The Tech Policy Greenhouse is an online symposium where experts tackle the most difficult policy challenges facing innovation and technology today. These are problems that don't have easy solutions, where every decision involves tradeoffs and unintended consequences, so we've gathered a wide variety of voices to help dissect existing policy proposals and better inform new ones.

Ron Wyden: It's Time Congress Helped Americans Protect Their Privacy

from the mind-your-own-business dept

Americans today are faced with a dilemma – there is a vast universe of products to let us control everything in our lives with a voice command or touch of a button. We can unlock our doors, turn on the heat, track our exercise routines and our baby monitors and perform a million other tasks in ways that make life easier or more efficient.

But these conveniences carry with them the danger that the data generated will be used against us.

Far too often, information that a government or company can collect and retain, is being collected and retained, and then shared or sold with other companies, marketers or agencies in ways that Americans never consider when they decide to buy a new thermostat. When the government or private corporations can tap into the stacks of information, these smart devices that make our lives easier also amount to spies working against our interests.

There is no good reason that Americans should have to compromise on privacy to benefit from the digital age. Consumers want smart devices, but we also want companies and the government to mind their own business when it comes to our personal information.

Over the past decade, I’ve made protecting Americans’ privacy against unnecessary government surveillance one of my top priorities. And following the Cambridge Analytica scandal, I’ve spent a lot of time thinking about how to create a commonsense plan to secure our privacy from corporations that haven’t been good stewards of private information.

That’s why I wrote a draft privacy bill, and, after a year of soliciting feedback from experts, introduced the Mind Your Own Business Act last fall.

It’s based on three core principles: First, corporations should be required to provide full transparency, in easy-to-understand language, about how they collect, use and share their customers’ data — and they should be held to those commitments. There should never be another scandal like we saw with wireless carriers, when phone companies shared real-time location data with bounty hunters, scammers and creepy exes without their customers’ knowledge.

Second, users need far more control over how their data is shared. The Mind Your Own Business Act would put teeth back into the Do Not Track option that has become essentially useless today. Under my bill there would be a single website where consumers could click a button to say no company could share your information with a third party without your express permission.

Under my bill consumers can choose whether to allow sharing data with third parties and targeted ads, and companies would have to offer tracking-free versions of their products that don’t cost more than the average revenue generated from a user’s data. And it makes sure low-income families can get free privacy protection, so privacy isn’t a luxury good.

Third, there need to be real consequences for corporations that break the rules. My bill follows the European privacy law and California’s Consumer Privacy Act to add fines up to 4 percent of annual revenue and even the possibility of jail time for executives who lie to the Federal Trade Commission (FTC) about protecting users’ privacy.

Those are some key points, but my plan does a lot more as well. Because privacy is also about making sure companies protect the data they have, my bill directs the FTC to set baseline privacy and cybersecurity standards and beefs up the number of people and resources the agency enforce those rules. It requires companies to assess their algorithms to detect whether they result in biased results and to fix problems they find.

My bill will create a healthier internet economy in two separate ways: First, consumers can directly choose to pay for ironclad privacy, instead of data-scooping free services. But even users who don’t opt out will see major improvements in privacy from the baseline rules and new transparency requirements. Companies often have no choice but to terminate their shady deals with third party data dealers, once they become public. With my bill, companies will be forced to disclose exactly who sees your data, and they will face steep penalties for lying about it.

Americans are sick of being faced with a feeling of vague unease after clicking through pages of fine print. Congress needs to step up, add guardrails for our privacy and stop the endless series of Sophie’s choices between technological advances and personal privacy. We must also reform the legal treatment of “business records” so that information created to make technology work better for you and your family is treated like private, personal effects, not subject to government prying without a warrant.

It's time to level the playing field between consumers and the corporations who profit from our data, and force companies to finally take Americans’ privacy seriously.

Filed Under: control, greenhouse, liability, privacy, ron wyden, transparency


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    timlash (profile), 28 May 2020 @ 7:13am

    Senator Wyden is the best

    It will be sad watching this initiative die along with most he brings to the floor. He's always on the vanguard of the best progressive ideas that run a high probability of getting chopped down by the majority only willing to support status quo. You know, because they're all getting rich as it is now. /sigh/

    reply to this | link to this | view in chronology ]

  • icon
    hij (profile), 28 May 2020 @ 7:32am

    Question to Senator Wyden about privacy

    Senator Wyden,

    I have two questions. The first is about the bill you discuss. Who would be in charge of enforcing the bill that you are proposing? This seems to be at the intersection of the FCC, the FTC, and the Department of Justice. The enforcement of the provisions you may fall between the cracks and may not be subject to uniform enforcement.

    The second question is about broader awareness of the issues you raise. Unfortunately, the privacy concerns you raise do not seem to be something that the majority of Americans are concerned about. Without broader awareness and broader support efforts such as the one you discuss will not gain traction and will be mostly ignored. What can politicians and others do to raise the stature of this important issue?

    Finally, thank you for posting here and sharing your thoughts and this effort.

    reply to this | link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 28 May 2020 @ 7:57am

    Not just what data, but who gets it

    It seems to me that making third party data brokers illegal would be a positive step in putting controls on data abuse. Given the way the Internet/WWW and websites and browsers work, there is going to be information collected and without major changes in the network difficult if not impossible to stop.

    As has been pointed out elsewhere trying to anonymize that information is next to impossible. So while making third party information the property of the generator rather than the collector is good (and necessary), removing the set of actors who's sole purpose is to sell information that should be private would be very important, and also a tool for the FTC. Any company that deals with data brokers (and/or the brokers themselves) steps into actionable territory.

