Law in the Internet Society

A Proposal to Address Perpetuation of the Informational Capitalistic System

-- By JamieSavren – 13 Dec 2021 (revised 7 Jan 2022)

In this essay I will briefly present the thesis outlined by Ari Ezra Waldman in his new book, “Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power” (Cambridge University Press, 2021). I will then outline a proposal to address the issue Waldman describes and explain why I think it would be particularly helpful compared to others.

Waldman asserts that the policies and systems put into place by large corporations are essential to maintaining the informational capitalistic system in which we live. Their systems are set up such that employees genuinely believe that they are privacy advocates, all while bring part of the system that perpetuates surveillance and anti-privacy work.

Waldman opines that existing privacy laws around the globe are flawed. Firstly, existing privacy laws are self-regulatory. While they guarantee individual rights that pertain to data, they impose certain compliance responsibilities on the corporations. This structure shifts the monitoring, compliance, regulation and governance from the public and government to departments inside the regulated entities themselves. Not only do these departments self-regulate, but the relevant facts are kept secret. These corporations control the narrative, interpret the law as it best serves them, and undermine the law’s goals rather than protecting consumers.

Secondly, even the GDPR combines the vertical of self-regulation and compliance with another problematic one – individual rights such as access to information and data deletion. These verticals are insufficient to effectively deal with the problems that data extraction by corporations entails. It is hard for an individual to take agency and exercise their individual rights. Things like opting out of data collection or cookie tracking require effort. Furthermore, treating this issue as an individual one misses the point – privacy harms are collective social and global ones. We are forced to be part of a system of informational capitalism that automatically manipulates others.

It seems to me that the world of privacy regulation could take some notes from securities regulation. A federal privacy agency (that actually has teeth and substantive enforcement powers) should be set up, modeled after the SEC (which was created in the aftermath of the market crash of 1929). Instead of investor protection and securities market regulation, the Federal Privacy Commission (FPC) will protect society’s privacy rights and regulate the market of information, in order to prevent manipulation. We are at a similarly critical point – on the verge of losing control of how our information is used.

In the interest of keeping this paper short, I will outline the main authorities that I propose be delegated to the FPC:

1. Submission of privacy reports to the FPC – modeled after those that public companies submit to the SEC. Any public company would need to submit a privacy report to the FPC, using the fact that a company is public as a proxy to the fact that it collects data from consumers. The required content of the reports would be determined by the FPC, and they would all be available to the public online. Public companies that do not collect data may file a request for exemption. This would address the issue of secrecy. Private companies with annual revenues over a certain amount would also be required to submit privacy reports. 2. Publishing of educational materials to the public on privacy violations – most people do not fully understand how their data is being used and for what purposes. These would be published on the FPC website. This would address the issue of the effort required to enforce privacy rights. 3. Whistleblowing and anonymous tips – the FPC’s website would take tips and complaints pertaining to privacy violations to help the FPC track down violators. 4. More extensive criminalizing of misuses of data – the FPC should make amendments to existing privacy laws to make them more robust and put a greater burden on corporations to comply. 5. Criminal prosecution and enforcement of privacy laws – like the enforcement power given to the SEC, the FPC should be given greater authority to bring charges against corporations and their officers who break the law. This shifts the individuality that is currently associated with consumers to the corporations.

So, why is this a helpful prism through which this issue can be viewed? It’s easy to propose radical solutions such as outlawing data collection on a collective level or choosing to distance oneself from these corporations on an individual level. However, in our world, in which we are dependent on the services both in our professional lives and in our personal ones, we need to be practical. None of these authorities or concepts are revolutionary or radical, which would make it easier for legislators and policymakers to swallow. This model is also relatively cost-effective since it modeled after an existing regulatory framework.

More conceptually, it’s important to understand my proposal embraces the commodification of information and privacy rights. The question is how to regulate this emerging market. Other solutions that have been proposed, such as adopting the structure of environmental protection laws, do not reflect this transaction. Environmental protection laws do not enable people who live near a polluting factory to trade their right to clean air. An appropriate analogy would not be outlawing pollution, but outlawing securities fraud. An FPC would ensure regulation of transactions in which people choose to trade parts of their right to privacy, thereby gaining back some control of how their information is used, at the very least.

Furthermore, these proposed authorities increase transparency in a field that suffers from a lack thereof – both vis--vis customers of these companies, but also to the people who work for them. This is important since it would not be outrageous to argue that the best way to change these companies’ practices is from within. If employees were exposed to the information being used on a greater scale, they might be more inclined to voice their concerns within their organization and lead to changes for the better.

Although my solution is far from perfect, I think it would be a step in the right direction.


Webs Webs

r3 - 08 Jan 2022 - 00:42:58 - JamieSavren
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM