States take on data privacy, while Congress sits on the sidelines
Time to demand Congressional candidates prioritize digital privacy.
The latest attempt to provide US Citizens with some fundamental digital rights, the American Privacy Rights Act (APRA), stalled out in the US Congress in June and is doomed to die in the months before the election. The web is almost 35 years old, yet we still do not have federal rights to learn what data companies collect about us, to opt out of the collection (with some exceptions), to correct erroneous data, or even to fully understand how our data is used, stored, and monetized.
And it is not that APRA was that great, either. All the civil rights protections had already been stripped from the bill, protections that are needed more than ever in the age of artificial intelligence (AI), where technologies like facial recognition have been shown to have error rates that vary significantly by race and have led to the arrest of innocent people.
While Congress dawdles to pass a long overdue privacy bill, many States are charging ahead. So far, thirteen states have passed privacy laws. Several of these state laws follow a model set by Virginia, which grants consumers certain rights and enforces them through the attorney general. Most states agree that personally identifiable information (your SSN, driver's license, etc.) should be regulated regarding how it is collected, used, and stored.
However, several states also regulate personally "sensitive" data, and the definitions of what is sensitive vary significantly from state to state. In some states, your location is considered sensitive, and residents of those states have rights regarding how companies and organizations use and retain information about your location. A lot of valuable information can be gained from your location: when you go to the grocery store, when you get off work, and what gym you belong to. All of these can be used to effectively target you for advertising or political persuasion.
Other states might protect information about your religion or union membership. Still, other states extend their laws to include information about your DNA sequence. Consumer rights (such as access, correction, and deletion of data) also vary by state.
As you can imagine, this patchwork of state laws is difficult for companies to navigate, especially small businesses. One think tank that specializes in technology policy, the Information Technology and Innovation Foundation, states that if all fifty states implement privacy laws, the cost of business would be $239 billion, with small businesses paying $50 billion in compliance costs, including the costs of hiring and retaining data protection officers, conducting privacy audits and data impact assessments, and responding to consumer requests (paper here).
I am not concerned that Google or Facebook will have difficulty complying (they make about $614 million and $319.6 million in revenue per day, respectively). Regulatory complexity favors big incumbents and stifles competition from new companies. Oligopolies already dominate the technology landscape, and enacting consumer protections state-by-state will decrease competition, something we don't need now.
This state-by-state approach also creates inconsistencies in consumer protections, leaving citizens with varying privacy safeguards depending on their location. This disparity is unacceptable, especially as artificial intelligence becomes more prevalent.
As we rapidly approach the fall elections, US Congress candidates must prioritize digital privacy. We need leaders who understand the urgency of this issue and are committed to passing comprehensive legislation that protects all Americans, regardless of where they live. The digital age offers unprecedented opportunities but presents new challenges to our privacy and civil liberties.
It's time for Congress to act. Our digital rights can no longer wait.
My commentary may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. I ask that you edit only for style or to shorten, provide proper attribution and link to my contact information.
📆 Upcoming Talks/Classes 👨🏫
I will be talking at the Workshop on Emerging Technologies for Digitalization at the Asia-Pacific Economic Cooperation meeting in Lima, Peru, on August 12. More information and will be available on the APEC Peru website.
I will be presenting “Managing the Learning Machine” at 8:00 AM on September 10th for the MU Retiree’s Association (In Person and Zoom). More information and Registration will be available on MU Retiree’s Association website.
My friend and colleague, Sophia Rivera Hassemer, is teaching “Technology Potpourri” for Osher on Sept 12, 19, 26, and Oct 3 from 9:30 to 11am, and I will be her assistant! It will be in person only at the Moss building, and will be very hands on with technology. More information and Registration will be available on the Osher website.
I will give a talk on Artificial Intelligence and The Elections on Tuesday, September 10, 6:30pm - 8:00pm at the Missouri River Regional Library in Jefferson City. More information is available on the Missouri River Regional Library website.
I will present “Harnessing AI for Nonprofit Growth” from
10:45 - 11:45 a.m., on November 7 via zoom. More information and Registration will be available on the New Chapter Coaching website.I will present “AI: Current Trends and Future Directions” for the Mid-Missouri PMI Chapter on November 12th at 7:30am via zoom. Registration will be available on PMI Mid-MO Chapter's website.