Testimony of Facebook accuser Frances Haugen has sparked the latest outbreak in a never-ending series of revelations about how companies and governments exploit and commercialize our personal data. In an effort to put consumers back in the driver’s seat, recent updates to data protection regulations such as GDPR in the European Union and CCPA in California stipulate transparency and control as pillars. important column of privacy protection. In the words of the European Commission: “It’s your data — take control!”
Empowering consumers by giving them a voice is a noble goal that certainly has a lot of appeal. However, in the current data ecosystem, control is not more a right than a responsibility — something most of us are not equipped to assume. Even if our brains miraculously catch up with the rapidly changing technology landscape, protecting and managing one’s personal data will still be a full-time job.
Think of it this way: Taking charge of your sailboat is absolutely amazing if you’re drifting along the Mediterranean coast on a clear day. You can decide which cute little city to head to, and there’s really no wrong choice. Now let’s imagine being in charge of the same sailboat in the midst of a violent thunderstorm. You don’t know which direction to go, and none of your options seem particularly promising. Having the “right” to steer your ship in these circumstances may not be very appealing, and it is very easy to end in disaster.
And yet, that’s exactly what we do: Current regulations drop people into the midst of a raging sea of technology and bless them with control over their personal data. Instead of forcing the tech industry to make systemic changes to create a safer and easier-to-use ecosystem, we place the burden of protecting personal data on consumers. To take this step is to protect the storm makers more than the sailors.
In order for users to successfully control their personal data, regulators must first create the right environment to ensure basic protection, in the same way that the Securities and Exchange Commission manages it. manage the investment world and protect individuals from making bad decisions. Under the right conditions, individuals can choose from among a range of desired outcomes, rather than a combination of undesirable outcomes. In other words, we need to first tame the sea before giving individuals more control over their vessels. There are several steps that regulators can take immediately to calm the waters.
First, we need to make it expensive for companies to collect and use personal data by taxing companies on the data they collect. If they pay a price for every piece of data they collect, they will rethink whether they really need it.
Regulators also need to require that default values be set at a sufficiently protective level. User data must be protected unless they choose otherwise, a concept known as “privacy by design”. No one has time to protect the privacy of their full-time job. Protection information needs to be easy. Privacy by design reduces friction on the path to privacy and ensures that fundamental rights are automatically protected.
