Law in the Internet Society

View   r3  >  r2  >  r1
JamieSavrenSecondEssay 3 - 08 Jan 2022 - Main.JamieSavren
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

A Proposal to Address Perpetuation of the Informational Capitalistic System

Changed:
<
<
-- By JamieSavren – 13 Dec 2021
>
>
-- By JamieSavren – 13 Dec 2021 (revised 7 Jan 2022)
 
Changed:
<
<
In this essay I will briefly present the thesis outlined by Ari Ezra Waldman in his new book, “Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power” (Cambridge University Press, 2021). I will then outline a proposal to address the issue Waldman describes.
>
>
In this essay I will briefly present the thesis outlined by Ari Ezra Waldman in his new book, “Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power” (Cambridge University Press, 2021). I will then outline a proposal to address the issue Waldman describes and explain why I think it would be particularly helpful compared to others.
 
Changed:
<
<
Waldman asserts that the policies and systems put into place by large corporations are essential to maintaining the informational capitalistic system in which we live – where information is profit. Although the lax public governance in this sphere obviously doesn’t help, the key to their success is through their “foot soldiers”. Their systems are set up such that employees genuinely believe that they are privacy advocates, all while bring part of the system that perpetuates surveillance and anti-privacy work. This is thanks to how their positions are situated within the corporation and limits placed on them.
>
>
Waldman asserts that the policies and systems put into place by large corporations are essential to maintaining the informational capitalistic system in which we live. Their systems are set up such that employees genuinely believe that they are privacy advocates, all while bring part of the system that perpetuates surveillance and anti-privacy work.
 
Changed:
<
<
So, what about existing privacy laws? Why aren’t they addressing this problem? Waldman opines that existing privacy laws around the globe are flawed. Firstly, existing privacy laws are self-regulatory. Even the quasi-progressive European GDPR and newly-proposed bills in the U.S., have the same structure: while they guarantee individual rights that pertain to data, they impose certain compliance responsibilities on the corporations. The problem with this structure is that it shifts the location of the monitoring, compliance, regulation and governance from the public and government agencies acting on behalf of the public to departments inside the regulated entities themselves. Not only do these departments self-regulate, but all of the relevant facts are also kept secret, so that society cannot access them and certify their compliance with the law. This method practically invites corporations to maintain the informational capitalistic system. They control the narrative, interpret the law as it best serves them, and undermine the law’s goals by actually taking advantage of it to amplify their own power, rather than protecting consumers.
>
>
Waldman opines that existing privacy laws around the globe are flawed. Firstly, existing privacy laws are self-regulatory. While they guarantee individual rights that pertain to data, they impose certain compliance responsibilities on the corporations. This structure shifts the monitoring, compliance, regulation and governance from the public and government to departments inside the regulated entities themselves. Not only do these departments self-regulate, but the relevant facts are kept secret. These corporations control the narrative, interpret the law as it best serves them, and undermine the law’s goals rather than protecting consumers.
 
Changed:
<
<
Secondly, even the GDPR, which is progressive in the sense that it presumes that privacy is a human right, combines the vertical of self-regulation and compliance with another problematic one – individual rights such as access to information and data deletion. These verticals are insufficient to effectively deal with the problems that data extraction by corporations entails. It is not easy for an individual to take agency and exercise their individual rights. Things like opting out of data collection or cookie tracking require effort that many people do not take. Furthermore, treating this issue as an individual one misses the point – privacy harms are collective social and global ones. When data is collected from Susan, it is put into a system that uses it to manipulate others, who have no way of consenting to the collection of Susan’s data in order to do so. Thus, we are forced to be part of a system of informational capitalism that automatically manipulates others. These are problems that individual rights do not address either at all or at least not sufficiently.
>
>
Secondly, even the GDPR combines the vertical of self-regulation and compliance with another problematic one – individual rights such as access to information and data deletion. These verticals are insufficient to effectively deal with the problems that data extraction by corporations entails. It is hard for an individual to take agency and exercise their individual rights. Things like opting out of data collection or cookie tracking require effort. Furthermore, treating this issue as an individual one misses the point – privacy harms are collective social and global ones. We are forced to be part of a system of informational capitalism that automatically manipulates others.
 
