This week (Tuesday and Wednesday), both the House and Senate held hearings on federal data privacy policy. This is no coincidence: From news that the Federal Trade Commission and Facebook are negotiating a record-breaking multibillion dollar fine tied to user privacy violations, to an Apple bug that allowed outside parties to hear Facetime calls, to concerns about apps that paid users (including teens) to track all their smartphone data, it seems each week now brings scary tech headlines.
These incidents have led plenty of people to think the worst about our technological future, including some Democratic and Republican legislators. But let’s not forget that we have existing tools and laws for many situations. Bowing to pressure to “do something” rather than letting our system do its work has real risks. Overreacting could ruin the possibility of new and better innovation in the future.
In some cases, the solution is already in place. Apple fixed the bug affecting Facetime a few weeks later. And in cases where such a bug may have done real harm, lawsuits filed by individualsand investigations considered by attorneys general could provide legal remedies. We should remember that our court system can provide an appropriate balance in many such cases.
What’s more, regulatory authorities like the FTC already have the power to protect consumers if the data security or data privacy claims made by companies are truly misleading or otherwise creating clear harm. If an app misleads users as to why it’s collecting user data, what data it’s collecting, or other data security or privacy terms, each should fall squarely under the FTC’s unfair and deceptive trade practices authority.
We shouldn’t assume every headline involving privacy and data security involves malicious intent. Sometimes even companies with a high priority on data security and user privacy can make mistakes.
We also shouldn’t sell our fellow Americans short. There seems to be a rush to the conclusion that no customer who uses Apple, Facebook or other platforms knows what they are agreeing to. In fact, data show that individuals are comfortable identifying the tradeoffs between privacy and the usefulness of a service.
For example, one survey shows the vast majority of daily Google users are aware that the service collects information. Similarly, others show that most people are aware of available privacy-maximizing options like clearing cookies or using ad blockers. Even in the case of the controversial Facebook app, interviews with some users found that many knew quite well that they were providing Facebook with data in exchange for gift cards.
So while some may shudder at the idea of allowing a company to track every use of their smartphones in exchange for a benefit, others prefer the benefit.
Sometimes, of course, an incident can alert us to the need for a new regulation. These should be specific and narrowly tailored rather than enforcing a top-down system. We shouldn’t lock in one way of doing things when tech innovators invent better ways of doing things all the time.
An American version of Europe’s General Data Protection Regulation, a cumbersome system of internet controls focused on data privacy that went into effect last May, would not only change the pro-innovation approach that’s made the United States the world’s tech leader, but could actually make the problems leading to such headlines worse.
It comes with costly regulatory burdens that many small innovators — potential future tech giants — can’t afford to comply with, solidifying the position of larger tech companies. Such regulations can also close off pathways to future innovations that require a degree of freedom to pursue.
Not too long ago, headlines over privacy and data security concerns involved Big Tech players like MySpace and Yahoo. Luckily, we didn’t shift away from the American approach then, and the next wave of innovation was better. While it’s important to make informed personal choices about what we do online, a privacy panic won’t do much good.