When you do not understand a threat, you cannot act appropriately. As of May 26th, a new EU law written with the intention of making it easier for web users to protect their privacy will go into effect. This is the same problem that we saw with SOPA, and proposed legislation in New York state to outlaw anonymous internet comments– Legislators do not fully understand the problem they are addressing and compensate by acting in the broadest way possible. Ultimately these laws cause more damage than the [very real] threat they sought to defeat in the first place.
What is really going on and what is at stake? This is a graphic design blog. This discussion is outside the scope of what is normally addressed here. However, when considering multiple and ongoing legislative attempts to reign in certain aspects of our vocation, we should pause and ask why. Why is creating a cookie that ties into the QR code placed on the ad we designed a problem? Why shouldn’t anonymous comments be allowed? Why does the US Congress want to be able to shut down IP addresses without due process? Why are these obviously flawed remedies being proposed and implemented?
DOES PRIVACY MATTER?
Do people care about privacy? In an otherwise sharp consideration of the impact the most recent law will have on EU business, TechCrunch.com writer Mike Butcher suggests privacy is not an issue for most people. “Presumably if consumers wanted more protection then they would have shifted behaviour and adopted browsers with better controls.” How can this argument be convincingly made? Most people, including legislators, do not understand how to adjust their privacy settings. Many web sites don’t work at all if privacy settings are on, cookies disabled or your IP address masked. Further, many people falsely believe their data is aggregated and their unique personal data is lost in the mix. They do not understand the stakes. As anyone in web marketing can tell you, we know who you are, where you live, what you look at, how long you look at it for, what you buy, when you buy it and what you spend. If unguarded internet use indicated a disinterest in privacy there would be no public call for protective laws. Further, there wouldn’t be such a general revulsion towards the idea of outlawing anonymous comments if surface anonymity didn’t serve our interests. Personal privacy matters.
If upholding the privacy rights of citizens is the intention, laws must address that issue directly. Privacy and participation need not be inversely linked. One should be able to comment publicly about matters of the day without giving up the right to be left alone and untracked. Right now, individuals who participate in our increasingly ubiquitous online society are no longer entitled to remain private citizens but are transformed into a product to be sold. The effect is a digital enclosure movement. Common rights are being commodified. It need not be so.
COOKIE BAN LAW WILL NOT WORK
Cookies, as well as IP addresses may be used to collect personal information but they also provide significant functionality. Some online information collection is helpful. For example, we want to be able to refill our prescriptions, reorder our printer ink, compare different items and avoid entering the same address again and again. For this reason, the EU law allows website owners to keep their cookies, but require users to opt-in, essentially making the whole issue moot. Banning cookies or requiring opt-ins will not stop tracking and sale of personal information by private parties any more than cutting off our hands in an effort to curb fistfights will prevent violence. Players big and small will continue to track our actions in other ways and sell data about us as a product, often to governments forbidden to collect this data themselves. Banning or curtailing cookies will do little to address this threat.
We can legislate more effectively. Collection and distribution of personal information indeed ought to be regulated to protect personal privacy. Restricting the sale or distribution of our personal information will help curb abuse without hampering functionality. An additional problem is information collection for use within organizations that own many outlets, track across multiple sites or dominate a niche where we need to interact online. Here compartmentalization or aggregation of data as well as easy checks on legal adherence need to be considered when crafting law. Our laws can require “do not track” settings be honored. This isn’t rocket science. Why aren’t we addressing these issue in this way already?
For many years legislators have equated “private” with “personal” in matters of power, industry, politicking and decision making. While it doesn’t make sense here to retread the ground of how different “personal power” and “private power” are within the context of a democratic, capitalist society, it is important to note the difference. Remedies such as SOPA, EU cookie ban and the proposed NY state law fail because the underlying premise is protection of private power at the expense of personal liberty.
Legislators are overlooking obvious remedies. Rather than allow private patent holders to blot out perceived threats, it would be far more effective (and fair) to stamp down piracy, as we do other types of thievery, by using due process. Rather than disable internet functionality in a bid to preserve personal privacy, it would be far more effective to restricting information collection and distribution. Rather than disable the ability to shield a private life from the civic participation, we can use due process to prosecute slander. It is not too much to ask that private organizations of a certain size be made transparent, publicly accountable and subject to the same restraints and checks on power as democratic governments arising from our western traditions of individual liberty. It is not too much demand personal privacy. These solutions are within our grasp.
As long as we refuse to question the false choice of “privacy or participation”, the false equation of “private” and “personal” and the troublesome idea that private power should not be subject to the same checks as government, we will not find appropriate solutions. The current legislative assaults on internet freedom are inappropriate responses to the problems inherent in unchecked power. It is time to address these issues directly.