Some countries, such as France and Greece, have formally established internet access as a human right in the context of protection from losing it due to intellectual property violations and in terms of transparent pricing. Countries such as Finland and Spain have laid out schemes in which the state subsidizes internet access for all citizens. But it is still relatively rare to see governments tackle this issue in terms of specific laws about collection and handling of personal data by companies.
The most significant effort to create an internet bill of rights has been Brazil’s Civil Rights Framework for the Internet (which became law in 2014), but this has since suffered from issues with both government censorship (the banning of WhatsApp as well as numerous computer games) as well as the sorts of proposals that scare privacy advocates (such as a bill introduced in 2015 that would have required people use their legal names on the internet had it passed). The government of Italy issued a similar Declaration of Internet Rights in 2015, but it was non-binding and served more as a “think piece” than anything else. The EU’s GDPR remains the world’s most direct and broad legislation of collection of personal data, even though it is framed as a set of business regulations rather than as a civil rights matter.
The need for an internet bill of rights
Facebook’s ongoing string of controversies provides as good an example as any of why there is a demand for an internet bill of rights.
Allowing Cambridge Analytica to siphon personal data through a quiz app and taking hundreds of thousands of dollars from Russian intelligence agencies and their assets was just the start of their issues. Their ongoing problems came to a head very recently when they retained a PR firm to sow the same sort of misinformation that they had been so heavily criticized for facilitating.
Facebook also illustrates the issue with attempting to regulate tech companies and social media platforms using existing laws. It’s hard to shoehorn such a new business model into existing regulatory structures, like those for the financial industry or for media companies. An internet bill of rights would cut straight through this to provide the protections that consumers are most concerned about – the ability to obtain, correct or delete the reams of personal data companies have amassed and the knowledge of all collection of this nature.
Aside from malfeasance by poorly regulated data-handling companies, another big reason for regulation is the rise of “smart devices.” Many homes may soon have most (or all) of their vital functions tied to devices that require an internet connection to work properly.
Will it work?
The tech world is certainly acting as if GDPR-style data regulation is inevitable in the United States. The big question is the shape it will take.
Does one all-encompassing internet bill of rights stand the best chance of being passed into law, or would the process work better by dividing it into separate and more focused bills? For example, the bill drafted by Congressman Khanna tackles both data privacy and net neutrality at once. Data privacy regulation faces inevitable pushback from the tech industry, but public support for it tends to be strong and bipartisan. Net neutrality is more contentious, with strong entrenched Republican political opposition as an obstacle.