As they say: Good intentions pave the road to, well, you know where. Too often, our legislators can forget that.
This week, Rep. Suzan DelBene, Washington Democrat, proposed the Information Transparency and Personal Data Control Act (ITPDCA), nationwide data privacy standards that would give users more control over how companies use their data. It certainly sounds nice, but here’s the thing: It’s unlikely to make a material difference to consumers. Worse, it’s almost certainly going to level a hefty burden on innovators and businesses at a time when they need all the help they can get.
Collecting data isn’t as bad as it’s made out to be. Indeed, the ability to compile and analyze large volumes of user data has been critical for some of our world’s most important innovations. Understanding and predicting user behavior and need means that businesses can better tailor new goods, services and marketing to what we like. That doesn’t just mean personalized advertisements on your Facebook wall, either.
Data collection shapes innovation in health care, for instance. Thanks to data, we get streamlined treatment plans, calibrated incentives for improving patient outcomes and cost-effective manufacturing. All that could save Americans a whopping $450 billion or more in medical costs.
In urban planning, poverty mitigation and immigration policy, we see data enriching our advancements, too. Satellite imagery, mobile phone data, traffic pattern information and social media analysis alone have made invaluable contributions to research in those fields. National defense also comes into play here. Secure collection and storage of data is important for giving us the confidence to send potentially sensitive information in the era of cyberattacks.
It’s clear that data collection isn’t something we can just shrug off.
Even so, Mrs. DelBene is right in some regards. She notes that over four-in-five Americans report compromised personal information due to data breaches, and seven-in-ten think their data is less secure today than it was five years ago. She thinks allowing users to “opt-in” to data collection is the key to solving the problem.
But privacy research paints a much more nuanced picture. There’s certainly strong demand for privacy and control in specific instances — and data security and storage is already a rapidly evolving field. Private innovations in cloud computing, for example, are increasing physical, electronic and procedural data safeguards without government mandates. After all, users must feel confident and secure enough to send their data if the benefits of the nearly $273.4 billion global data economy are to be realized.
So, what difference will an “opt-in” requirement make? Consider the businesses already permitting users to opt-out or modify data use. For instance, three-in-four Facebook users know about the platform’s privacy controls and four-in-five know how to change them. Awareness about the range of privacy tools available online is particularly high among 18-45 year-olds. Forty-five percent enable two-step verification, a third utilize separate email accounts for different services, and 17% have contracted security companies for information protection.
While people express concerns about their sensitive or private information being compromised, studies show that over half of all consumers don’t mind companies using their data if they gain some benefit from it, and a further quarter simply don’t care about the use of their data at all. That’s 75% of users who aren’t all-in on the “opt-in” experience.
Any data regulation should be focused on making users happy. But in Nevada and California, for instance, entire marketing systems have to be redesigned to comply with targeted advertising restrictions in the state’s privacy laws — including opt-in mandates. That’s making it harder for businesses to target consumer needs and better engage with customers.
Mrs. DelBene’s federal ITPDCA isn’t quite that harsh, so it would be welcome in that it’d replace these less liberal laws. But the compliance costs, including for hiring specialist staff who understand the law, will still reduce available resources for improving goods and services in other aspects.
They’d also disproportionately hurt small business. After the EU’s Global Data Privacy Right (GDPR) was introduced, venture funding for small companies fell, compromising thousands of jobs. By avoiding the GDPR’s exorbitant fine structure and harsher data restrictions, the ITPDCA, fortunately, would be unlikely to cost the U.S. economy up to $122 billion annually, as would be the case were it modeled on the GDPR.
So it’s not all bad. And with states scrambling to enact inconsistent and convoluted privacy and data regulations that threaten companies with huge fines and administrative difficulties, Mrs. DelBene’s federal standard is at least a better alternative. But at the end of the day, it’s competitive and innovative markets — not politicians or bureaucrats — who are already driving privacy and security improvements that consumers actually care about. When it comes to the Internet, we’re better off relying on them.
• Satya Marar is a senior contributor and tech policy fellow at Young Voices.
Copyright © 2021 The Washington Times, LLC.