I want to point to two things that exist already, and only need more adoption, that seem like the right direction after Cambridge Analytica and Facebook’s phone-scraping practices. One is legal (the GDPR), and the other is technological (Diaspora).
Neither of them seems likely to become part of modern American life overnight, but I think it is important to continually be trying to imagine the world as you wish it were.
1. America Needs Something Like the EU’s General Data Privacy Regulation.
For the last year and a half, every company in Silicon Valley has already been scrambling to increase their ability to give users more choice, control, and specific rights regarding how their data is used. Unfortunately, the protections are only for users in the EU. That is because the EU passed a extraterritorial (meaning applies to anyone in the world) privacy law, the General Data Protection Regulation, that applies to anyone processing personal data, but that seems extra-targeted toward social networks.
It is a rather large piece of legislation, and would be more than what I intend to tackle in a short blog post to say that the United States needs to copy it verbatim. However: it is already been operationalized; everyone in the industry is familiar with it; it’s better than what we have now. So it would be a good starting point for anyone looking for what strong privacy protections the United States might look like.
One of its particular clauses that I think would have prevented some of the damage from the Cambridge Analytica situation is that users have to give “specific consent” for each use of their data. That means that for each particular use that a company wants to apply user data to, they have to get a specific checkbox or other indication that the user agrees to it; you cannot bury it all in the privacy policy or terms of service. That might be more difficult to pass in the United States where the lobbying power of Facebook and Google would likely be turned against it, because it affects their profitability. After all, who is going to specifically consent to have targeted ads? (Maybe they could pay users a piece of the approximately $80 per U.S. user per year that Facebook gets, mostly from advertising revenue.) On the other hand, if Facebook was thinking very long-term and wants to regain users’ trust, perhaps it would not be so opposed after all. If you want to read more about this this post on PageFair gives some additional information on how GDPR is likely to affect Facebook.
2. The World Needs A Decentralized Social Media Platform (Like Diaspora, Perhaps)
The operational model of email is a good example of network decentralization, which creates a market that buffers against the sort of monopolization that Facebook has. Right now there’s a lot of people who are angry at Facebook, but they find they are tied to it because there is nowhere to go; it is the primary data source for all of the social connections in our world.
Continue reading Options Beyond #DeleteFacebook : GDPR and Diaspora