FTC Commissioner Rebecca Slaughter - “data abuses” reflects the fact that rampant corporate data collection, sharing, and exploitation harms consumers, workers, and competition in ways that go well beyond more traditional or libertarian privacy concerns. We must examine a wide variety of data abuses, including questions of racial bias, civil rights, and economic exclusion, considering practices that undermine personal autonomy and dignity, and reevaluating damaging and dangerous business models and market practices.
Why should privacy be considered a civil right?
Over the last few years, there has been a shift toward thinking about privacy as a civil right. Lawsuits at the intersection of privacy and civil rights have been filed. Facebook has been charged by the Dept of Housing and Urban Development, under the Fair Housing Act, of using race as a basis for targeting home ads.
A number of think tanks have argued that privacy should be thought of as a civil right -
Electronic Privacy Information Center and others wrote Privacy And Digital Rights For All
Center for Democracy and Technology Recommendations to the Biden Administration
Data and Society Privacy, Security, and Digital Inequality
New America Centering Civil Rights in the Privacy Debate
Leadership Conference on Civil and Human Rights Civil Rights Principles for the Era of Big Data
Lawyer’s Committee for Civil Rights Under the Law Privacy Rights are Civil Rights
Why has government oversight been so weak?
Most people would agree that privacy regulation has been weak at best. The Federation of American Scientists, in their Day One Project, Addressing Challenges at the Intersection of Civil Rights and Technology blast the government’s response:
Agencies administering equal opportunity laws lack technical expertise
Agencies that frequently handle tech issues lack civil rights expertise
Even when agencies have the necessary expertise to understand issues at the intersection of tech and civil rights, they are reactive instead of proactive
Proprietary platforms and data are opaque in a way that often frustrates government oversight
There is a lack of interagency coordination around technology and civil rights
In other words, there are quite a few laws that prohibit discrimination based on race and other personal characteristics, such as the Civil Rights Act, Fair Housing Act, and Voting Rights Act. The Department of Justice, for example, could file a lawsuit under the Equal Credit Opportunity Act if a creditor discriminates against a credit applicant on the basis of characteristics such as race, color, religion, national origin, sex, marital status, and age.
The FTC is the primary entity charged with protecting privacy in the U.S., specifically through Section 5a which states that “unfair or deceptive acts or practices in or affecting commerce are declared unlawful” (referred to as UDAP). Even the FTC admits that their enforcement of data privacy has been weak. And there are sector specific laws such as HIPPA (health), FERPA (education), FCRA and Gramm–Leach–Bliley (finance), but no comprehensive federal privacy law.
The GAO, in a series of studies has brought up the same lack of federal oversight of privacy. Since 2013, GAO has recommended that Congress consider strengthening the consumer privacy framework to reflect the effects of changing technologies and markets, specifically asking Congress to consider comprehensive internet privacy legislation.
The problem is that no one agency has the expertise and staff to handle civil rights issues related to technology. Probably a new agency should be started to fully handle this issue. A recent ballot initiative established the California Privacy Protection Agency, a stand alone, new entity to understand and enforce privacy laws in California. Public Citizen makes the same point and provides details on a new agency and new legislation.
Brookings paper - Bridging the Gaps
Cam Kerry at Brookings has consistently focused on privacy issues for years and has written, what is to me, the best summary of where we are now and what needs to be done to make sure that privacy laws ensure civil rights — Bridging the Gaps.
I am working on a white paper that includes some of his ideas. Our main recommendations for Texas:
First, pass a state privacy bill that clearly defines both rights for consumers and requirements for businesses.
Write civil rights protections directly into the privacy bill.
In addition, fight against federal preemption of stronger state laws.
Bring citizens, companies, and the state to the table to develop effective regulations.
Finally, after passing a strong privacy law and writing effective rules, demand vigorous enforcement.
More on the TX Legislature 2021 page.