By James GorrieWith digital privacy, it’s you against some of the biggest and most powerful companies in the world. Guess who comes out on top in that contest?
Google, Facebook, Microsoft, Twitter, and many other digital companies make billions of dollars per year on their users’ data. That is, from your data.
If you’re online, then you, as an individual, are at the mercy of global businesses and whomever else knows how to access your data. You can only hope that they will not to abuse it. But as is commonly known, data abuse happens all the time. And even if your data isn’t abused, it’s still your data. Why should anyone else have the power to decide how it’s used?
You’re A Digital Commodity
The digital reality is that you are your data. And it’s not alarmist to point out that what you don’t know can really harm you. Your “digital self” needs some protection.
Today, everything about us is known, stored, cross-referenced, rented, sold and resold across the internet, to companies and organizations you may know and many more that you don’t. That information includes your online shopping habits, browsing history, online conversations, photos and critical personal identifying information such as your Social Security number, date of birth, political affiliations, religious beliefs. The list goes on.
Data Abuse: Business As Usual
We’re not talking about data theft, which is cybercrime. That’s a different situation. Data theft is already illegal, with stiff penalties for those violators who are caught. This is about how open and digitally accessible everyone’s personal data is and how much it’s abused by virtually…everyone. It’s how business is done online.
The problem is that it’s all done legally. You typically give your data rights away by clicking “Agree” on dense, text-heavy use agreements that no one has time to read, much less decipher. Everyone does it, which is why everyone’s data is be used and abused on a daily basis.
Who Should Control Your Data?
But here’s an idea: shouldn’t your personal data remain yours? That may sound like an obvious point, and yet you’re really not in control of your data. The digital players—all of them—have had free reign over your data years. It’s a case of technology outrunning the law by a decade or so.
When you think about it, shouldn’t you have control over who sees your information, who has access to it and who doesn’t? Shouldn’t you be able to not only protect your data, but erase it from the digital databases of companies and organizations you don’t want to have it? Shouldn’t you even have the right to be forgotten, if you want to be?
The GDPR—A Digital Right To Privacy
The Europeans think so. It’s for that very reason that the European Union passed a series of laws designed to not only let you control your data, but also remove yourself from digital databases. On May 25, 2018, the Europe Union’s General Data Protection Regulation (GDPR) came into effect.
The GDPR prohibits a whole host of data use and abuse practices that were previously legal. The objective of the GDPR legislation is to return power and control of an individual’s personal data to the individual. It’s like a digital right to privacy.
For example, those ads that follow you around online? The GDPR prohibits them. But it goes much further than that. You can request from companies and organizations precisely what data they have on you. You can also make them delete it.
And those service agreements that everyone clicks on? The GDPR requires those agreement to be written in simple language and a simple process to get out of them. And, the GDPR allows you to easily move your data to a competitor and remove it from the prior company. They are prohibited from holding onto your data using it for other purposes.
But as with any law, the GDPR contains consequences for those who violate it. First, anyone who suspects that their data is being collected or used inappropriately or without permission, they can complain to a national data regulator, who is obligated to investigate. This puts at least some power back into the hands of the individual.
But what’s more impressive is the punishment that the GDPR can impose on companies and organization who don’t comply with the rights of individuals guaranteed by the regulation. A fine of up to 4 percent of global revenue can be levied against violators. For a company such as Facebook, that would be a penalty of around $1.6 billion. Such an amount may even cause Mr. Zuckerberg to think about how he uses your data.
It’s Time To Extend Americans’ Right To Privacy To The Digital World
The objective of the GDPR makes perfect sense. Other than the political power that large corporations wield, there’s no good reason why similar legislation shouldn’t be passed in the United States. After all, why shouldn’t your right to privacy include the internet?
No company or organization should have access to your personal data without your permission. Nor should access to your data once given mean permanent access. Furthermore, you should be able to remove your data from almost any database you wish at any time. Plus, there should be a limit as to what remains posted. Any posts by someone under the age of 18 should not be permanent.
But some would even go further than that. Skype, Facetime, and other communications should not only be heavily encrypted, but unquestionably private. Same with emails. Of course, governments will still be snooping on your communications, but that doesn’t justify your data being passed around like an open secret, does it?
There are many other aspects to the GDPR law to explore. And its American counterpart may differ in some areas. That said, would a digital right-to-privacy law in the United States be a good idea? Many privacy advocates think that it would; others aren’t so sure.
Would it solve every internet data privacy issue? Certainly not. It would also have to be adapted to American Constitutional law. But overall, it would a step in the right direction.
James Gorrie is a writer based in Texas. He is the author of “The China Crisis.”