January 28, 2019 is Data Privacy Day. It marks the thirty-eighth anniversary since Convention 108, the “first legally binding international treaty dealing with data and privacy protection,” was signed. Convention 108 was designed to protect consumers from tech platform abuses related to collecting and processing personal information, especially "sensitive" data such as race, political affiliation, disability, religion, sexual orientation, and criminal records. Years later, we still have not managed to fix the privacy problem.
It seems that the passage of time and advancements in technology have only exacerbated the problem. However, as advocates and industry leaders have explained over and over again, this problem is not insurmountable. We must hold tech platforms accountable for treating consumers’ data with a duty of care. Congress should enact federal privacy legislation that empowers consumers in addition to demanding accountability from tech platforms.
The right to privacy is widely recognized. Over 50 years ago, on December 10, 1948, the General Assembly of the United Nations “adopted and proclaimed” the Universal Declaration of Human Rights. Among such rights included the right to a public hearing, right to marriage and family, and the right to own property and, notably, the right to privacy. Article 12 explicitly states, “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” In a digital society, the right to privacy is increasingly important, even though Latino communities in the United States are constantly seeing their rights violated with limited opportunities for redress.
Latinos have good reason to be suspicious of the way that both public and private entities manage their personal information online. A Pew Research Center study found that there were approximately 10.7 million undocumented immigrants in the United States in 2016. Not all of those immigrants were Latino, but approximately half were from Mexico and other Latin American countries. As Latino immigrants have been targeted by wide spread hate speech campaigns and online harassment, it only adds to their distress to learn that agencies like Immigration Customs Enforcement (ICE) solicits proposals from private entities to collect their personal information online.
For instance, in September 2017, the Department of Homeland Security (DHS) announced that it would start collecting social media information on all immigrants in the United States, regardless of legal status. The agency planned to log “social media handles, aliases, associated identifiable information, and search results” in its immigration files. In order to do so, it hired “…contractors who specialize in making sense of the big date filling Facebook, Twitter and myriad other platforms.” From the time that the Trump Administration took office until September 27, 2017, when Forbes’ article was published, one particular contractor, Giant Oak, was paid around $3 million for such work. This is not an uncommon purchase for ICE. In fact, since President Trump signed the second version of his travel ban, ICE has purchased at least “…$2 million worth of what’s believed to be some of the most powerful phone and laptop hacking technology available.”
ICE is a loyal customer of PenLink and Palantir, a surveillance vendor and “perhaps the biggest name in intelligence gathering and pattern-analysis today,” respectively. DHS has tried to quell opposition in statements like, “In an effort to be transparent, to comply with existing regulations, and due to updates in the electronic immigration system, DHS decided to update its corresponding Privacy Act system of records.” But as the American Civil Liberties Union national political director, Faiz Shakir, rightly stated that “[DHS’ actions] would undoubtedly have a chilling effect on the free speech that’s expressed every day on social media…” It is also undoubtedly a violation of privacy rights.
Likewise, ICE agents frequently use Facebook to obtain an immigrant’s “…phone number and the locations of each login into his account during a date range.” While ICE claims that it has the “…ability to seek subpoenas and court orders…” to get the information they seek, it would be helpful for the agency to publicly disclose reports to confirm that the information it obtains is under the color of a warrant or subpoena. In a Supreme Court case decided last year, it ruled that law enforcement must actually “…seek a warrant for cell tower location information and, the logic of the decision suggests, other kinds of digital data that provide a detailed look at a person’s private life.” In his dissenting opinion, Justice Kennedy confirmed that “the Court suggests that less than seven days of location information may not require a warrant.” Does the information that ICE obtains contain more than seven days of data?
Additionally, in 2018, ICE was forced to abandon its plan to use continuous social media monitoring to generate 10,000 deportation investigation leads per year. ICE searched for private vendors that could build automated software to scan platforms like Facebook, Instagram, Twitter, and LinkedIn to determine whether visa applicants would positively contribute to society and make contributions to the national interest. The software would have been based on discriminatory criteria extracted directly from President Trump’s rescinded Muslim Ban. Tech platforms have received minimal scrutiny for its role in ICE’s deportation machine. Companies have actually demonstrated a willingness and business appetite to collaborate with government agencies to target immigrant communities. These are among the reasons why Latinos, in particular, are fearful of the way that their data is collected and processed online. Congress can help by implementing regulations that ensure a consumer’s right to control how and what personal information is collected online and with whom that information is shared. Consumers should have the right to manage their own data profiles with the benefit of privacy policies that are easy to understand. An obvious improvement would be to require that policies be available in various languages. Videos or graphics could be used to supplement clickwrap agreements. And, of course, email notifications should always be sent to consumers whenever there is a major change in a company’s privacy policy.
An inescapable truth looms--consumers demand more from the tech platforms that are managing their data. There are lots of ways to improve. The answers are all around us. The question remains whether Congress is ready to have a serious discussion about what consumers need in privacy regulations and, importantly, whether tech platforms will listen.
