Roger McNamee
The United States has no national privacy law. What it has instead is a laissez-faire policy that allows businesses and governments to harvest all manner of data and use it in any way they choose.
While many Americans are aware of the harm caused by social media platforms like Facebook and Instagram, they are generally not aware of how much data is harvested about them, how widely it gets shared and the ways in which it is used to influence both their behavior and the opportunities available to them.
Privacy invasions are now ubiquitous. Your car, your television, your phone and your security system are all gathering data on your behavior. They are not doing this for your benefit. They are doing it for theirs.
The data from your car will be purchased by insurance companies who may choose to raise your rates or terminate your coverage if your driving patterns give them an excuse to do so. Your phone gathers an astonishing amount of intimate data, including your location and what you do in apps and on the web. Your TV tracks your viewing habits. Your security system and robotic vacuum cleaner snoop on you under the guise of providing valuable services. Much of this data is sold to internet platforms or to data brokers who then sell it to anyone who wants to influence your behavior.
Airlines now want to take your picture when you board a flight. Ticketing companies and hotel chains demand your cell phone number and email. Some COVID test centers ask for health data unrelated to COVID. Much of this data is also for sale. When aggregated, this data enables corporations and governments to predict elements of your behavior and to steer it by controlling the choices they offer you.
California has been a leader in privacy legislation but has not yet passed a law that provides consumers with real privacy protection.
Lobbyists managed to strip the teeth from the California Computer Privacy Act before it left the Legislature, forcing citizens to pass a referendum, the California Privacy Rights Act, that put some of the teeth back in. The key element of CPRA is the right to opt out of having your data sold or transferred.
Unfortunately, the opt-out mechanism of CPRA is unwieldy. A person who wants to protect personal data would need to opt out with each data broker and website individually. For most people, this would involve dealing with hundreds of sites, many of them unknown. Consumer Reports has created an app, Permission Slip, to make opting out easier, but data brokers have many excuses for not complying.
To address this problem, Senate Bill 362, the Delete Act, would create a one-step mechanism for consumers to get every data broker to delete their personal information. The bill, drafted by Sen. Josh Becker, D-Menlo Park, is not a complete answer, but it is an essential start and a serious threat to the data industry’s business.
For that reason, the industry has mounted a massive lobbying campaign to kill or neuter the bill. SB 362 has been passed by the Senate, but it must be passed by the Assembly by Sept. 14.
The data industry is huge, a giant web of companies, including Google, Meta, Microsoft and Amazon. Beyond internet platforms, there are advertising agencies and media companies whose revenues depend on ad targeting. Healthcare, insurance, automotive, retail and consumer electronics companies also use and depend on personal data. Even OpenAI, the company that created ChatGPT, trains the system on personal data and copyrighted material, used without permission.
Connecting them all are the data brokers who buy and sell the data. There are nearly 500 registered data brokers in California. In addition, the internet giants behave like data brokers in the way they transfer personal data collected in one app to others they control.
The industry, of course, argues that “personalization” — using person data to offer more engaging content and advertisements — enhances online experiences. Personalization can be convenient, but the relationship between users and the data industry is not open or honest. Consumers have no idea what is going on. They get a little bit of convenience at the front end, but the data live on forever, often being used in ways that are harmful to the consumer’s interests.
Another argument to oppose the bill comes from law enforcement, which uses data brokers to collect personal information that would otherwise be denied to them under the 4th Amendment. But the pursuit of a handful of criminals is never sufficient justification for surveillance of the entire population.
The Delete Act would help restore the right of consumers to make their own choices, free of interference and manipulation from the industry. For it to make a difference, it needs to apply to any company that collects, holds, exploits and/or transfers personal data. Some key players, notably Meta and Google, will insist that they can sidestep this law, as they have with earlier privacy laws in the U.S. and Europe.
Assembly members now face a test. Will they stand with consumers, or will they give in to powerful economic interests that have been harming Californians for profit?
(Roger McNamee is a co-founder of Elevation Partners and the author of “Zucked: Waking Up to the Facebook Catastrophe.”)
