightened. At this point, the United States still has trouble saying that you, and not Google, should have the last word on how your personal information is used.
It isn’t so complicated. Your personal information is yours.
Once that simple idea is accepted by all concerned, everything else falls into place.
David Lazarus’ column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send your tips or feedback to firstname.lastname@example.org.