President Barack Obama’s sixth State of the Union address, which he will deliver on Tuesday, will focus on cybersecurity, according to a speech he gave last Monday at the Federal Trade Commission. Protecting our government and corporations from foreign threats will not be Obama’s only focus—he’s also pushing for a bill that would protect internet consumers. But online privacy advocates are far from optimistic. They say Obama’s new consumer privacy bill will need to be very strong and specific to fill all the existing holes in consumer privacy law. Even then, they warn, the bill is likely doomed, because tech-industry lobbyists will spend millions to block it.
Right now, there are now very few restrictions on what data companies are allowed to scoop up from our digital apps and how they are allowed to use it. Companies routinely gather information and use it in ways consumers’ didn’t know about, much less sanction. Last year, Facebook manipulated what its users viewed on their news feeds to see how it would affect their moods and behaviors. One could be enrolled in a biometric database or plugged into a marketing research database without ever giving consent. Stalking is illegal, but invisible and undetectable location apps technically aren’t, so geo-location services can make it much easier for stalkers to follow their prey everywhere. (According to a survey conducted by the National Network to End Domestic Violence, almost three-fourths of domestic-violence services aided victims who were tracked by these stalking apps or GPS devices.) According to Evidon, an online marketing analytics service, an app called My Pregnancy Today shared data with 19 different third parties, including Google, Facebook, Twitter, BabyCenter, AdMob, Dynamic Logic, and various other obscurely named companies. An app that tracks when women menstruate did the same. Weight Watchers International sends your diet plans directly to Kraft Foods.
Obama wants to change all that. “We believe that there ought to be some basic protections,” he said Monday, describing new legislation he hopes will become law. The proposed bill, which has not yet been introduced in Congress, will build upon the Consumer Privacy Bill of Rights, a measure Obama first introduced three years ago. According to the president, the bill will give Americans “the right to decide what personal data companies collect from them and how they use that data.” The mass of information about shopping habits, Facebook likes, health information, location, and other information plugged into smartphone apps would be safe, and misuse and misdirection of private data by companies would be strictly policed. That’s the hope, at least.
The obstacles are myriad.
GOP lawmakers’ reaction to Obama’s plan has been muted. Sen. John Thune (R-S.D.), the chairman of the Senate Commerce Committee, claimed in a press release that he was ready to work with Obama, complaining that the president’s actions on cybersecurity were overdue. But Thune was focused not on consumer protection but rather on Obama’s proposals to bring the United States into compliance with an international standard under which companies would have to report data breaches within 30 days.
Libertarians want the government to “get its own privacy house in order,” says Jim Harper, a senior fellow at the Cato Institute. “The president should order the National Security Agency to cease spying on innocent Americans and undercutting internet security technologies. Until he does so, he lacks the moral authority to counsel the private sector about privacy and security.”
Industry groups oppose the legislation too. “We all agree that it’s essential to protect consumer data privacy,” says Mark McCarthy, an executive at the Software and Information Industry Association. “But new federal regulations won’t make consumers any safer.” Industry groups have spent millions to block former legislation on consumer privacy in years past.
They have been effective. “Not a single commercial privacy law has made it out of committee during the last Congress, during the last two years,” says Alvaro Bedoya, the director of Georgetown Law’s Center on Privacy and Technology. “A bill that would pass this Congress will not fill the holes [in current policy].”