By Peter S. Vogel and Chelsea Hilliard
Dec 27, 2019 4:00 AM PT
The California Consumer Protection Act (CCPA) goes into effect in 2020, and other state and federal laws are on the horizon -- but is it possible that these state laws will really provide us privacy?
For instance, how many readers take the time to read the privacy policy (or click agreement) when they download a new version of an app on their smartphone or tablet? Probably none. What are the consequences?
Well, we all know that it is great to share our GPS location with the apps so they know where we are to give directions on maps -- or recommend restaurants, since the apps know our eating preferences. Given the use of cells, tablets and social media, everyone shares all kinds of personal data.
New laws will not replace the social needs we have created in using cells, tablets, and social media, because everyone shares that information for their personal convenience.
Where Do Laws Come From?
It's common knowledge that laws are based on what society thinks is socially acceptable in a particular community. What is socially acceptable in New York City dictates the laws in New York City, but what's acceptable in Beijing, Moscow or London may be different and dictate different laws. The local law makers (think legislatures or dictators) decide the law, and then the local court systems get to interpret the local laws when challenges are presented.
Privacy always has been important to people in the U.S., and since the Constitution was enacted in 1789, the First Amendment has allowed for free speech. The courts have interpreted what free speech is and how that relates to privacy, which may be at the heart of any particular dispute challenging the First Amendment.
The Federal Trade Commission's Role
The FTC is charged with protecting privacy in the U.S., and it regularly files lawsuits to enforce the federal privacy laws under the 1934 FTC Act. For instance, on July 24, 2019, the FTC announced a $5 billion penalty and sweeping new privacy restrictions on Facebook:
The $5 billion penalty against Facebook is the largest ever imposed on any company for violating consumers' privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide. It is one of the largest penalties ever assessed by the U.S. government for any violation.
Also, on Dec. 18, 2019, the FTC reached a settlement
In the Matter of Cambridge Analytica, LLC, although the original complaint filed alleged that Cambridge Analytica "…employed deceptive tactics to harvest personal information from tens of millions of Facebook users for voter profiling and targeting."
Clearly the FTC actively is protecting privacy for U.S. citizens, but as states create their own privacy laws -- like the CCPA -- you should expect the courts to be involved in deciding which law applies to a particular alleged violation between the FTC Act and CCPA (and other laws that will be enacted in the future).
How Does the European Union GDPR Fit In?
The 2018 EU General Data Protection Regulation regulates the transfer of personal data outside of the EU and European Economic Area, and requires controllers of the EU personal data outside the EU to apply GDPR to allow EU citizens to opt out, delete data, and exercise the right to be forgotten.
A legal complication is whether the courts in the U.S. will enforce the GDPR for EU residents who happen to be in the U.S. At the time of writing this column we do not know, but at some point courts will let us know. So stay tuned.
Will Chinese Lack of Privacy Invade the US?
Chinese authorities are spying on nearly 1.4 billion people, The New York Times has reported, using both old and state-of-the-art technologies -- such as phone scanners, facial-recognition cameras, face and fingerprint databases, and many others -- to establish authoritarian control.
Can this happen in the U.S.? Probably not, given the FTC and state laws, but it is a scary threat -- reminiscent of George Orwell's Big Brother in Nineteen Eighty-Four -- that keeps many people awake at night. How do people in China feel about the lack of privacy? Does anyone outside the country really know the answer?
China is a totalitarian state, not a democracy like the U.S., which of course makes a huge difference. The U.S. is governed by a constitution that provides all citizens rights and privileges, including privacy protection, which is regulated by the FTC as noted above.
Still, if people in the U.S. are not careful, they will they lose all privacy.
Does Big Data Compromise Privacy?
A few years ago, the FTC issued "Big Data - A Tool of Inclusion or Exclusion," a report that highlights consumer privacy, particularly under the Fair Credit Reporting Act (FCRA).
You may not be aware that there are no laws in place to require data aggregators to verify the accuracy of the data that they buy and sell. So if your private data is included, and it is inaccurate, what can you do?
How Does Artificial Intelligence Affect Privacy?
AI relies on a machine learning process using big data, and the privacy question is whether the data contains your private information. How will that impact AI?
It's a good question. Think about the fact that McDonald's "…is turning to artificial intelligence and machine learning in the hopes of predicting what customers want before they decide," according to a New York Times report published on Oct. 22, 2019.
The article, entitled "Would You Like Fries With That? McDonald's Already Knows the Answer" includes these comments:
"Over the last seven months, McDonald's has spent hundreds of millions of dollars to acquire technology companies that specialize in artificial intelligence and machine learning. And the fast-food chain has even established a new tech hub in the heart of Silicon Valley -- the McD Tech Labs -- where a team of engineers and data scientists is working on voice-recognition software."At some drive-throughs, McDonald's has tested technology that can recognize license-plate numbers, allowing the company to tailor a list of suggested purchases to a customer's previous orders, as long as the person agrees to sign away the data.
"As the evolution of the McDonald's drive-through shows, the internet shopping experience, with its recommendation algorithms and personalization, is increasingly shaping the world of brick-and-mortar retail. Restaurants, clothing stores, supermarkets and other businesses use new technology to collect consumer data and then deploy that information to encourage more spending."
How do you feel about any retailer (no matter what product or service is involved) knowing so much about you and your private life?
Peter Vogel has been an ECT News Network columnist since 2010. His focus is on technology and the law. Vogel is Of Counsel at Foley Gardere, Foley & Lardner LLP, and focuses on cybersecurity, privacy and information management. He tries lawsuits and negotiates cloud contracts dealing with e-commerce, ERP and the Internet. Before practicing law, he received a master's in computer science and was a mainframe programmer. His blog covers IT and Internet topics. Email Peter.
Chelsea Hilliard has been an ECT News Network columnist since 2019. As an associate at Foley Gardere, Foley & Lardner LLP, she focuses her business
litigation practice on trade secret noncompetition and securities enforcement. She also helps clients with complex electronic discovery disputes and has been
recognized as Texas Rising Star attorney by Texas Monthly, and a Top Lawyer under 40 by D Magazine. Email Chelsea.
December 27, 2019 at 07:24AM
via https://www.aiupnow.com
Peter S. Vogel and Chelsea Hilliard, Khareem Sudlow