Internet connection on a smart phone showing privacy rules for Big Tech

Big Tech Isn’t Breaking Any Privacy Rules if There Aren’t Rules to Break

Everyday people have an awareness about their personal information being used by just about every brand out there…even if they aren’t so clear on the details. Those of us who have looked under the hood of the data industry have a more intimate view of just how much information tech companies have about every aspect of their users’ personal lives. It’s shocking sometimes. But when whistleblower Frances Haugen testified about Facebook’s nearly limitless access to user data and the harm it can cause, many weren’t surprised.

Much smaller tech companies than Facebook have a glut of sensitive data on users. And from what I’ve seen, the volume of personal information available online about private citizens nearly doubles every year. Doubles. Every. Year.

Here’s something to think about. There are digital warehouses of information about you, and their inventory expands every time you use a popular social media app or web browser. These warehouses store and make accessible all kinds of details about you, big and small. Consider tidbits such as your address, phone number, aliases, relatives, political affiliation, resting heart rate, and preference for plant-based over cow’s milk.

All this data is for sale to anyone offering the right price. Some merchants buy your data to get you to try their new line of sneakers, and some use it to convince you to vote a certain way. Whatever their conversion goal, none of them are particularly transparent about where they’re collecting your information from and how they’re using it.

But when an insider like Haugen speaks up about the state of things in Big Tech, more people awaken to the nature and extent of these privacy violations. The scope of the problem is massive and deserves the widespread public exposure it’s beginning to receive. But I believe it’s time for even more aggressive intervention.

Consumers and Big Tech lose without government regulation

For-profit tech companies want to make as much money as possible, as they should; they are, after all, businesses. But ad-dependent companies (like Facebook) create privacy-smashing algorithms to maximize profits. These algorithms collect your personal information, use it to predict your purchasing behavior, then present you with the most enticing ads possible.

This use of data may sound morally dubious, but tech companies aren’t going to go against their interests. It would be counter-intuitive for them to do so. Put morality and ethics aside for a moment, and imagine playing a game of chess. Would you let your opponent know that you’re going to win if they don’t move their knight?

You might say that the difference between a strategic chess player and a tech company is that the latter is breaking the rules. The trouble with that answer reveals the need for government intervention:

There aren’t any rules for Big Tech to break.

Rules emerge when a governing body imposes them. Initial federal regulations are bound to be imperfect, but they’ll at least provide universal and transparent direction.

Say the government prohibits a tech company from collecting data on how users interact with its content. If that business wants to avoid an unfavorable audit, it will stop using those pesky algorithms to collect that type of data. Users will have the law to support their understanding of privacy violations and hold other non-complying companies accountable.

While the United States continues to deliberate possible legislation, other countries have already developed regulations protecting consumers. For example, the EU enacted the General Data Protection Regulation (GDPR) in 2016. Though the GDPR has many shortcomings and inconsistencies, it allows citizens to hold companies accountable for the consumer information they use. The law also allows consumers to request to have their personal information removed.

Rules do for enterprise what enterprise won’t do for itself. Asking for-profit companies to take the high road even when it hurts their profits is like asking dental patients to pull their own teeth. As long as policymakers delay robust data regulations on the tech industry, our privacy remains unprotected and in the grip of money-driven algorithms.

Should we trust the government to protect our privacy?

It’s true, the government doesn’t have a spotless record when it comes to privacy protection. In fact, a Forbes investigation revealed that the FBI and Department of Homeland Security are secretly using “keyword warrants” to request user data from Google on private citizens.

Arguably, this type of information helps thwart domestic and international crimes. Makes sense. But the government has completely veiled these tactics. We only know about them today because of the vigorous efforts of journalists and whistleblowers. Citizens shouldn’t have to wait for the next dramatic leak to understand how their own government uses their data.

Whether the entities collecting personal data are private enterprises or government agencies, access to sensitive information needs to be clearly articulated and regulated. Perhaps the regulating body should be composed of government and business—a hybrid force with built-in checks and balances preventing abuse from either side. Either way, the status quo is failing consumers, and the government shouldn’t expect the tech industry to solve its best money-making problem.

A more transparent, consumer-controlled future is coming

I hope that a formal agency overseeing user privacy is formed. It’s my firm belief that such a move will benefit citizens, private businesses, and public entities alike. I’m confident that the formation of such an industry is inevitable and that we’ll see it happen in the next few years. I’m similarly convinced that the government’s practices around user data will become more transparent and better regulated.

Why am I so optimistic about the direction tech is headed as it relates to consumer privacy? Because the consumers are paying attention. As the public becomes more informed about how government and private entities use personal information, pressure will build. A safer, more just tech architecture is around the corner.