There are many problems with the way companies collect, use, share, and sell data in the modern world. At the Electronic Frontier Foundation, the leading advocacy organization for digital rights, we think a lot about solutions to those problems and ways to improve digital privacy. The way the technology industry, and even most privacy regulation, treats privacy now focuses on what works for businesses. It doesn’t work for average people, who have their privacy rights intruded upon every minute of the day.
Of course, privacy is not the only issue in the world, or even in tech policy. At EFF, we certainly recognize, for example, that there are competition issues in the technology space. But we also believe that solving competition problems should not come at the expense of our privacy. Unfortunately, we’re seeing a rising number of such proposals, which require companies to share personal data with other businesses or with the government, without safeguards to protect consumer’s privacy. In New York City, EFF recently spoke out against a law that requires food delivery services such as DoorDash to share personal customer information with restaurants. Most people don’t expect their local pizza place to keep a database of their information. Handing over the data to companies that may not have the training or capability to protect it also sets up a honeypot for hackers looking for an easy score.
DoorDash customers, meanwhile, can only stop this data sharing if they opt out of the sharing —not with a simple flick of a switch in their settings, but on a per-order basis. That’s bad for consumers, who may not realize they have to make their preferences known again and again.
Such proposals are misguided. Those that mandate sharing between companies, for example, might give small businesses short-term boons. They won’t, however, address issues that have led to concentration in the technology sector. What they do instead is further encourage the commoditization of our data as a tool for businesses to battle each other, with user privacy caught in the crossfire.
Consumers—actually, let’s call them people—already have so little control over their personal information and, by extension, their privacy, in the modern world. Mandating more data-sharing that further takes away people’s ability to take hold of their own information. Lawmakers instead should be looking for ways to limit data collection, make privacy the default option, and encourage good data practices.
That’s why we advocate for privacy legislation that center on the needs of people; it’s people who ultimately feel the harms of privacy invasion. Yes, technology companies have problems. But the way to fix bad actors in tech is not to increase non-consensual data sharing.
Data privacy legislation is hard, but many of the principles aren’t. Make protecting people’s privacy easy. Don’t surprise people by splashing their information in places they didn’t agree to, or using for things they didn’t ok. Don’t collect more data than you need—it makes you a target for no good reason. Protect people first.
–Hayley Tsukayama, legislative activist, Electronic Frontier Foundation