Law in the Internet Society

A Proposal to Address Perpetuation of the Informational Capitalistic System

-- By JamieSavren – 13 Dec 2021

In this essay I will briefly present the thesis outlined by Ari Ezra Waldman in his new book, “Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power” (Cambridge University Press, 2021). I will then outline a proposal to address the issue Waldman describes.

Waldman asserts that the policies and systems put into place by large corporations are essential to maintaining the informational capitalistic system in which we live – where information is profit. Although the lax public governance in this sphere obviously doesn’t help, the key to their success is through their “foot soldiers”. Their systems are set up such that employees genuinely believe that they are privacy advocates, all while bring part of the system that perpetuates surveillance and anti-privacy work. This is thanks to how their positions are situated within the corporation and limits placed on them.

So, what about existing privacy laws? Why aren’t they addressing this problem? Waldman opines that existing privacy laws around the globe are flawed. Firstly, existing privacy laws are self-regulatory. Even the quasi-progressive European GDPR and newly-proposed bills in the U.S., have the same structure: while they guarantee individual rights that pertain to data, they impose certain compliance responsibilities on the corporations. The problem with this structure is that it shifts the location of the monitoring, compliance, regulation and governance from the public and government agencies acting on behalf of the public to departments inside the regulated entities themselves. Not only do these departments self-regulate, but all of the relevant facts are also kept secret, so that society cannot access them and certify their compliance with the law. This method practically invites corporations to maintain the informational capitalistic system. They control the narrative, interpret the law as it best serves them, and undermine the law’s goals by actually taking advantage of it to amplify their own power, rather than protecting consumers.

Secondly, even the GDPR, which is progressive in the sense that it presumes that privacy is a human right, combines the vertical of self-regulation and compliance with another problematic one – individual rights such as access to information and data deletion. These verticals are insufficient to effectively deal with the problems that data extraction by corporations entails. It is not easy for an individual to take agency and exercise their individual rights. Things like opting out of data collection or cookie tracking require effort that many people do not take. Furthermore, treating this issue as an individual one misses the point – privacy harms are collective social and global ones. When data is collected from Susan, it is put into a system that uses it to manipulate others, who have no way of consenting to the collection of Susan’s data in order to do so. Thus, we are forced to be part of a system of informational capitalism that automatically manipulates others. These are problems that individual rights do not address either at all or at least not sufficiently.

So, what’s my solution? It’s easy to propose radical solutions such as outlawing data collection on a collective level or choosing to distance oneself complete from these corporations on an individual level. However, in the world in which we all live, where we are dependent on some of the services these corporations provide both in our professional lives and in our personal ones, the solution needs to be more practical.

It seems to me that the world of privacy regulation could take some notes from securities regulation. A federal privacy agency (that actually has teeth and substantive enforcement power) should be set up, modeled after the SEC (which was created in the aftermath of the Market Crash of 1929). Instead of investor protection and securities market regulation, the Federal Privacy Commission (FPC) will protect society’s privacy rights and regulate the market of information, in order to prevent manipulation. We are at a similarly critical point – on the verge of losing control of how our information is used. Instead of criticizing the commodification of information, let’s accept that fact and see how we can properly regulate it. If you can’t beat em’, join em’.

In the interest of keeping this paper short, I will outline the main authorities that I propose be delegated to the FPC: 1. Submission of quarterly and annual privacy reports to the FPC – modeled after those that public companies submit to the SEC. To start, any public company would need to submit a privacy report to the FPC, using the fact that a company is public as a proxy to the fact that it collects data from consumers. The required content of the reports would be determined by the FPC, and they would all be available to the general public online. Public companies that do not collect data may file a request for exemption. This would address the issue of secrecy. Private companies with annual revenues over a certain amount would also be required to submit privacy reports. 2. Publishing of educational materials to the public on privacy violations – most people do not fully understand how their data is being used and for what purposes. These would be published on the FPC website. This would address the issue of the effort required to enforce privacy rights. 3. Whistleblowing and anonymous tips – the FPC’s website would also take tips and complaints pertaining to privacy violations to help the FPC track down violators. 4. More extensive criminalizing of misuses of data – the FPC should make amendments to existing privacy laws to make them more robust and put a greater burden on corporations to comply. 5. Criminal prosecution and enforcement of privacy laws – like the enforcement power given to the SEC, the FPC should be given the authority to bring charges against corporations and their officers who break the law. This shifts the individuality that is currently associated with consumers to the corporations.

Although my solution is far from perfect, I think it would be a step in the right direction in the field of privacy rights.

We can condense the discussion of Waldman, because we've already discussed these ideas, as well as the crucial intermediate point about the ecological nature of privacy regulation, which restates his points about collective action difficulties in a more actionable fashion.

So instead of the points I made about the structure of environmental statute law, you offer an approach from the previous generation, not NEPA, the Clean Air and Water Acts and CERCLA, but one half of the 1933/34 securities acts. Well and good, but the point should be why this is the more useful architecture. What Tommy Corcoran and Ben Cohen drafted in one famous night at the start of the New Deal may have more relevance to the new structures we need than a decade of somewhat more carefully legislated efforts at a broader set of industries' practices with more complex externalities involved. You should say why.

Navigation

Webs Webs

r2 - 04 Jan 2022 - 17:41:41 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM