Blackmailing Legislators into Strengthening Privacy Rights?

A few weeks ago, comedian and night show host John Oliver made a bold move in his show “Last Week Tonight”: he basically blackmailed members of congress into enacting a comprehensive federal privacy law in order to save their own skin. Oliver did this by doing exactly what is being done to the average internet user nowadays. He used the services of data brokers and created a pool of people likely to be members of congress or other important political figures to target them with somewhat peculiar advertisements. Some included Ted Cruz fan fiction, while others addressed topics such as “how to vote twice” or divorce ads. If people clicked on these targeted ads, Oliver and his team were able to subtract more information. This would allow them to deanonymize the users; meaning that they identified the data with specific individuals. Now, one might think that perhaps this is going a bit too far, but once you look a little closer at what is at stake, it becomes clear that John Oliver is making an important statement about the current state of privacy and the increasing value of information worldwide.

Why Should We Care About Our Privacy?

Whenever I discuss the issue of privacy with others, there are two arguments that come up every single time. First, people will claim that they don’t have anything to hide, so why would they mind if someone had access to their data? Second, everyone always assumes that they are not important enough for people or companies to track them which makes them less concerned for their data.

Concerning the first argument, Oliver makes a good point by saying that wanting to be “private doesn’t have to be gross”. With this statement, he is alluding to the idea that privacy shouldn’t always be associated with shameful behavior or interests that someone would like to keep hidden from the public. Privacy is a fundamental right which shouldn’t only protect your porn search history, but more general information that doesn’t really concern anyone. For example, the supermarket Target has proven that collecting purchase data from their customers with membership cards allows them to make interesting inferences, such as being able to very accurately predict whether someone is pregnant and when they are expecting. This shows that even information that people don’t consider as important can give considerable insight into their private lives.

If we look at the second argument, it should be remembered that gathering data is not about specific people, such as celebrities or politicians. Instead, the aim is to collect as much data about as many people as possible to put internet users into groups, which can then be targeted for specific purposes. For example, the company Epsilon collects data from a large pool of people. and then categorizes these data subjects into groups like “Boomers and Boomerangs”, “Ambitious Singles”, or “Kids and Cabernet”. The credo is that the more data that is gathered, the better. This means that everybody’s data is valuable and will be collected if available. Hence, it doesn’t matter whether you are famous or even interesting, your data will be collected and used for sure!

Data as a Commodity

The term surveillance capitalism has become a popular term coined by Shoshana Zuboff, author of several books and professor at Harvard university, who studies the interplay of technological advances and capitalism. This term describes the phenomenon by which data itself has become a valuable commodity with which companies trade and generate income. Thus, companies such as Acxiom, Clearview AI, or Epsilon collect all sorts of data ranging from gender, religious affiliations, and political views to health conditions, purchase history, sexual orientation, or geo location. This data is then provided to everyone willing to pay for it, including insurance companies, credit card companies, public authorities, or future employers. Although it is often suggested that there is no cause for concern since only big data is collected which is supposedly anonymized, in practice, it is relatively easy to de-anonymize client IDs. This is because client IDs represent pseudonyms that include many proxies which make it easy to identify a person.

What’s scary is that everyone willing to pay can access the data that has been collected about you. For example, stalkers or domestic abusers are able to locate their victims and track their every step. In other instances, public authorities in the US gained access to sensitive data without a warrant by sidestepping the legal procedure and directly finding the information they needed by going to data brokers. Even politicians make use of these services by pooling certain demographics and groups together and strategically targeting these groups with political ads; thus, making their campaigns more successful.

And What About the EU?

If you now think: “Well, this is all happening in the US. Here in the EU crazy things like this don’t happen!” then I have to disappoint you. It is correct that in the EU our privacy is protected by the GDPR - or the General Data Protection Regulation. Amongst other obligations and functions, the GDPR obliges EU Member States to establish Data Protection Agencies (in short: DPAs) to monitor the compliance of companies and websites with the obligations under the GDPR. While some DPAs have taken actions to limit the actions of such data brokers, like Clearview AI, in the form of hefty fines or prohibitions to further collect and use the data of some nationals, this patchwork of actions does not provide for comprehensive protection of all EU nationals. Some public officials have even been involved with the company, including both the Belgium Federal Police and the Swedish local police, who made use of the services. Although such use by public officials was deemed unlawful by both responsible DPAs, it is still unsettling how and by whom such services can be used. Therefore, it might be beneficial to adjust some of our online behaviors to make it just a little bit more difficult for these companies to collect our information. John Oliver suggests to fully disable your location on your phone so that no app can access this data. Another option for those living in the EU is to make use of already existing obligations imposed on websites. These include the requirement to give internet users in the EU the option to choose their own cookie settings and therefore to give them more control over their privacy. While admittedly, this can sometimes be a hassle, most of the time it only takes a few extra seconds and gives you the peace of mind that no third parties can collect and analyze your online behavior.

Another alternative is the use of different search engines, such as DuckDuckGo. Here, your searches won’t be tracked, no user profiles will be created, and hidden trackers from other websites will be blocked. If you want to go one step further, you could install Tor Browser. This browser is not only a means to access the dark web, but can also be used for normal web browsing. The only downside to using Tor is that some websites might not function properly, as some plugins might be disabled that are necessary for the functionality of the website. Until more comprehensive action on EU level is being taken, little things like this already make it more difficult to track all of your personal data.