While the details of this week’s Facebook scandal — that the company had allowed partners to view supposedly private user data — were new, the arc of this story already follows a predictable script that, unfortunately, Americans are seeing over and over and over again.
Every few weeks, a new story breaks about some new corporate innovation in unauthorized sharing, selling or losing control of Americans’ data; the company will apologize and promise to always put customers first; it will make a cosmetic, largely meaningless change to its policies; and then it all happens again a few months later. Wash, rinse, repeat.
After years of this, Americans are understandably fed up with empty corporate promises. Some of the biggest tech companies have repeatedly shown that profits come first... and then we’ll see about best interests of users.
Sheryl Sandberg personally told me that personal privacy is a matter of national security, and yet we now know that Facebook shared users' personal information with Russian and Chinese telecom companies with strong links to their governments. (Yandex has been credibly accused of funneling user data to the Russian government, while U.S intelligence officials have been sounding the alarm about Huawei’s government links for years now.)
I personally asked Facebook about its data-sharing partnerships with other companies earlier this year, and my staff reviewed the privacy audits it filed with the Federal Trade Commission. Those audits revealed, much like the New York Times' reporting, that, once Facebook had handed users’ personal information to other companies, it did nearly nothing to make sure that outside companies protected that information.
So why does this latest confirmation that users' data may well be shared or traded away without their permission matter, beyond proving once again that too often corporations will say nearly anything to further their march to higher profits and stock prices?
For one, it makes America less secure, by making it much easier for foreign adversaries to scoop up Americans' deeply personal information to then use as ammunition against the United States.
Two recent reports written for the Senate Intelligence Committee are a stark illustration of how these campaigns work. Russia tried hard to keep African-Americans away from the polls by targeting them on social media in 2016. These kinds of foreign influence operations will only get more sophisticated in the future.
When hostile regimes have ready access to Americans’ data — by obtaining it from friendly companies or stealing it — it makes it even easier for these governments to micro-target us with divisive messages and false content designed to undermine American democracy.
Protecting our personal information is personal security issue as well. When Americans’ data is easily accessible, it is far too easy for robbers, domestic abusers and predators to use for malicious purposes.
Here’s an example: Wireless companies, for years, allowed shady data brokers to track your cell phone and then sell detailed location data to anyone with a credit card. It doesn’t take much imagination to realize how dangerous that could be. If a criminal can track you or your children, your safety is at direct risk. After I put a spotlight on the practice, carriers eventually cut ties with those middlemen. But to make sure it won’t happen again, I want strong legal protections for consumers written into black-letter law.
That’s why I wrote a tough privacy bill to finally protect Americans from this rampant misuse of their data.
My bill has three major elements: It requires radical transparency about how our information is collected and shared, requiring companies to tell you the name of everyone that gets access to your data. Then, it gives consumers control over who can see their data, by letting them easily opt out of letting companies ever share their information. Finally, it creates penalties for companies that don’t protect our privacy, and gives the Federal Trade Commission the resources it needs to actually enforce the rules.
Companies repeatedly lie to Congress and the American people about what they do with our information. It’s my view that CEOs who lie to the government about protecting your privacy shouldn’t get off with a slap-on-the-wrist fine: They should face serious financial penalties and even the possibility of prison time for lying to the government about protecting your data and, under my bill, they will.
After watching the privacy spin cycle far too many times, it’s clear to me that corporate CEOs need some skin in the game to actually take Americans’ privacy seriously.