The Tech Policy Greenhouse is an online symposium where experts tackle the most difficult policy challenges facing innovation and technology today. These are problems that don't have easy solutions, where every decision involves tradeoffs and unintended consequences, so we've gathered a wide variety of voices to help dissect existing policy proposals and better inform new ones.

Ron Wyden: It's Time Congress Helped Americans Protect Their Privacy

from the mind-your-own-business dept

Americans today are faced with a dilemma ? there is a vast universe of products to let us control everything in our lives with a voice command or touch of a button. We can unlock our doors, turn on the heat, track our exercise routines and our baby monitors and perform a million other tasks in ways that make life easier or more efficient.

But these conveniences carry with them the danger that the data generated will be used against us.

Far too often, information that a government or company can collect and retain, is being collected and retained, and then shared or sold with other companies, marketers or agencies in ways that Americans never consider when they decide to buy a new thermostat. When the government or private corporations can tap into the stacks of information, these smart devices that make our lives easier also amount to spies working against our interests.

There is no good reason that Americans should have to compromise on privacy to benefit from the digital age. Consumers want smart devices, but we also want companies and the government to mind their own business when it comes to our personal information.

Over the past decade, I?ve made protecting Americans? privacy against unnecessary government surveillance one of my top priorities. And following the Cambridge Analytica scandal, I?ve spent a lot of time thinking about how to create a commonsense plan to secure our privacy from corporations that haven?t been good stewards of private information.

That?s why I wrote a draft privacy bill, and, after a year of soliciting feedback from experts, introduced the Mind Your Own Business Act last fall.

It?s based on three core principles: First, corporations should be required to provide full transparency, in easy-to-understand language, about how they collect, use and share their customers? data — and they should be held to those commitments. There should never be another scandal like we saw with wireless carriers, when phone companies shared real-time location data with bounty hunters, scammers and creepy exes without their customers? knowledge.

Second, users need far more control over how their data is shared. The Mind Your Own Business Act would put teeth back into the Do Not Track option that has become essentially useless today. Under my bill there would be a single website where consumers could click a button to say no company could share your information with a third party without your express permission.

Under my bill consumers can choose whether to allow sharing data with third parties and targeted ads, and companies would have to offer tracking-free versions of their products that don?t cost more than the average revenue generated from a user?s data. And it makes sure low-income families can get free privacy protection, so privacy isn?t a luxury good.

Third, there need to be real consequences for corporations that break the rules. My bill follows the European privacy law and California?s Consumer Privacy Act to add fines up to 4 percent of annual revenue and even the possibility of jail time for executives who lie to the Federal Trade Commission (FTC) about protecting users? privacy.

Those are some key points, but my plan does a lot more as well. Because privacy is also about making sure companies protect the data they have, my bill directs the FTC to set baseline privacy and cybersecurity standards and beefs up the number of people and resources the agency enforce those rules. It requires companies to assess their algorithms to detect whether they result in biased results and to fix problems they find.

My bill will create a healthier internet economy in two separate ways: First, consumers can directly choose to pay for ironclad privacy, instead of data-scooping free services. But even users who don?t opt out will see major improvements in privacy from the baseline rules and new transparency requirements. Companies often have no choice but to terminate their shady deals with third party data dealers, once they become public. With my bill, companies will be forced to disclose exactly who sees your data, and they will face steep penalties for lying about it.

Americans are sick of being faced with a feeling of vague unease after clicking through pages of fine print. Congress needs to step up, add guardrails for our privacy and stop the endless series of Sophie?s choices between technological advances and personal privacy. We must also reform the legal treatment of ?business records? so that information created to make technology work better for you and your family is treated like private, personal effects, not subject to government prying without a warrant.

