Of course, Congress doesn’t have a clue about how Facebook works. But they can still enact legislation to protect the privacy of citizens without specifically regulating Facebook. In fact, directly applied Facebook regulation would miss the point completely.
By now, everyone has seen the almost comical mashups of congress members asking Mark Zuckerberg questions about Facebook. The reason I say ‘almost comical’ is because it’s really not funny at all. Well, maybe with the exception of Zuckerberg’s booster seat… The most powerful members of our country have no idea how the most powerful social media behemoth works – that’s damned scary.
Disclaimer: I’m definitely not a defender of Facebook. I actually very much dislike Facebook. But, in today’s high-tech world, it’s a necessary evil. If your business doesn’t have a social media presence, you don’t compete. It’s really that simple.
Facebook Screwed Up
While Zuckerberg was forthcoming with the fact that Facebook was grossly negligent in the way it’s been allowing user data to be accessed by 3rd parties, the consistency at which these events happen indicates that we can’t necessarily trust Facebook to police itself.
While Facebook’s user agreements might free them from liability associated with such irresponsibility, that can be changed by introducing certain legislation.
It’s the possibility of introducing new legislation that brought Zuckerberg to Capitol Hill. As Congress threatens to begin Facebook regulation via new laws, we must ask whether they understand the issue well enough to do so properly.
It’s not just Facebook
Most of us entrust our personal information to dozens, if not hundreds, of companies. We give our data to banks, retail stores, fitness apps, and a myriad of other entities.
And every few weeks we find out our data has been breached and obtained by persons unknown. Whether it’s through poor cybersecurity practices or simple stupidity, our information gets compromised on a continuous basis.
Writing legislation to regulate Facebook would potentially miss out on all of the other places that collect and warehouse information about us.
The Solution: Broad Privacy Rights that Extend Beyond the Digital World
It’s a radical idea, but what if Congress decided that all people have certain unalienable rights to privacy? Of course, when you say unalienable, most Americans immediately think of our Declaration of Independence which defined a few of them as, “life, liberty, and the pursuit of happiness.” But there are more than just those.
A typical user agreement from any company regularly has a person signing away a number of their rights in order to do business. User agreements are designed to protect the company. A user agreement might have a person relinquish their right to take a company to court. It may require you to allow them to share your information with outside parties.
It may simply be very extremely restrictive as a way of making it so inconvenient to exercise a right, that you just don’t do it. For example, one of Facebook’s terms is that any user who has a dispute must be able to file that dispute in a very specific district court in California. I live on the East Coast so it’s very unlikely I’d be filing suit in a California court. I have no idea what people outside the US would do.
Unalienable Privacy Rights: Here’s a Few Ideas for Congress
While regulating Facebook directly may provide some short-term protections, updating privacy and personal information protection laws would have a much stronger effect. Here are a few things that could be protected without ever mentioning Facebook, but would still apply to them and make our Facebook data safer.
An individual cannot relinquish the ownership of their personal data or be asked to do so. A law protecting the ownership of your data is critical. It means that no matter who you give your data to, it’s still yours to control. A user agreement or terms of service that attempts to circumvent this would be a violation of the law.
An individual cannot relinquish the right to revoke permission to their personal data or be asked to do so, and the responsibility for revoking the data falls to the provider who shared it. Another critical right that should be unalienable. When you allow Facebook to share your data with “Company X”, not only do you have the right to ask them to revoke that data but since Facebook provided it, the responsibility would fall to Facebook to take the necessary steps to ensure Company X was notified and complied.
Personal information to be shared with 3rd parties should be only allowed on an opt-in basis and the opt-in must be separate for each party. When you sign up for Facebook (and many other services), the user agreement defines that simply the act of signing up serves as permission to share your data. This practice should be illegal.
At the very least, every request for your data should be denied by default and have to be explicitly allowed by you. For instance, there shouldn’t be a single opt-in box that just opts you into every 3rd party the provider deals with. The provider should have to ask you for each 3rd party to provide individual permission to share your data.
Finally… Don’t Save it Forever
Personal data cannot be retained indefinitely. One of the biggest problems today with personal data is the dropping price of data storage. Cheap storage makes it easy to just save everything forever. Congress should look to technology subject matter experts to determine how long is reasonable retention. Making it illegal to keep personal data longer than 1 year (for example) would go a long way to lessening the amount of data potentially at risk.
Final Thoughts on Facebook Regulation
Congress doesn’t have to know the inner workings of Facebook in order to protect our privacy from their indiscretions. Watching them ask Zuckerberg the same questions over and over because they simply didn’t understand his answers should make anyone wary of any legislation that pops out of Capitol Hill promising to regulate Facebook.
By updating privacy protections across the board, they have the power to save us not only from Facebook, but from banks, insurance companies, & advertising agencies.
On the other hand, Congress already spends a lot of their time regulating things they don’t understand, so I wouldn’t exactly hold my breath. It’s very likely they’ll turn out some Facebook regulation bill in the near future that will barely protect us from Facebook, and nothing else.
Sharif Jameel is a business owner, IT professional, runner, & musician. His professional certifications include CASP, Sec+, Net+, MCSA, & ITIL and others. He's also the guitar player for the Baltimore-based cover band, Liquifaction.