Changed:
<
<
So, what’s my solution? It’s easy to propose radical solutions such as outlawing data collection on a collective level or choosing to distance oneself complete from these corporations on an individual level. However, in the world in which we all live, where we are dependent on some of the services these corporations provide both in our professional lives and in our personal ones, the solution needs to be more practical.

It seems to me that the world of privacy regulation could take some notes from securities regulation. A federal privacy agency (that actually has teeth and substantive enforcement power) should be set up, modeled after the SEC (which was created in the aftermath of the Market Crash of 1929). Instead of investor protection and securities market regulation, the Federal Privacy Commission (FPC) will protect society’s privacy rights and regulate the market of information, in order to prevent manipulation. We are at a similarly critical point – on the verge of losing control of how our information is used. Instead of criticizing the commodification of information, let’s accept that fact and see how we can properly regulate it. If you can’t beat em’, join em’.

>
>
It seems to me that the world of privacy regulation could take some notes from securities regulation. A federal privacy agency (that actually has teeth and substantive enforcement powers) should be set up, modeled after the SEC (which was created in the aftermath of the market crash of 1929). Instead of investor protection and securities market regulation, the Federal Privacy Commission (FPC) will protect society’s privacy rights and regulate the market of information, in order to prevent manipulation. We are at a similarly critical point – on the verge of losing control of how our information is used.
 In the interest of keeping this paper short, I will outline the main authorities that I propose be delegated to the FPC:
Changed:
<
<
1. Submission of quarterly and annual privacy reports to the FPC – modeled after those that public companies submit to the SEC. To start, any public company would need to submit a privacy report to the FPC, using the fact that a company is public as a proxy to the fact that it collects data from consumers. The required content of the reports would be determined by the FPC, and they would all be available to the general public online. Public companies that do not collect data may file a request for exemption. This would address the issue of secrecy. Private companies with annual revenues over a certain amount would also be required to submit privacy reports.
>
>
1. Submission of privacy reports to the FPC – modeled after those that public companies submit to the SEC. Any public company would need to submit a privacy report to the FPC, using the fact that a company is public as a proxy to the fact that it collects data from consumers. The required content of the reports would be determined by the FPC, and they would all be available to the public online. Public companies that do not collect data may file a request for exemption. This would address the issue of secrecy. Private companies with annual revenues over a certain amount would also be required to submit privacy reports.
 2. Publishing of educational materials to the public on privacy violations – most people do not fully understand how their data is being used and for what purposes. These would be published on the FPC website. This would address the issue of the effort required to enforce privacy rights.
Changed:
<
<
3. Whistleblowing and anonymous tips – the FPC’s website would also take tips and complaints pertaining to privacy violations to help the FPC track down violators.
>
>
3. Whistleblowing and anonymous tips – the FPC’s website would take tips and complaints pertaining to privacy violations to help the FPC track down violators.
 4. More extensive criminalizing of misuses of data – the FPC should make amendments to existing privacy laws to make them more robust and put a greater burden on corporations to comply.
Changed:
<
<
5. Criminal prosecution and enforcement of privacy laws – like the enforcement power given to the SEC, the FPC should be given the authority to bring charges against corporations and their officers who break the law. This shifts the individuality that is currently associated with consumers to the corporations.
>
>
5. Criminal prosecution and enforcement of privacy laws – like the enforcement power given to the SEC, the FPC should be given greater authority to bring charges against corporations and their officers who break the law. This shifts the individuality that is currently associated with consumers to the corporations.
 
Changed:
<
<
Although my solution is far from perfect, I think it would be a step in the right direction in the field of privacy rights.
>
>
So, why is this a helpful prism through which this issue can be viewed? It’s easy to propose radical solutions such as outlawing data collection on a collective level or choosing to distance oneself from these corporations on an individual level. However, in our world, in which we are dependent on the services both in our professional lives and in our personal ones, we need to be practical. None of these authorities or concepts are revolutionary or radical, which would make it easier for legislators and policymakers to swallow. This model is also relatively cost-effective since it modeled after an existing regulatory framework.
 
