Daily Local News (West Chester, PA)
Protecting privacy in the digital age
The introduction and evolution of innovative platforms has transformed the way our world works. From sharing your location to posting your policy opinion, we are more connected than ever, and the dissemination of information is more streamlined than ever.
But there are many important questions to answer about what this digital age means for personal information and expectations of privacy, particularly in the wake of recent revelations involving Facebook.
Some may suggest that regulating Facebook or similar companies will usher in more civility, accountability, or create more clearly articulated and enforceable data privacy regulations.
I suggest that this is oversimplifying the sophisticated challenges involved in the creation and dissemination of our personal data across the many platforms within which it is utilized.
To be sure, Facebook has legitimate questions to answer from Congress about how Russian election interference was facilitated through its platform. Facebook certainly also has to answer questions over Cambridge Analytica’s use of data, among other business practices. But it is likely that jurisdiction and expertise over the former is with the Federal Elections Commission and the Department of Justice, and the latter review and enforcement of applicable law is vested with the Federal Trade Commission.
Some privacy rights advocates may point in whole or in part to the European Union’s legislative approach, the General Data Protection Regulation (GDPR), focuses on improving data storage and obligating that companies protect and handle such date more carefully.
The law, which takes effect next month, fundamentally views and treats data as a right of the user – an idea from which the philosophy behind its policy propagates.
The law lets users gain access to their personal data, with the right to correct it (“rectification”), the right to transfer it (“data portability”), and the right to request it be deleted (“right to erasure”).
It also requires companies to define and disclose how they will keep such data secure, creating an inventory of the data in the process, along with limitations on duration and use of the data itself.
Underpinning the GDPR is an attempt to harmonize data protection laws for businesses across the EU or doing business in EU countries.
While some or all of this may sound reasonable, maybe even overdue, concerns related to GDPR are plentiful. Opponents suggest this is a dramatic and far-reaching entre into data privacy regulation, with little clarity over interpretation, enforcement, or compliance costs. Perhaps, as with many regulations, some of the objections are overblown — only time will tell.
As we watched the bright lights of a congressional hearing on this, let me say — I did not expect Mr. Zuckerberg’s testimony to lead to wholesale changes to data privacy law. Perhaps, though, overdue political disclaimers on Facebook ads created by candidates and political parties can be legislatively enacted through a bill known as the Honest Ads Act.
In sum, I would expect the GDPR to be a template and case study for what can and cannot work in the American economy.
And in certain respects, many American companies will have to comply with GDPR, thus ushering in a new regulatory climate even as Congress and various regulatory agencies continue to wrestle with this thorny issue here at home.
But I caution those thinking that any corporate irresponsibility by Facebook should necessitate a broad introduction and implementation of new data privacy laws. While we should not rule out the need for regulation, the easiest and most far-reaching regulation is not likely to be the best solution.
We must first have all of the facts before knowing what, exactly, is necessary. In fact, just this week we learned of additional information breaches that mirror Cambridge Analytica, and Facebook’s own COO is warning us of additional instances.
We are much better watching the EU implement the GDPR and learning lessons than we are rushing to compete with the EU on who has a better date privacy regulatory framework.
Rep. Ryan Costello, R-6th Dist., represents parts of Berks, Chester, Lebanon, and Montgomery counties, and is a member of the House Energy and Commerce Committee