The ratification of the First Amendment to the U.S. Constitution created a tension between the right to free speech and the right to privacy that has spawned millions of lawsuits and billions of billable hours since 1787. As the recent spate of data breaches affecting hundreds of millions of consumers makes clear, the dawn of the digital age has intensified that tension, made the discussion about potential solutions more complex, and guaranteed that the battle to balance these two competing rights will be the subject of litigation for years to come.
I’m sure it comes as no surprise that when something of value is created, in this case the personal information of nearly every American, businesses will try to monetize it and thieves will strive to steal it. That’s why banks, safes, armored cars, alarms, consumer protection laws and cops were invented. Unfortunately, unlike diamonds, cash, Picassos, Porsches and other valuables, the data points internet users expose every time they log onto Facebook, Instagram, or the digital edition of Attorney at Law Magazine are incredibly easy to pilfer because the legitimate companies that accumulate and sell that data have proven to be incredibly inept at protecting it.
Even though that ineptitude has been on display repeatedly and personal information including Social Security and driver’s license numbers, medical and employment records, and credit card info belonging to more than half the population has been swiped, policy makers had been reluctant to act in large part because businesses like Equifax downplayed the consequences of data breaches and promised to plug the holes in the cybersecurity dyke on their own.
The dynamic changed, however, when reports surfaced that a company named Cambridge Analytica had surreptitiously “scraped” info from millions of Facebook profiles and used it to persuade voters to support President Donald Trump.
Outraged by this attempt to manipulate the American electoral process, Congress summoned Facebook founder Mark Zuckerberg to Capitol Hill and demanded that he explain how this act occurred. During two days of hearings a couple things became clear: first, most members of Congress have no idea what the internet or Facebook are; and, second, that Mr. Zuckerberg and his fellow tech billionaires have no intention of voluntarily cleaning up their act.
That means anyone who logs onto the internet will remain vulnerable to identity theft unless and until policymakers, the digital business community, and lawyers who consumer protection attorneys familiar with cybersecurity issues work together to draft and implement innovative solutions that will protect both free speech and the right to privacy without impeding digital commerce.
It just so happens that I have been actively engaged in data breach litigation for the past few years. My team’s experience in the field has enabled us to develop a set of fundamental principles we believe will go a long way toward preventing data breaches, cyber theft , and the very real carnage these crimes cause. Here’s our list of solutions. Feel free to share it with a legislator near you.
We Believe A Federal Or Uniform State Privacy Protection Act Should:
- Limit the inclusion of class action waivers and forced arbitration clauses in the user agreements Facebook, Google, Uber, and other digital platforms/ enterprises require consumers to sign.
- Require companies to disclose how personal information will be used and what measures are in place to protect it. These disclosures should be complete, simple and understandable, i.e., written in plain English. The robust disclosures required for consumer loans under the Truth in Lending Act should serve as a model. A quick aside; when a Congressman asked Zuckerberg to commit to revising Facebook’s user agreement so a sixth-grader could read and understand it, Zuckerberg refused to do so.
- Establish a schedule of civil penalties for failure to disclose potential uses for consumer data, failure to provide transparent, understandable user agreements, and for security breaches.
- Allow for shift ing attorney’s fees in data breach cases so individuals with small or future damages will have access to the courts.
- Empower federal and state regulators, rather than companies and trade associations, to establish meaningful standards that set realistic expectations for consumer data security.
- Create a safe harbor against suits for companies of which the leaders can objectively prove that they abided state and federal standards when and if they are established.
- Establish an implicit understanding that personal data will be protected and make that understanding a pecuniary part of a customer’s agreement to buy a product using a credit or debit card.
- Bring slander and libel laws in sync with the reality of modern technology.
I believe these steps will protect consumers, safeguard American democracy, and allow you to Google the name Stormy Daniels whenever you are inspired free of fear that your personal info will be hacked. Marc Dann