|
META TOPICPARENT | name="FirstEssay" |
Maya Uchima | |
< < | What to Learn From the European Union’s Recent Reforms on Data Privacy | | | |
> > | An Analysis of the EU’s GDPR | | | |
< < | The Privacy Infringement Problem in the US | | | |
< < | It has become more and more apparent in today’s society that the concept of privacy has been eroded, redefined, and curtailed as the power of corporations have dominated. Consumers must actively and aggressively opt-out from having private information logged and stored by websites. Oftentimes, consumers are not given the option to prevent companies from collecting data from them. For example, EPIC’s lawsuit against Google, alleging that Google has been tracking in-store purchases by gathering information from credit card transactions and using that data to target ads specific to each consumer. Not only can purchases (on and offline) reveal one’s tastes and interests, but searches on the internet or viewing trends logged by a cable box can provide valuable data that can be used in profitable marketing strategies. There is an argument that these targeted ads serve only to make life easier, more convenient, and tailored. Nevertheless, with no choice given to the consumer, the discomfort one feels due to the ruthless invasion of private life far outweighs the possible benefit of finding out about a sale at a preferred shoe store. It feels like the fight for privacy has succumbed to the allure of a blinded trust in these mega corporations. | | | |
> > | The Privacy Infringement Problem in the Modern World | | | |
< < | Insufficient Protections | | | |
> > | It has become more and more apparent in today’s society that the concept of privacy has been eroded, redefined, and curtailed as the power of corporations have dominated. Consumers must actively and aggressively opt-out from having private information logged and stored by websites. Oftentimes, consumers are not given the option to prevent companies from collecting data from them. For example, EPIC’s lawsuit against Google, alleging that Google has been tracking in-store purchases by gathering information from credit card transactions and using that data to target ads specific to each consumer. Not only can purchases (on and offline) reveal one’s tastes and interests, but searches on the internet or viewing trends logged by a cable box can provide valuable data that can be used in profitable marketing strategies. There is an argument that these targeted ads serve only to make life easier, more convenient, and tailored. Nevertheless, with no choice given to the consumer, the discomfort one feels due to the ruthless invasion of private life far outweighs the possible benefit of finding out about a sale at a preferred shoe store. It feels like the fight for privacy has succumbed to the allure of a misguided trust in these mega corporations. | | | |
< < | The US is not without any protections for the consumer. The Fourth Amendment outlines broadly the right against unreasonable search and seizures. This sets the foundation for arguing for the consumer’s right to protect his data and his online choices. There exist also the Wiretap Laws, Electronic Communications Privacy Act, and most importantly, the FTC Act of 1914, which seeks to protect consumers from unfair or unreasonable business practices. The FTC is granted the power to pursue a corporation for questionable behavior, but unless the FTC deems the behavior worthy of an investigation, the private consumer is left with scant recourse. Other regulations tend to be too specific, such as a regulation on just medical data disclosure or just financial data protection. So what can the US do to begin providing more coverage for the consumer? | | | |
> > | The GDPR’s Proposed Goals and Policies | | | |
> > | In the preamble of the GDPR proposal, the drafters have set out general goals, the most important ones being: (1) the protection of the fundamental right of an EU citizen to his privacy and personal data, (2) the harmonization of the “protection of fundamental rights and freedoms of natural persons in respect of processing activities,” (3) the free flow of personal data between Member States, and (4) redefining the scope of “personal data.” Within these 99 articles, the European Council provides strengthened and new policies that hope to achieve these goals. These new policies apply to both “controllers” and “processors” of data who work in conjunction to carry out any activity concerning the usage of personal data. The GDPR hopes to afford consumers more freedom and control over the usage of their personal data- creating a consent regime where people can request to “be forgotten,” and erase data when it no longer serves a justifiable reason. The regulation supplies higher punishments if there is a breach and increased legal compliance regulations, including keeping more strict activity logs. It also defines “personal data” more broadly, now including IP addresses, where before it only recognized personally identifiable information (names, social security, etc.). Administrative agencies will provide independent supervision over law enforcement actions and certain remedies will be made available for the infringement of privacy if it is breached unfairly or disproportionately. | | | |
< < | Possible Pointers in the EU | | | |
> > | Although Noble, It Is flawed | | | |
< < | The EU’s recent policies may shed some light for possible next steps. Regulation 679 (2016), also known as GDPR, will go into effect across the member states of the EU (including the UK) in May 2018. It hopes to strengthen supervision and protection of consumer data. These new policies apply to both “controllers” and “processors” of data who work in conjunction to carry out any activity concerning the usage of personal data. The regulation sets out higher punishments if there is a breach and increased legal compliance regulations, including keeping more strict activity logs. It also defines “personal data” more broadly, now including IP addresses, where before it only recognized personally identifiable information (names, social security, etc.). The EU also issued Directive 680 (2016), the Law Enforcement Directive, last year. Directives, although not treated as immediate and binding legislation as regulations are, act as general guidelines for member states, which in turn create internal policies to fall into compliance with the overarching goal of the directive. It states that data can only be used in the process of preventing or investigating crimes and proceeds to define the limitations and scope of what constitutes a crime more clearly. Administrative agencies will provide independent supervision over law enforcement actions and certain remedies will be made available for the infringement of privacy if it is breached unfairly or disproportionately. | > > | The GDPR, however honorable in goal, is subject to several inferences that cannot currently exist. For example, a large flaw lies in the inherent gray-area of what constitutes consent. When faced with few options for providers of a product, consumers have little choice but to agree to terms that they may not approve of, including data collection. One option, as mentioned in lecture, is to begin the transition away from desiring these kinds of products. However, most people would rather risk losing control over their data than go through the hassle of protesting these practices. This exposes a deeper problem with society and its entrenched dependence on and trust in technology services, but on a higher level, points to issues concerning the value of consent in this era. With societal pressure compelling consumers to buy the latest gadgets, subscribe to cost-saving services, and glamorizing ease at the expense of independence, a consumer is lulled into freely giving consent, quickly clicking the “I agree” button, avoiding any hassle. The GDPR, in its hope that consumers will be ever vigilant and unswayed by appealing shortcuts in controlling their data, relies on an unrealistic expectation.