    Additionally, we should probably also consider this with regard to brick and mortar entities as well, as data privacy is not just an Internet thing. DMV's should not be able to sell data (especially when they get directly identifiable personal information by law or you don't get your license or registration). Grocery stores should not be able to sell data. Doctors should not be able to sell data. And the whole plethora of organizations that collect and sell data to bolster their incomes.

    Collecting and using observable data (by which I mean collective behavior, but not associated with an individual) is probably not all that awful. Splitting such observable behavior from identifiable individuals will not be easy though.

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 28 May 2020 @ 8:04am

      Re: Not just what data, but who gets it

      Oh, I almost forgot, that trend for companies to 'sell' you something but then require you to log onto their servers in order to be able to use it, so they can continue to monetize their products after the sale is a specific category that should be looked at. If the server provides something that couldn't be replicated by running a server instance on a home computer, then fine, but put limits on what data might be retained, and put severe restrictions on the company being able to shut that server down making the sale pointless. I realize that only part of this is privacy related, but the two concepts go hand in hand and one behavior leads to the potential for the other, and neither should be allowed.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 May 2020 @ 9:08am

    as usual, Wyden speaks nothing but complete sense and complete honesty! what a shame so many in Congress want to do whatever it is that benefits themselves rather than why they were elected into office, to look after the people!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 May 2020 @ 9:29am

    If you get sick and tired of Congress, could you come over to the UK and single-handedly double the technical IQ of our Parliament?

    reply to this | link to this | view in chronology ]

  • icon
    aerinai (profile), 28 May 2020 @ 12:43pm

    Mostly agree but..

    It requires companies to assess their algorithms to detect whether they result in biased results and to fix problems they find.

    I'm not sure that I like how 'vague' this is by it's very nature. It is kind of like saying "don't post pornography"... then banning women for breast feeding tutorials. This section of your proposal has the "I'll know it when I see it" and all too often, someone may come along and say "hey, this is racist if you look at it using this super-specific lens you never considered".

    No matter how good of intentioned this section of your bill is, there will never be consensus on moderation choices (see: Masnick's Impossibility Theorem), much less come up with some standard anyone can comprehend or similarly enforce. The more complex the system, the harder it is to know of edge cases (see: US Tax Law).

    Also... lots of times people think of algorithms as one piece of logic, not the cascading of thousands of interdependent applications that end up getting a result to your computer. Tiny, insignificant changes can lead to huge, titanic shifts...

    Remember, that algorithms are 'speech' and that is protected... so First Amendment and all that...

    Agree with you mostly, and think you are a thoughtful and great leader of our time. #Wyden2020

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 28 May 2020 @ 1:02pm

      Re: Mostly agree but..

      I agree with your assessment but think you should go one step further. Letting companies assess their own algorithms will come with the result of 'no bias here'.

      The bar to allowing outsiders assess those algorithms is that they are 'proprietary' and 'secret business intelligence'. I propose that if an algorithm is having impact on decisions made by others (for example the 'black box' information that isn't allowed to be inspected in court cases) then that veil of 'secrecy' could and should be removed. Once that happens, the issue becomes finding competent outsiders to do the assessment, and that will be difficult because no matter the state of integrity of those outsiders, everyone comes with their own bias.

      reply to this | link to this | view in chronology ]

      • icon
        aerinai (profile), 28 May 2020 @ 1:45pm

        Re: Re: Mostly agree but..

        Agreed on the 'black box' for court cases in instances like "Predictive Analytics" that law enforcement uses -- that is a great point. Those SHOULD be allowed to be audited and should be. But that is very specific product that isn't necessarily law that should be expanded to the entire internet! Some jerk shouldn't be allowed to sue Google for a racist algorithm just to get a peek (there are lawsuits that have done this with other types of trade secrets).

        That is what makes this hard... just because we do something on the internet or with 'software' doesn't mean that we can fit it all into the same box. I would rather see a separate bill carved out specifically for those types of programs/problems rather than a catch-all for the entirety of the internet.

        Again... something as complex as Google or Amazon's recommendation engine probably isn't just one algorithm sitting in one box somewhere that you can ask Brett in the dev department to explain. These are big, multi-application, multi-team endeavors and most of the time one hand doesn't know what the other is doing.

        p.s. I work in dev, so I have a 'front-line' view of the chaos that is making products at scale. Lots of chaos. I think sometimes people think these software giants are doing nefarious things when in reality, it is just people doing a job and not fully understanding the consequences... Hindsight is 20/20 and all...

        reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Tempus Fugit, 28 May 2020 @ 1:15pm

    What time is it?

    Time for to represent the best for for all instead self serving schemes to get re-elected.

    Limits should be one term only - with means test to ensure comprehension of issues before a vote - with no pardons for malfeasance.

    No more dynasties!

    Treasonous behavior s/b treated as such.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 May 2020 @ 4:58pm

    I like most of it but...

    I'm not sure about the part that says;

    "the companies would have to offer tracking-free versions of their products that don’t cost more than the average revenue generated from a user’s data"

    That part seems heavy handed and very unlikely to me.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 May 2020 @ 5:48pm

    I would be more than happy to support the law - I cherish personal privacy dearly. Unfortunately as a Federal contractor, I can't exactly lobby in support of it.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt

The Tech Policy Greenhouse
is a special project by Techdirt,
with support from:

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.