Brief #32 – Technology
By Charles A. Rubin
Privacy Under Attack: The Challenge of Data Commoditization in The Biden Era
January 26, 2021
Policy Summary
The US Defense Intelligence Agency and other government entities routinely collect cell phone location data on US residents without a warrant, according to a memo reported by The New York Times on Friday January 22, 2021. The agencies buy the information on the open market from data brokers, who often get it from third-party apps running on users’ phones.
The practice reveals how intelligence agencies and potentially local law enforcement departments can track US residents without warrants despite a 2018 US Supreme Court decision that ruled warrants are necessary for the practice. Known as the Carpenter decision, the ruling held that the Fourth Amendment requires investigators to clear a higher bar before accessing data that can create a timeline of a person’s every movement.
Analysis
Our mobile devices provide us with tremendous utility in navigating unfamiliar terrain, finding missing devices, keeping tabs on our kids and locating the nearest gas station. They also harvest a tremendous amount of information about where we have been and how long we’ve been there. This is information that we freely share when we agree to an application’s terms of service. What we are likely not aware of is that the app providers often sell this information to brokers and that there is a lively, lucrative and largely unregulated market for this information.
The European Union in its General Data Protection Regulation (GDPR) and several US States including California and Vermont have attempted to bring some transparency to the collection of user data but the fragmented nature of the US response to date has left the consumer with a confusing path to determine what information is shared and how widespread is the sharing. Purging this data is nearly impossible.
Federal privacy legislation was not necessarily a priority for the Trump administration and there is hope that the Biden team will give it the full attention it deserves. On Monday January 18, 202, Reuters reported that 40 advocacy groups sent a letter to President Joe Biden calling for a renewed focus on consumer privacy. A coalition of 11 groups urged Biden to create an independent U.S. data protection authority and commit to a federal privacy law within his first 100 days in office.
While we remain hopeful that the new administration will take steps to address this issue, for now, the consumer should be wary, familiarize themselves with the terms of service they have agreed to and shun those services whose practices seem unethical.
Engagement Resources
- The Pew Research Center has compiled a report – Americans’ Views About Data Collection and Security
- The National Conference of State Legislatures has worked to draft laws on the local level to address this issue.
- The International Association of Privacy Professionals is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, promote and improve the privacy profession globally.
- The Information Technology and Innovation Foundation focuses on a host of critical issues at the intersection of technological innovation and public policy