Privacy Insider: July 20, 2021

Earlier this week, there was a news story about a near-kidnapping. In Queens, New York, a man grabbed a five-year-old boy and put him in the passenger seat of a car. The boy was walking with his mother, Dolores Diaz Lopez, who immediately ran to the car's half-open window and, after wrestling with a second assailant, pulled her son through it. The car sped off, though police caught the suspects later.

Can you imagine?

Dolores is a legend, in my mind. She saw someone taking what belonged to her and said, "Absolutely not."

There's this famous (or maybe infamous) quote from 20 years ago, spoken by Sun Microsystems' CEO. He said, "You have zero privacy anyway, get over it."

It's such a brazenly elitist sentiment. The idea that we should all shrug our shoulders at our privacy rights being slowly eroded at the hands of a data-hungry information economy assumes we can afford to do so.
It assumes our privacy isn't important enough to fight for.

But I think we should channel Dolores, here, because there are still many private spaces worth the fight.

When I think about when privacy's most important, I think about the kind of privacy that's essential for actual physical safety, sometimes. I think about chatrooms for people thinking about coming out as gay. Or Planned Parenthood mailing lists. Or the users and locations of safe houses aimed at keeping drug addicts off the street. Or my menstruation app's data. Or the surveillance footage from an Amazon Ring that caught me walking into an Alcoholic's Anonymous meeting.

I could go on for pages, and I bet you could, too. Think about the things you do but don't say out loud, either because you're embarrassed or it's taboo, or because it could put you in danger if people knew. I think those things are worth fighting to keep to ourselves.

Sure, it's taken consumers a long time to realize what's happening; that technology companies are harvesting our data and using it in ways we never imagined and often will never know. But that's because these decisions happen secretly, in boardrooms and then in engineering meetings and then in a website's code script.

The good news: Historically, like Dolores, once we realize we're about to lose something essential to us, we fight back.

Isn't this every social movement's foundation?

But activism first requires individuals to know there's something dangerous happening, and then the passion that bubbles to the surface when you're ready to say "enough." The struggle to get something back only begins when you realize something's been taken.

Hear me out: I do not propose that we prevent companies from collecting data entirely. There's a booming economy based on the model. But I do think it's only the beginning of a consumer revolution, whether that means constituents increasingly pressure lawmakers to take action or through purchasing/use decisions made based, in part, on the product's privacy.

Maybe 20 years ago people would have said they're "over" privacy. But that was before we realized that targeted advertising might reveal a young girl's pregnancy before she told her dad. Or facial recognition technology is so far from perfect it could put innocent people in jail with false matches.
In this week's newsletter, you'll see a New York Times column on this very subject, in which Greg Besinger says that you "shouldn't get over it."

I agree. But what do you think?

We're going to talk about this and more on our next Twitter Spaces chat. Join us Thursday, July 22, at 1 p.m. Pacific, 4 p.m. Eastern. Join from your phone as a listener or a speaker, whatever you prefer. I’d love to hear your thoughts. 

Enjoy reading, and I'll see you next week! Oh, and for more on Dolores, here. 

California Attorney General unveils new reporting tool for CCPA violations

On June 19, at a press event, California Attorney General Rob Bonta unveiled a one-year enforcement update on the California Consumer Privacy Act (CCPA). While the law passed in January 2020, the attorney general's office started enforcing it on July 1, 2020. Bonta also introduced a new online tool for consumers to contact businesses perceived to violate the law directly, though not everyone is a fan of it. 
Read Story

Austrian Supreme Court bounces Schrems' Facebook case to EU High Court

Austria's Supreme court is questioning Facebook's legal basis for collecting user data and deferred the case to Europe's highest court, Reuters reports. The decision is mostly a symbolic victory for Max Schrems, the privacy activist that brought the case. However, the court awarded him 500 euros ($589) in damages for Facebook's "obstructive tactics in response to his request to share the data it holds on him," the report states. 
Read Story

Next up in state privacy action: Ohio governor introduces law

Ohio's lieutenant governor has introduced the Ohio Personal Privacy Act (OPPA). The law most closely aligns with Virginia's law, National Law Review reports. However, it includes a novel provision: Businesses can use an "affirmative defense from an enforcement action" if their privacy policies comply with the National Institute of Standards and Technology privacy framework. 
Read Story

‘The assault on our privacy is being conducted in private’: Opinion 

“You have zero privacy anyway. Get over it.” Those words came from the chief executive of Sun Microsystems more than 20 years ago, and they’ve invoked debate ever since. In an editorial for The New York Times, Greg Bensinger says you “shouldn’t get over it," and you “don’t have to be OK with signing your life away to Silicon Valley technocrats.” 
Read Story

The ultimate guide to data discovery 

Data mapping, or "data discovery," can feel like a daunting task. When you imagine the trails of data stretching for proverbial miles even at small companies, trying to figure out where it all leads can feel like an arduous task. In this "Ultimate guide to data discovery," learn where to start. It'll be the essential groundwork for when there's, inevitably, a data breach and regulators come calling or when a customer makes a data-subject access request (DSAR). 
Read Story

A tale of two Washingtons 

While Washington state is closer than ever to passing a privacy bill, Washington D.C. is as far as its ever been. This piece is a deep-dive on the differences between state and federal governments' ability to get things done. State Sen. Reuven Caryl, D-Seattle, said, "If Congress decided to pass a sweeping comprehensive privacy bill tomorrow, it would take them four years to figure out who gets coffee for the group."
Read Story