Changed:
<
<
We can condense the discussion of Waldman, because we've already discussed these ideas, as well as the crucial intermediate point about the ecological nature of privacy regulation, which restates his points about collective action difficulties in a more actionable fashion.
>
>
More conceptually, it’s important to understand my proposal embraces the commodification of information and privacy rights. The question is how to regulate this emerging market. Other solutions that have been proposed, such as adopting the structure of environmental protection laws, do not reflect this transaction. Environmental protection laws do not enable people who live near a polluting factory to trade their right to clean air. An appropriate analogy would not be outlawing pollution, but outlawing securities fraud. An FPC would ensure regulation of transactions in which people choose to trade parts of their right to privacy, thereby gaining back some control of how their information is used, at the very least.
 
Changed:
<
<
So instead of the points I made about the structure of environmental statute law, you offer an approach from the previous generation, not NEPA, the Clean Air and Water Acts and CERCLA, but one half of the 1933/34 securities acts. Well and good, but the point should be why this is the more useful architecture. What Tommy Corcoran and Ben Cohen drafted in one famous night at the start of the New Deal may have more relevance to the new structures we need than a decade of somewhat more carefully legislated efforts at a broader set of industries' practices with more complex externalities involved. You should say why.
>
>
Furthermore, these proposed authorities increase transparency in a field that suffers from a lack thereof – both vis--vis customers of these companies, but also to the people who work for them. This is important since it would not be outrageous to argue that the best way to change these companies’ practices is from within. If employees were exposed to the information being used on a greater scale, they might be more inclined to voice their concerns within their organization and lead to changes for the better.
  \ No newline at end of file
Added:
>
>
Although my solution is far from perfect, I think it would be a step in the right direction.

JamieSavrenSecondEssay 2 - 04 Jan 2022 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

A Proposal to Address Perpetuation of the Informational Capitalistic System

Line: 24 to 24
 5. Criminal prosecution and enforcement of privacy laws – like the enforcement power given to the SEC, the FPC should be given the authority to bring charges against corporations and their officers who break the law. This shifts the individuality that is currently associated with consumers to the corporations.

Although my solution is far from perfect, I think it would be a step in the right direction in the field of privacy rights.

Added:
>
>
We can condense the discussion of Waldman, because we've already discussed these ideas, as well as the crucial intermediate point about the ecological nature of privacy regulation, which restates his points about collective action difficulties in a more actionable fashion.

So instead of the points I made about the structure of environmental statute law, you offer an approach from the previous generation, not NEPA, the Clean Air and Water Acts and CERCLA, but one half of the 1933/34 securities acts. Well and good, but the point should be why this is the more useful architecture. What Tommy Corcoran and Ben Cohen drafted in one famous night at the start of the New Deal may have more relevance to the new structures we need than a decade of somewhat more carefully legislated efforts at a broader set of industries' practices with more complex externalities involved. You should say why.

 \ No newline at end of file

JamieSavrenSecondEssay 1 - 13 Dec 2021 - Main.JamieSavren
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="SecondEssay"

A Proposal to Address Perpetuation of the Informational Capitalistic System

-- By JamieSavren – 13 Dec 2021

In this essay I will briefly present the thesis outlined by Ari Ezra Waldman in his new book, “Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power” (Cambridge University Press, 2021). I will then outline a proposal to address the issue Waldman describes.

Waldman asserts that the policies and systems put into place by large corporations are essential to maintaining the informational capitalistic system in which we live – where information is profit. Although the lax public governance in this sphere obviously doesn’t help, the key to their success is through their “foot soldiers”. Their systems are set up such that employees genuinely believe that they are privacy advocates, all while bring part of the system that perpetuates surveillance and anti-privacy work. This is thanks to how their positions are situated within the corporation and limits placed on them.