Another issue is the great amount of trust consumers must place in their governments, administrative agencies, and companies. One must trust that once he requests to be “forgotten,” a company will swiftly and completely adhere. The realities, however are probably much more complex and slow-moving. Consumers are also aware enough that it will be difficult to ask them to blindly believe that their data is in perfectly secure hands now that these guidelines have been approved. Moreover, if a company fails to follow through on the request, does one have sufficient means to gain compliance through the government, its agencies, and the judicial system? Would the ultimate hassle turn off most complainants? Perhaps, and that is another instance of apathy induced by a reluctance to challenge the status quo, as mentioned above with consent. The GDPR, in setting up so many steps in prevention, investigation, and enforcement, has also created an environment of bureaucracy that is shrouded in mystery and places the control away from the public and squarely in the hands of the government and corporations. | | | |
< < | Not a Perfect System
The EU’s continued interest in protecting consumers stems most likely from a stronger belief that privacy is a fundamental human right, a value not quite shared yet in the US. There have been many theories for why Europeans in general tend to want to shield their private lives more so than citizens in the US. One of the most dominant theories states that the trauma from during the Holocaust when Nazi officials would use school and bank records to find the names and addresses of Jewish people in the area has strengthened the necessity of protections for personal information.
However, the EU system is not perfect. Their policies work mainly because of a heightened sense of trust among citizens in their individual member states’ governments. The US government has struggled with its citizens to maintain a semblance of respect for privacy and with the reveal in 2013 of PRISM being used by the NSA to monitor and track the data from internet transactions, the people’s distrust of the government has skyrocketed. To call for US citizens to all of the sudden embrace government regulation and surveillance as guardians of their data against corporations would be too large a bridge to gap, and would, in fact, lead to many other problems, as the government and its subsidiaries have proven to be a dubious and mysterious entity when it comes to maintaining boundaries with its citizens. The key takeaway from the EU reforms would be the shift in mentality towards viewing privacy as a fundamental right to be protected at all costs. The EU has instituted independent bodies to oversee the uses of data and has ensured steep remedies for breaches. These steps will not end the problems with private data infringement, but may begin the deterring process.
I take the point of the draft to be that the GDPR is useful and
important. Because you don't actually summarize, discuss, or
mention any of the reasons why one might instead believe that the
GDPR is an enormous irrelevancy, it's hard to know whether you are
right.
I find it difficult to believe that support for GDPR hinges on
whether one thinks that privacy is a human right, because I believe
rather firmly in privacy as a human right and I think the GDPR is a
grotesque absurdity of no value in supporting human rights of any
kind whatever. I don't think very convincing a hypothesis that I
don't care about the GDPR because I don't care enough about the
Holocaust; I think I care about the Holocaust rather more than
plenty. I don't think it is possible to give a good account of US
skepticism about the GDPR and other similar legislation without
mentioning the First Amendment, which you don't.
From my point of view, the best way to improve the draft is to put
your ideas in contact with the ideas of those who disagree. I think
explaining how you meet objections---whether on the basis of
fundamental balancing of freedom of thought and expression against
the data control aspect of the privacy rights of persons; or
theoretical criticism of the idea of data control as a meaningful
part of the privacy paradigm instead of secrecy, anonymity and
autonomy; or implementation concerns about the effort to use the
location of the data subject as a basis for environmental
regulation---will help you to clarify your own ideas and sharpen
their expression. This draft is the sound of one hand clapping not
very loudly, because there is no dialogue in which it participates.
| > > | What Are Some Solutions? | |
\ No newline at end of file | |
> > | It is clear that data protection is a very difficult area to regulate, as the technology engineered to shield private information is constantly being hacked, revamped, and regulated by new rules. The blanket remedies proposed in the GDPR most likely will fail in the immediate short-term due to some of the problems discussed above. However, possible actions taken by consumers themselves may help in the implementation and effectiveness of the GDPR. Most significant is the level of awareness consumers have and their general technological savvy. The more informed the consumer, the more likely the offending practice will be sniffed out and protected against. Many consumers have become complacent because they know they do not understand how data privacy works and are willing to allow third parties to regulate it for them. With a more trained eye and the confidence in what is and is not permissible or dangerous, consumers will be better equipped to handle these violations. |
|