A call for digital-privacy regulation ‘with teeth’ at the federal level

How did we get to the point where the tech industry is in the user-data business instead of the tech business?

Every day, Google collects data on billions of people worldwide, according to The Regulatory Review. The dodge that users gain some benefit from ad targeting is fallacy. For example, if Google’s search were decoupled from its advertising, there would be less chance for users to be misled by ignored search terms and seemingly hard-wired results.

There’s nothing beneficial to the user about Google’s sponsored search results. That’s also true of  the adjacent Google ads that follow you around from site to site.

Digital advertising has become very big business for tech companies. For Google and Meta/Facebook, it’s a major revenue stream, and it’s a significant chunk of cash for other big tech companies — and even quite a few smaller ones.

       2023 digital advertising revenues

        Data provided by Statista.

The US government and Americans in general are letting big tech companies get away with infringing the online privacy of millions of citizens who use “free” services in the form of apps and websites. Big tech’s goal is to connect advertisers with an ideal customer, who, because of some online interaction, is perceived as being more likely to buy products like the ones the advertiser is selling.

These tech companies collect information including search data, purchase history, payment information, facial recognition data, documents, photos, videos, locations, Wi-Fi location, IP address, birth date, mailing address, email address, phone number, activities or interactions such as videos watched, app use, emails sent and received, activity on your device, phone calls — and a lot more. Security.org has a richly detailed analysis on the data types used by Amazon, Apple, Facebook/Meta, Google, and X (formerly Twitter).

Google collects the most types of data; Apple, the least.

User beware

The corporate data gatherers and potential data brokers who buy and sell user data create detailed profiles with as much about you as they can muster. If these companies are breached and your data leaks, that info could wind up on the dark web where it might be sold — resulting in possible identity theft.

It should come as no surprise that the companies tracking users employ cryptic legal language to explain what they do with your data. And whatever privacy controls users might have been provided tend to be incomplete, spread out, difficult to find, ambiguous, or needlessly complex. Plus, both the legalese and privacy settings can change without notice.

If, for example, it were in Meta’s and Google’s best interests to make it easy to configure their products to the strictest level of data privacy, they would have done so long ago. (Hint: It’s in their vested interest to make it difficult for you to activate heightened user-data privacy settings.)

Facebook offers a wizard-like set of tools for managing security and privacy settings. While these tools are commendably easy to use, they barely scratch the surface of the data the social media giant collects.

It’s clear that companies harvesting online user data can’t be trusted to self-regulate to protect their users, and it’s long past time for federal regulations to protect user data and privacy like the EU’s GDPR (General Data Protection Regulation) enacted in 2018 and the EU’s DMA (Digital Markets Act) antitrust law, which took effect just last week. Laws like these belong at the federal level, because it’s easier for companies to comply with one broad set of standards than a patchwork of state regulations.

Because of the lack of federal impetus on data privacy regulation, 13 states have passed comprehensive data privacy laws: California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Texas, Florida, Montana, Oregon, and Delaware. Several additional states have lesser regulations on the books or have proposed legislation.

It’s important to enact legislation with penalties that motivate the companies involved. Some big tech firms fined by the EU have simply declined to pay some penalties, or paid them after delays. Fines are not the answer, or at least, not the best answer. Big tech companies make so much money on user data that fines for non-compliance with the GDPR and other regulations could be seen as merely the cost of doing business. Finally, if federal regulation is enacted, AI regulation should be be a part of the discussion.

9 ways to improve privacy on your devices

It’s not possible to fully protect your user data on the Internet, but you can significantly improve your privacy. To do so, you might have to leave your comfort zone a bit and retrain yourself to work in different ways:

1. Use a browser such as Firefox, which is designed to protect your privacy (and configure search to default to DuckDuckGo).

2. Use unique passwords for all your logins with two-factor authentication or passcodes. The only practical way to do that for most people is with a password manager (such as 1Password). Most password managers automatically fill in logins for you, making them convenient to use.

3. Avoid apps when possible and log into social media and other web-based services using your web browser.

4. Use the browser’s privacy window in conjunction with a virtual private network (VPN) like Surf Shark or ExpressVPN to obscure your IP address and provide encryption. The chief advantage of a VPN is added privacy.

5. Learn what user data each platform collects and decide what you want to try to protect. Wading through the fine print should eventually detail this. These resources have done the grunt work for you — though some details might have changed since publication:

• The data big tech companies have on you – Security.org
• The sneaky ways tech giants collect your data – Milnsbridge.com

6. Use the privacy configuration tools provided by the data-collecting platforms you frequent, especially for sensitive data like payment methods, access to documents, photos, and videos, and location information. These references can help you batten down the hatches on digital privacy:

• 10 non-negotiable best practices – Wordstream.com
• Here’s why tech companies want your data so badly – CyberGhost

7. Carefully manage Location Services on your devices. If you can’t live without location services entirely, configure location services on and off by app.

8. You can take steps to make your phone harder to track.

9. And finally, while it won’t be the most popular recommendation, you can improve your privacy significantly by eliminating one or more sources of vulnerability, such as the Google or Meta platforms. In other words, stop using some digital platforms entirely. Cancel accounts, find out how to delete all data being held by the platform, then do so.