So, what about existing privacy laws? Why aren’t they addressing this problem? Waldman opines that existing privacy laws around the globe are flawed. Firstly, existing privacy laws are self-regulatory. Even the quasi-progressive European GDPR and newly-proposed bills in the U.S., have the same structure: while they guarantee individual rights that pertain to data, they impose certain compliance responsibilities on the corporations. The problem with this structure is that it shifts the location of the monitoring, compliance, regulation and governance from the public and government agencies acting on behalf of the public to departments inside the regulated entities themselves. Not only do these departments self-regulate, but all of the relevant facts are also kept secret, so that society cannot access them and certify their compliance with the law. This method practically invites corporations to maintain the informational capitalistic system. They control the narrative, interpret the law as it best serves them, and undermine the law’s goals by actually taking advantage of it to amplify their own power, rather than protecting consumers.

Secondly, even the GDPR, which is progressive in the sense that it presumes that privacy is a human right, combines the vertical of self-regulation and compliance with another problematic one – individual rights such as access to information and data deletion. These verticals are insufficient to effectively deal with the problems that data extraction by corporations entails. It is not easy for an individual to take agency and exercise their individual rights. Things like opting out of data collection or cookie tracking require effort that many people do not take. Furthermore, treating this issue as an individual one misses the point – privacy harms are collective social and global ones. When data is collected from Susan, it is put into a system that uses it to manipulate others, who have no way of consenting to the collection of Susan’s data in order to do so. Thus, we are forced to be part of a system of informational capitalism that automatically manipulates others. These are problems that individual rights do not address either at all or at least not sufficiently.

So, what’s my solution? It’s easy to propose radical solutions such as outlawing data collection on a collective level or choosing to distance oneself complete from these corporations on an individual level. However, in the world in which we all live, where we are dependent on some of the services these corporations provide both in our professional lives and in our personal ones, the solution needs to be more practical.

It seems to me that the world of privacy regulation could take some notes from securities regulation. A federal privacy agency (that actually has teeth and substantive enforcement power) should be set up, modeled after the SEC (which was created in the aftermath of the Market Crash of 1929). Instead of investor protection and securities market regulation, the Federal Privacy Commission (FPC) will protect society’s privacy rights and regulate the market of information, in order to prevent manipulation. We are at a similarly critical point – on the verge of losing control of how our information is used. Instead of criticizing the commodification of information, let’s accept that fact and see how we can properly regulate it. If you can’t beat em’, join em’.

In the interest of keeping this paper short, I will outline the main authorities that I propose be delegated to the FPC: 1. Submission of quarterly and annual privacy reports to the FPC – modeled after those that public companies submit to the SEC. To start, any public company would need to submit a privacy report to the FPC, using the fact that a company is public as a proxy to the fact that it collects data from consumers. The required content of the reports would be determined by the FPC, and they would all be available to the general public online. Public companies that do not collect data may file a request for exemption. This would address the issue of secrecy. Private companies with annual revenues over a certain amount would also be required to submit privacy reports. 2. Publishing of educational materials to the public on privacy violations – most people do not fully understand how their data is being used and for what purposes. These would be published on the FPC website. This would address the issue of the effort required to enforce privacy rights. 3. Whistleblowing and anonymous tips – the FPC’s website would also take tips and complaints pertaining to privacy violations to help the FPC track down violators. 4. More extensive criminalizing of misuses of data – the FPC should make amendments to existing privacy laws to make them more robust and put a greater burden on corporations to comply. 5. Criminal prosecution and enforcement of privacy laws – like the enforcement power given to the SEC, the FPC should be given the authority to bring charges against corporations and their officers who break the law. This shifts the individuality that is currently associated with consumers to the corporations.

Although my solution is far from perfect, I think it would be a step in the right direction in the field of privacy rights.


Revision 3r3 - 08 Jan 2022 - 00:42:58 - JamieSavren
Revision 2r2 - 04 Jan 2022 - 17:41:41 - EbenMoglen
Revision 1r1 - 13 Dec 2021 - 23:54:10 - JamieSavren
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM