I usually don’t like new tech regulations.
One reason is that tech changes so fast that new regulations tend to protect yesterday from last Thursday.
Another reason is that lawmakers tend to know little or noting about tech. One former high U.S. government official once told a small group of us, roughly, “There are two things almost nobody in Congress understands. One is technology and the other is economics. So good luck.”
Still, I had high hopes for the GDPR (the EU’s General Data Protection Regulation), which famously went into effect one year ago. I even suggested that we re-brand 25 May “Privmas Day” (hashtag #privmas) since I expected the GDPR would go far toward protecting personal privacy online, which prior to that date had been approximately nil. I even published, here in Linux Journal, what I called an FUQ for the GDPR.
That FUQ (the U meaning “Unanswered”) provided guidance toward new developments that could give each of us many new forms of agency online, as well as some privacy. I really did expect the GDPR to encourage both.
Alas, mostly it hasn’t. Worse, it has had many other effects, including these:
- The Interactive Advertising Bureau (IAB) and the ad-supported tech giants are doing their best to preserve what Shoshana Zuboff calls surveillance capitalism and Brett Frischmann and Evan Selinger call re-engineering humanity.
- Most GDPR-spurred developments have been toward reluctant, minimal and expensive compliance efforts by websites and services. The most obvious result of those developments are gates at the entries to websites, most of which ask (without saying so directly) that each of us consent to those sites doing exactly the kind of surveillance the GDPR was meant to outlaw.
- From what I’ve seen so far (and I’ve done a lot of looking), all the major publications covering privacy issues online continue to direct attention toward Google and Facebook, and away from the third rail they deeply fear to grab: that they are just as guilty of participating in exactly the same surveillance business. I expect they will cover that story eventually, mostly because I’ve talked to a lot of their reporters about it. But so far we haven’t seen much. (Credit where due: in You’re Not Alone When You’re on Google, Jennifer Senior of The New York Times notes in passing that “your newspaper” is among the guilty parties.)
- New regulations, inspired by or modeled on the GDPR, preserve or amplify some of its worst features. For example, the California Consumer Privacy Act, aka Assembly Bill 375, “would grant a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared.” It does nothing to support individuals saying no to having that information collected in the first place. Like the GDPR, the CCPA assumes that nearly all agency is on the data collector’s side, and therefore addresses the regulation toward burdening potential perpetrators of personal privacy violations, rather than enabling individuals to exercise their privacy rights by using new tech that the regulation might encourage.
Which brings us to the biggest problem with the GDPR: as the New Context for privacy, it puts blinders on nearly everyone’s vision of what privacy is and what can be done to create it for individuals in the digital world. Simply put, if you want to talk privacy, ya gotta talk GDPR. And that means assuming that personal privacy is entirely a grace of what others don’t do to us, rather than what we can do for ourselves. This is a very blindered view: one that locks everybody into thinking about how to protect 2015 from 2012. Worse, as I put it back in January, If your privacy is in the hands of others alone, you don’t have any.
Fortunately, we have to wear the GDPR’s blinders.
For example, if you’re not spying on people, don’t bother with a cookie notice. They’re all roughly the same as putting one of these on your house:
And start working on stuff that increases not only our privacy online, but our agency: the ability to get things done. New things. Better things. There’s a good list in An FUQ for the GDPR, and a continuously updated one in this punch list at ProjectVRM, which I run.
Meanwhile, we’re not going to stop the lawmaking. So let’s also think about what kind of laws and regulations we actually want, and how those might encourage useful developments for each of us, personally.
>> Source Link