It should not come as a surprise to anyone these days that Internet companies have “digital dossiers” on all of us — the websites we visit, the friends we’ve sent emails to, the photos we’re tagged in, the medical symptoms we’ve searched for. But there has never been any way for us to know just what these companies know about us — or who they’re selling our information to.
But that could finally be about to change — in California, which is on the cutting edge of technology policy, and perhaps, eventually for the whole nation. A long-overdue bill in the California legislature, “The Right to Know Act,” would force companies such as Google and Facebook to reveal what personal information they have collected and how it’s being used.
The public cares about Internet privacy — even though tech companies like to argue otherwise — and opinion polls show strong support for laws to protect it. In one national poll, respondents favored a law disclosing all information collected on users by a 69% to 29% margin. But this popular support for online privacy has not translated into strong legal protections — both because the public has not been good about demanding privacy laws and because industry has been very good at blocking them.
The Right to Know Act has been getting a great deal of attention. Civil liberties organizations, privacy advocates and women’s groups have been urging the state legislature to pass the bill — and if the will of the people were the only consideration, it would seem destined to pass speedily. But powerful tech companies are lined up against the bill — and it’s looking like it will be a tough fight.
Personal information has been called “the web’s new gold mine,” because it can be used to target personalized advertising to Internet users — a lucrative business — and it can be sold to an array of shadowy data brokers who have many ways of turning it into cash. Tech companies are not eager to part with their new-found riches. Some of the biggest ones such as Google, Facebook and Microsoft, are members of an industry trade group, TechAmerica, that is working against the bill. The San Jose Mercury News credits industry lobbying with getting a hearing on the bill, which was to have occurred this month, pushed into May.
Tech companies like to argue that laws like the Right to Know Act are a threat to their business models, and to their ability to keep providing services like Facebook and Google search for free. But the California bill only requires companies to be transparent about what they are doing — it does not limit their ability to collect or use personal information. And it includes business-friendly protections, including a provision that says that companies only need to provide each user with an accounting every 12 months.
After years of complacency, there are finally signs that the public is starting to demand greater privacy rights. Last week, in a long-awaited move, a powerful Senate committee endorsed an amendment to a key federal law that would give greater privacy protection by requiring the government to get a search warrant when it wants to read people’s emails. (Under current law, the government only needs a warrant when it wants to read email that has not been opened by the recipient and that is newer than 180-days old.)
The California bill — despite all the industry squawking — is fairly conservative. It does not give Internet users the right to correct or delete their personal data or to block companies from selling it to other companies — which are some of the real high-stakes issues in Internet privacy. In a perfect world, we would have put users in control of their information when the Internet was first created. But it will be a long time, if ever, before we get that sort of robust privacy. For now, California’s Right to Know is an important, if modest, first step.