The European Union and California lawmakers have embraced some of the strongest online privacy laws ever seen in recent months, reflecting growing public concern in an era in which people of the world are on the brink of spending more time online than they do watching TV.
Since May 25, Europe’s General Data Protection Regulation has required all companies that collect or mine personal data from online sources to get the consent of users. The law also requires clear, easily understood explanations from companies about their information-gathering policies and seeks to make it impossible to use the old dodge of hiding behind dense legalese.
The California Consumer Privacy Act, which was signed into law June 28 and takes effect in 2020, gives state consumers similar protections. It requires companies to disclose upon request the types of personal information they have gathered and to obtain the consent of children under 16 before they use online data collected from these kids. Individuals can sue companies for up to $750 if there is a breach of their unencrypted personal information.
But these rules might not be enough. That’s because even as regulators get new tools to combat the intrusive policies of tech giants, fresh examples of their untrustworthiness keep emerging — especially with Facebook. Here are three of many examples:
• The Washington Post reported July 2 that the Securities and Exchange Commission, the FBI and the Federal Trade Commission were now all part of a broadening investigation into Facebook’s sharing of the personal data of 71 million Americans with the Cambridge Analytica political consulting firm. Investigators appear focused on the huge discrepancies between what Facebook told regulators and users about its privacy policies and how the company actually used the information it collected.
• The Guardian, a London newspaper, reported last week that a leading European consumer protection group found that Facebook and 13 other large internet companies all continued to post vague language about the protections that users of their services could expect — contrary to the plain intent of the new EU online privacy law.
• The New York Times reported on June 3 that Facebook had shared personal information from its users with at least 60 makers of cellphones and computer hardware. This previously undisclosed policy appeared to contradict a 2011 consent decree that Facebook reached with the U.S. government in which the company vowed to honor privacy promises it had made to its users. It also led Germany’s top privacy regulator to blast Facebook for breaking its commitments with “an unprecedented violation of privacy laws and user trust.”
Against this backdrop, the TV ads that Facebook has been running since April that vaguely apologize for the company losing its way seem laughable in their insincerity. The reality is that Facebook founder Mark Zuckerberg has been on an apology tour for years, airing regrets and repeatedly promising to do better on privacy issues for more than a decade.
Whatever is found in the federal investigation of Facebook, what’s already known is egregious enough that federal agencies must not be placated with still more vague promises. Tough online privacy laws in California and Europe won’t just help consumers here and there; they’ll spur other laws and eventually force Facebook to meet its promises.
— The San Diego Union-Tribune