The technology landscape is evolving so quickly that governments are struggling to implement effective laws to protect consumers and ensure data is being used in reasonable ways. The California Consumer Privacy Act (CCPA), effective January 1, 2020, is expected to spur more action in the legal data privacy space. What that action should be, however, is still hazy.
“The regulatory framework is really trying to keep up with the technology,” said Geoffrey Starks, commissioner on the Federal Communications Commission (FCC), during a September 18 data privacy panel discussion at the Bloomberg Law Leadership Forum in Washington, D.C.
Of particular concern, Starks added, is facial recognition technology and its potentially wide-ranging use in surveillance and by law enforcement entities. “Black and brown people are being interdicted based on facial recognition,” he said.
In Detroit, for example, the police department has been using facial recognition software for nearly two years, despite opposition from some lawmakers and members of the public. A policy recently approved by the Detroit Board of Police Commissioners limits, but still allows, the use of the technology. At the other end of the spectrum, some cities and states, including San Francisco and Somerville, Massachusetts, have banned facial recognition software.
Wireless carriers and other companies are also mining and monetizing data in numerous ways, such as selling consumers’ geolocation data in real time to nearby advertisers. According to Pew Research Center, 96% of Americans own some type of mobile phone, and 81% of those are smartphones.
“These things follow us everywhere we go,” Starks said. “Your location is one of the most precious pieces of information you have. I think selling it is just alarming.”
Carriers are stretching the definition of “reasonable use” of data, according to Victoria Espinel, president and CEO of BSA, and using it in ways that surprise consumers. While using a map app, for example, one expects to be sharing location data with the app. However, “if you have a flashlight app on your phone and you find out that it’s tracking your location,” Espinel said, “to many people, including myself and including regulatory agencies, that doesn’t seem like a reasonable use of that data.”
As data use and technology evolve, agencies are struggling to develop timely and reasonable regulations. At any given time, there are dozens of technology- and communications-related bills at various stages in Congress; meanwhile; new applications, devices, and software are being developed every day.
“The government enforcement process, when it comes to technology, is inherently behind current technology,” said Terrell McSweeny, partner at Covington & Burling LLP and former commissioner on the Federal Trade Commission. “The enforcers are coming along and picking up issues when they arise, but they’re lagging a little bit.”
In addition to the difficulty of keeping up with rapidly changing technology, lawmakers are inundated with complaints from their constituents about data use and misuse. The concerns highlight the tradeoffs that come with having access to virtually infinite amounts of information at one’s fingertips.
“Our office gets 40,000 calls a year with complaints, most of them about robocalls. But I don’t know anyone who would be willing to give up their cellphone. They rely on it. It’s part of life,” said Brian Frosh, attorney general of Maryland. “The advances in technology have improved our lives in multifarious ways, but on the other hand, people are more recently becoming aware of privacy dangers.”