Is it time for a national Digital Bill of Rights?
- By Alan Shark
- Jan 28, 2020
The concern for privacy has grown over the years, and today we are bombarded with every online service imaginable informing us of their ever-changing privacy policies. Such statements are often long and difficult to comprehend. When I ask my university students where privacy is guaranteed in the Constitution, I get many guesses -- but ultimately, they learn the answer is nowhere -- at least not directly. The closest issue to privacy in the early years of our nation was property. How things have evolved!
Concerns over protecting private property and possessions morphed into privacy of the human body, and later to protections to meet the rapidly growing field of communications. For example, the growth of newspapers increased concerns for privacy and remedies to protect against misinformation and slander. The advent of handheld cameras raised concerns for unauthorized use of pictures taken without permission. Concerns grew over the privacy of telegraph communications and then landline telephony.
Later, the focus would shift to how government collects and treats data and privacy. The first major piece of legislation addressing privacy in the federal government was the U.S. Federal Privacy Act of 1975. Other legislation has passed since then, but it all predates the digital revolution that brought us Facebook, Google, Amazon, Twitter and Instagram -- and over two million apps from which to choose.
As we enter a new decade, there is growing concern for both privacy and data protection; while related, they are different. In fact, the National Academy of Public Administration recently identified Ensure Data Security and Individual Privacy as one of its 12 Grand Challenges in Public Administration. Simply put, data protection focuses on keeping records safe and secure from unauthorized use, while privacy is a combination of legal protections recognized in laws and regulations and usually based on moral underpinnings.
In today's digital world, we are told nothing ever gets erased and find ourselves becoming more concerned about the ever-growing digital footprints we leave behind. We worry more about what private companies like Google, Amazon and Facebook know about us than the federal government. After all, "they" know where we dine, shop and bank, what we watch, organizations we support, our political leanings, the credit cards we use and where we travel. They know where we work and even our net worth.
We are complicit in this privacy dilemma as we gladly accept so much for "free" without questioning how our digital footprints are being monetized and used. With the growth of smart applications, smart speakers that listen and speak, such as Alexa and Siri, and devices such as camera doorbells, home security cameras, smart lighting and thermostats, we are trading convenience for privacy. While e-commerce companies now know our buying habits and can helpfully anticipate what we might like, the downside is not knowing how else this information is being used and who has access to it.
As government grapples with ways to handle data protection and privacy, one such step forward is the newly passed California Consumer Privacy Act (CCPA), which took effect Jan. 1, 2020.
The CCPA protects the right to tell a business not to share or sell one's personal information; provides control over personal information that is collected, and holds businesses accountable for safeguarding one's personal information. The CCPA is in part modeled on the European Union's more aggressive General Data Protection Regulation (GDPR), which is far-reaching in terms of protecting both data and privacy and provides many key protections and rights to individuals.
While consumers have applauded such efforts, there remain many gaps in state, local and federal laws. And despite the latest focus on online data and privacy protections, there are still privacy issues that go beyond online services.
We have become accustomed to video cameras and surveillance. Government and the private sector have installed cameras everywhere, raising a number of privacy issues. There is also the use of automated license plate readers (ALPRs), which can capture roughly 2,000 plates per minute. In all, what is done with this data? Who has access -- and on what terms and conditions? How is this data stored and for how long? And then there is the growing concern regarding facial recognition, the use of drones with cameras, and artificial intelligence -- each posing unique threats to privacy and data.
We recognize that technological advances are always far ahead of regulatory frameworks, and public managers and policymakers are often lagging behind in meaningful remedies. So, while there is growing awareness about the need for both data security and privacy, one can't help but see the looming crisis of each state having its own data privacy laws.
Therefore, the federal government must seriously consider the need for a National Digital Bill of Rights that clearly maps out how data and privacy are fundamental rights. In order to reach this legislation, a Commission on Privacy and Data should be created. A good starting point could be the EU's GDPR and the CCPA approach toward providing protection to individuals regarding data and privacy.
Ideally, the Commission should be composed of representatives from industry, consumers, academia and public policymakers. Commission members must consider how privacy is being eroded and how this trend, if allowed to grow, will further erode public trust of our institutions. Such a representative group can help guide the way towards a Digital Bill of Rights for serious consideration and ratification.
Dr. Alan Shark is a fellow of the National Academy of Public Administration and chairs its standing panel on technology leadership. He is the executive director of CompTIA's Public Technology Institute and is an associate professor at George Mason University's Schar School of Policy and Government.