It’s time to level the playing field between consumers and the corporations who profit from our data, and force companies to finally take Americans? privacy seriously.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Ron Wyden: It's Time Congress Helped Americans Protect Their Privacy”

Subscribe: RSS Leave a comment
This comment has been deemed insightful by the community.
timlash (profile) says:

Senator Wyden is the best

It will be sad watching this initiative die along with most he brings to the floor. He’s always on the vanguard of the best progressive ideas that run a high probability of getting chopped down by the majority only willing to support status quo. You know, because they’re all getting rich as it is now. /sigh/

This comment has been deemed insightful by the community.
hij (profile) says:

Question to Senator Wyden about privacy

Senator Wyden,

I have two questions. The first is about the bill you discuss. Who would be in charge of enforcing the bill that you are proposing? This seems to be at the intersection of the FCC, the FTC, and the Department of Justice. The enforcement of the provisions you may fall between the cracks and may not be subject to uniform enforcement.

The second question is about broader awareness of the issues you raise. Unfortunately, the privacy concerns you raise do not seem to be something that the majority of Americans are concerned about. Without broader awareness and broader support efforts such as the one you discuss will not gain traction and will be mostly ignored. What can politicians and others do to raise the stature of this important issue?

Finally, thank you for posting here and sharing your thoughts and this effort.

Anonymous Anonymous Coward (profile) says:

Not just what data, but who gets it

It seems to me that making third party data brokers illegal would be a positive step in putting controls on data abuse. Given the way the Internet/WWW and websites and browsers work, there is going to be information collected and without major changes in the network difficult if not impossible to stop.

As has been pointed out elsewhere trying to anonymize that information is next to impossible. So while making third party information the property of the generator rather than the collector is good (and necessary), removing the set of actors who’s sole purpose is to sell information that should be private would be very important, and also a tool for the FTC. Any company that deals with data brokers (and/or the brokers themselves) steps into actionable territory.

Additionally, we should probably also consider this with regard to brick and mortar entities as well, as data privacy is not just an Internet thing. DMV’s should not be able to sell data (especially when they get directly identifiable personal information by law or you don’t get your license or registration). Grocery stores should not be able to sell data. Doctors should not be able to sell data. And the whole plethora of organizations that collect and sell data to bolster their incomes.

Collecting and using observable data (by which I mean collective behavior, but not associated with an individual) is probably not all that awful. Splitting such observable behavior from identifiable individuals will not be easy though.

Anonymous Anonymous Coward (profile) says:

Re: Not just what data, but who gets it

Oh, I almost forgot, that trend for companies to ‘sell’ you something but then require you to log onto their servers in order to be able to use it, so they can continue to monetize their products after the sale is a specific category that should be looked at. If the server provides something that couldn’t be replicated by running a server instance on a home computer, then fine, but put limits on what data might be retained, and put severe restrictions on the company being able to shut that server down making the sale pointless. I realize that only part of this is privacy related, but the two concepts go hand in hand and one behavior leads to the potential for the other, and neither should be allowed.

aerinai (profile) says:

Mostly agree but..

It requires companies to assess their algorithms to detect whether they result in biased results and to fix problems they find.

I’m not sure that I like how ‘vague’ this is by it’s very nature. It is kind of like saying "don’t post pornography"… then banning women for breast feeding tutorials. This section of your proposal has the "I’ll know it when I see it" and all too often, someone may come along and say "hey, this is racist if you look at it using this super-specific lens you never considered".

No matter how good of intentioned this section of your bill is, there will never be consensus on moderation choices (see: Masnick’s Impossibility Theorem), much less come up with some standard anyone can comprehend or similarly enforce. The more complex the system, the harder it is to know of edge cases (see: US Tax Law).

Also… lots of times people think of algorithms as one piece of logic, not the cascading of thousands of interdependent applications that end up getting a result to your computer. Tiny, insignificant changes can lead to huge, titanic shifts…

Remember, that algorithms are ‘speech’ and that is protected… so First Amendment and all that…

Agree with you mostly, and think you are a thoughtful and great leader of our time. #Wyden2020

Anonymous Anonymous Coward (profile) says:

Re: Mostly agree but..

I agree with your assessment but think you should go one step further. Letting companies assess their own algorithms will come with the result of ‘no bias here’.

The bar to allowing outsiders assess those algorithms is that they are ‘proprietary’ and ‘secret business intelligence’. I propose that if an algorithm is having impact on decisions made by others (for example the ‘black box’ information that isn’t allowed to be inspected in court cases) then that veil of ‘secrecy’ could and should be removed. Once that happens, the issue becomes finding competent outsiders to do the assessment, and that will be difficult because no matter the state of integrity of those outsiders, everyone comes with their own bias.

aerinai (profile) says:

Re: Re: Mostly agree but..

Agreed on the ‘black box’ for court cases in instances like "Predictive Analytics" that law enforcement uses — that is a great point. Those SHOULD be allowed to be audited and should be. But that is very specific product that isn’t necessarily law that should be expanded to the entire internet! Some jerk shouldn’t be allowed to sue Google for a racist algorithm just to get a peek (there are lawsuits that have done this with other types of trade secrets).

That is what makes this hard… just because we do something on the internet or with ‘software’ doesn’t mean that we can fit it all into the same box. I would rather see a separate bill carved out specifically for those types of programs/problems rather than a catch-all for the entirety of the internet.

Again… something as complex as Google or Amazon’s recommendation engine probably isn’t just one algorithm sitting in one box somewhere that you can ask Brett in the dev department to explain. These are big, multi-application, multi-team endeavors and most of the time one hand doesn’t know what the other is doing.

p.s. I work in dev, so I have a ‘front-line’ view of the chaos that is making products at scale. Lots of chaos. I think sometimes people think these software giants are doing nefarious things when in reality, it is just people doing a job and not fully understanding the consequences… Hindsight is 20/20 and all…

This comment has been flagged by the community. Click here to show it.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
12:04 SOPA Didn't Die. It's Just Lying In Wait. (5)
09:30 Demanding Progress: From Aaron Swartz To SOPA And Beyond (3)
12:00 How The SOPA Blackout Happened (3)
09:30 Remembering The Fight Against SOPA 10 Years Later... And What It Means For Today (16)
12:00 Winding Down Our Latest Greenhouse Panel: Content Moderation At The Infrastructure Layer (4)
12:00 Does An Internet Infrastructure Taxonomy Help Or Hurt? (15)
14:33 OnlyFans Isn't The First Site To Face Moderation Pressure From Financial Intermediaries, And It Won't Be The Last (12)
10:54 A New Hope For Moderation And Its Discontents? (7)
12:00 Infrastructure And Content Moderation: Challenges And Opportunities (7)
12:20 Against 'Content Moderation' And The Concentration Of Power (32)
13:36 Social Media Regulation In African Countries Will Require More Than International Human Rights Law (7)
12:00 The Vital Role Intermediary Protections Play for Infrastructure Providers (7)
12:00 Should Information Flows Be Controlled By The Internet Plumbers? (10)
12:11 Bankers As Content Moderators (6)
12:09 The Inexorable Push For Infrastructure Moderation (6)
13:35 Content Moderation Beyond Platforms: A Rubric (5)
12:00 Welcome To The New Techdirt Greenhouse Panel: Content Moderation At The Infrastructure Level (8)
12:00 That's A Wrap: Techdirt Greenhouse, Broadband In The Covid Era (17)
12:05 Could The Digital Divide Unite Us? (29)
12:00 How Smart Software And AI Helped Networks Thrive For Consumers During The Pandemic (41)
12:00 With Terrible Federal Broadband Data, States Are Taking Matters Into Their Own Hands (18)
12:00 A National Solution To The Digital Divide Starts With States (19)
12:00 The Cost Of Broadband Is Too Damned High (12)
12:00 Can Broadband Policy Help Create A More Equitable And inclusive Economy And Society Instead Of The Reverse? (11)
12:03 The FCC, 2.5 GHz Spectrum, And The Tribal Priority Window: Something Positive Amid The COVID-19 Pandemic (6)
12:00 Colorado's Broadband Internet Doesn't Have to Be Rocky (9)
12:00 The Trump FCC Has Failed To Protect Low-Income Americans During A Health Crisis (26)
12:10 Perpetually Missing from Tech Policy: ISPs And The IoT (10)
12:10 10 Years Of U.S. Broadband Policy Has Been A Colossal Failure (7)
12:18 Digital Redlining: ISPs Widening The Digital Divide (21)
More arrow