Calling the efforts of technology companies to collect, store, and sell our personal data “surveillance,” Apple CEO Tim Cook last week called for federal regulation to protect a fundamental right to privacy.
Having run multiple bills addressing this issue during my service in Congress, I wholeheartedly agree with Cook. Americans deserve better protection than we are getting – and Congress must catch up fast.
The European Union led out with strict policy protections last May with the passage of the General Data Protection Regulation (GDPR), which sets a new standard for the protection of consumer data.
Here in the U.S., Cook is calling for an approach utilizing four key principles.
First, he challenges tech companies to “de-identify customer data or not collect that data in the first place.” I believe this is a moral imperative.
I honestly don’t understand how we can expect a 13-year-old to comprehend the potential implications of entering into a user agreement to use a social media app. Yet our kids are being tracked, their information sold, and their privacy compromised every time they log in to a device. How can any of us – youth or adult - expect to function in a modern world without agreeing to terms of service that inevitably put us under surveillance?
Cook’s second principle of data privacy is full disclosure – the right of consumers to know what is collected and how it is used. We know the pepperoni pizza we just bought is going to show up in ads on every social media platform we open. But how many of us realize it doesn’t end there? Cook tweeted last week that full transparency “is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham.”
Data security is critical in the United States, where foreign actors have accessed and stolen data directly from government databases and the largest technology companies have not been immune from data hacks.
Third, tech companies must understand that data belongs to users, who should have the right to access, correct, and even delete personal information from web searches. In Europe, they call this the Right to Be Forgotten – a ruling supported by Europe’s highest court that requires tech companies to delink information from search engines at the user’s request. If the request meets established criteria, the tech companies must comply.
If consumers agree to terms of service, but then later decide they no longer want to trade their information, they should have the right to cancel that agreement. This principle should also apply to government data storage.
There’s a reason we don’t record your DNA and fingerprints when you’re born. The government has no right to that information without probable cause. Meanwhile, the FBI has compiled, without authorization, a facial recognition database using mug shots and driver’s license photos. In an Oversight Committee hearing I chaired in March 2017, we learned approximately half of all Americans’ photographs are stored without their knowledge or consent, 80 percent of which are non-criminal entries.
Finally, Cook told the International Conference of Data Protection and Privacy Commissioners consumers should have a right to the security of their data.
Data security is critical in the United States, where foreign actors have accessed and stolen data directly from government databases and the largest technology companies have not been immune from data hacks.
While databases such as the FBI’s facial recognition program may be a powerful tool for law enforcement, they can also be used by bad actors to harass or stalk people in ways that chill free speech. In the current politicized environment of overheated rhetoric, I would be concerned that people could be targeted for simply attending political meetings, protests, churches, or events.
This is the rubicon we’ve begun to cross. Congress must act quickly to catch up and develop protections that secure the fundamental right to privacy for all Americans.
Get the recap of top opinion commentary and original content throughout the week.