Industry Watch: It’s time for data privacy legislation

Privacy means different things to different people. It’s why some people build walls around their homes, yet others are totally comfortable walking on public beaches in the nude.

Data privacy is another animal altogether, and there are varying degrees to what people will accept when it comes to giving up their personal information.

People I’ve spoken with usually have three reactions to putting their data online. 1) They have a belief that Internet security is so effective that they’re not worried about having their personally identifiable information stolen or misused. 2) They’re resigned to the fact that their data is at risk, yet take some solace in the fact that millions upon millions of data bits are being collected, so they see the odds of identity theft somewhere in the neighborhood of getting hit by lightning. 3) They view giving up some data, some privacy, as the cost for access to all the Internet has to offer.

A recent study from the Center for Data Innovation came across my desk this week, and it shows that while Americans have concerns about who’s collecting their information and what they’re doing with it, few are willing to pay for data privacy.

The study shows that while 80 percent of Americans said they would like online services to collect less data on them, only 27 percent said they would be willing to pay a monthly subscription fee for Internet services that currently are free if those services would agree to collect less of their data.

According to to Daniel Castro, the center’s director, limiting the amount of personal data businesses can collect would require tradeoffs. He said overly restrictive privacy laws would result in added costs to the business in terms of compliance with those laws and reduce their revenues. I say, so what? Is nothing sacred anymore? Facebook, Google and the other major data players can’t be trusted to protect their users’ data, so if they have to incur costs to comply with laws meant to protect the unsuspecting (and even suspecting) public, they can certainly afford it.

These companies are devious, don’t be fooled. First they hide behind “War and Peace”-sized privacy policies that few people have the time or gumption to ready through, which absolves them of wrongdoing by saying, ‘Well, the user clicked the box. He knew what he was agreeing to.’ No, he or she did not know what they were agreeing to. Let’s be real. They just clicked the box so they could get on with the business of doing what they needed to do on the Internet.

Then there are the tricks they employ to collect even more data than we would provide if asked directly for it (but of course is likely covered on page 172 of the privacy policy). All those quizzes about what was your first car, who ever shopped at a particular store, what do you know about World War II, and so on, are tools to mine even more information about us. And we’re either blissfully unaware, or we don’t take the quizzes, fun as they’re made to appear.

Further, a recent study by the Pew Institute revealed that 74 percent of Facebook users are unaware that the company captures lists of their interests for ad-targeting purposes.

My wife, ever the conspiracy theorist, believes our Google Home device is listening to everything she says. How else, she asks, would the Internet know she had a cellphone conversation with her mother about a pair of shoes, and then when she hung up, ads for those shoes immediately popped up on an Internet site she was looking at? She didn’t go to the shoe company website, didn’t make any indication at all on the Internet that she has interest in those shoes, but somehow, the Internet knew of the phone conversation she had with her mother. That’s creepy.

Companies need personal data like people need oxygen. Without it, they will die. But the onus should not be on the public to agree to privacy tradeoffs for Internet access. Data collection companies should be held accountable for properly using personal data. The GDPR, and now the California Privacy Act, are important first steps for protecting the public.  More are needed.

Efforts such as data decentralization are returning control to individuals. Yet so far, we’ve left it up to the technology companies to police themselves, and we see how that’s worked. It’s time federal regulators stepped in. Damn the costs.