Computers, Privacy & the Constitution

How We Sign Away Our Privacy

-- By CalvinLee - 10 Mar 2022


Modern privacy policies have become increasingly thorough and expansive, creating a huge burden for the user to actually read through and understand. Many users often “sign” their consent to the terms, without any knowledge of the terms to which they are agreeing to. These terms have become much too expansive and give social media companies excessive power and control over the data collection and usage of its users. Examining Facebook and Instagram’s privacy policies, this paper seeks to outline the major data collection and usage concerns and proposes potential regulatory solutions to provide consumers with greater assurance of personal privacy.

Facebook and Instagram's Privacy Policy: The Problem

Facebook’s privacy policy states that it will collect data on content and communications, networks and connections, app usage and activity, transactions, and activity from other users directed or related to you. Instagram, owned by the same parent company, has a very similar policy. On paper, this policy gives Facebook and Instagram wide latitude to collect an obscene amount of data that is related to the user in any way. The policy also gives Facebook and Instagram incredible discretion on how to use the data, such as selling it to third-party advertisers or to train its own artificial learning models.

The current regime of privacy policies allows platforms to set absurdly expansive and vague terms without pushback. Most internet platforms employ a “take-it-or-leave-it” model, forcing users to comply if they want to use the service.This asymmetric power dynamic limits user agency and leaves no capacity for the user to debate the terms. While private companies should generally be free to decide their own terms of service, there should be limitations and regulations that further restrain the ability of internet platforms to use our data and protect consumers’ privacy interests while using those platforms.

Shifting the Power Dynamic

The first step toward protecting consumers is shifting the power dynamic. In Fall 2021, Apple introduced App Tracking Transparency (ATT), which asked users if they wanted to allow apps on their phones to target the user for ads. This gave consumers greater agency in how their data was used. But this should be the norm, and regulation should demand that consumers have the authority to decide which app can use their data for marketing purposes. Implementing a rule or standard that requires consumers to explicitly give permission upon initial usage of the application, similar to Apple’s ATT, would be an effective solution because it forces the user to confront the application’s data usage and collection features while also providing the user with a convenient way to opt out (simply selecting “No” when prompted to give permission for data tracking). While Apple’s ATT only gives limited protection (the consumer’s sole usage of Facebook still permits Meta to engage in a great amount of data collection from the user’s activity), the industry-wide proposed rule should address the overall data collection and usage scheme, such that the user is forced to acknowledge the different ways the application collects data and is granted the opportunity to deny permission of such data collection.

Fair Credit Reporting Act as a Model

The next step is to implement greater regulations on data usage. Similar to how the Fair Credit Reporting Act (FCRA) restricted the usage of data, the FTC should implement regulation that limits the usage of data that internet platforms collect. The FCRA allows unconstrained collection of data to develop a credit score, but that score and data usage is only usable in the context of credit or employment purposes. The same should apply in this context, where the data collected may be unrestricted, but the usage is constrained to situations and scenarios in which the users actively agree to (presupposing that users are allowed to choose).

Furthermore, internet platforms and social media companies should be compelled to be more transparent with their data usage. Like how the FCRA allows consumers to see the data that is held about them and dispute inconsistencies, users should be able to request companies to reveal the data that is being collected through the usage of their app. If they recognize that data is being used for marketing where they didn’t allow it, then consumers, like in the credit context, should be able to challenge the company’s usage.


Webs Webs

r4 - 02 May 2022 - 14:14:00 - CalvinLee
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM