What American lawmakers can learn from the UK’s Facebook report

Facebook is embroiled in hard times. Ever since news broke that security vulnerabilities in the once-beloved social network’s advertising platform enabled malicious parties to manipulate voters in the 2016 presidential election, the scrutiny from lawmakers, regulators, privacy advocates, and other parties has been unrelenting.

The latest knock: The Digital, Culture, Media and Sport Committee of Parliament in the United Kingdom released a report calling Facebook “digital gangsters” The report, compiled from an 18-month investigation, calls for an end to tech company self-regulation and encourages the British government to create means of overseeing companies’ handling of user data and punishing misconduct.

The U.K. and the European Union have long pushed for restrictions favoring privacy and security for online users. The United States, meanwhile, has only begun to make progress in instituting regulations on what Facebook and other tech giants do with user data. What happens in the U.K happens in the U.S., so what’s the hold up?

Why America is taking baby steps on tech company crackdown

{mosads}The First Amendment to the U.S. Constitution is unique in both its broad power of protections for free speech, as well as the level of ambiguity in what forms of expression are more or less protected. The tech industry, of course, is not a government sector, and the players within it are not obligated by law to protect speech. However, the success of Facebook, Twitter, Google, YouTube, and many other tech companies is traceable in part to their ability to provide global platforms for free expression.

At face value, this is the most common defense the companies use to protest regulation. According to the New York Times: “Silicon Valley has long opposed making tech companies responsible for content on their sites. The industry argues that websites like Facebook, YouTube and Twitter are simply unbiased platforms for others to share material, and that new restrictions could impede free speech.”

The claim that these platforms are “unbiased,” however, does not hold water. Wave after wave of revelations about Facebook’s advertising platform and the deals it has attempted to hatch with major corporations demonstrate the massive influence of moneyed parties in how Facebook and other companies run their platforms.

This leads to the second major obstacle to effective regulation of tech companies: money, or rather the disproportionate threat of losing money. Facebook may soon be faced with a record-breaking multi-billion-dollar fine from the Federal Trade Commission for violations of user privacy. The total amount the company might have to pay remains to be seen, but even that heady number only represents a portion of the hundreds of billions of dollars Facebook is worth.

America is pro-business and generally eschews regulation when possible. Fines are the principal enforcement method for violations, but what’s a few million or even billion dollars for corporations that make so much more?

What, if anything, is the U.S. doing?

Last year California became the first state in the union to adopt legislation specifying compliance for the handling of digital data. The penalty for not doing so under the California Consumer Privacy Act? A fine of up to $7,500.

For California Gov. Gavin Newsom, his state’s groundbreaking law is not enough. He recently floated a bizarre idea where tech companies would engage in profit-sharing in exchange for user data. The estimated value of an individual Facebook user’s private data? $7.37.

{mossecondads}The Federal Trade Commission is also taking a hard look at the actions of tech companies. Should scandals continue to break, Facebook may not be the only major player facing fines. And, though Congress has yet to take decisive action, some lawmakers at the federal level are already talking openly about the possibility of a national privacy law in the U.S. 

This, however, is the crucial difference between how the U.S. and the U.K. are handling the many controversies in tech. Most measures in the United States target misconduct by major corporations with fines, but the current system employs nickel-and-dime strategies at best. The United Kingdom, the European Union, and other nations across the Atlantic seem to favor much more aggressive solutions.

International action on user privacy and security

The EU’s General Data Protection Regulation (GDPR) is the benchmark against which all privacy legislation and regulations will be judged. Ostensibly instituted to protect the data rights of consumers in the EU, the broad-ranging provisions had a significant impact on businesses around the world last year. This may be an unintended consequence, and business owners have a number of justifiable concerns about the long-term effect of GDPR.

However, two ways in which the GDPR differs from its U.S. equivalent, the California Consumer Privacy Act, are 1) its comprehensive framework and 2) the strength of its deterrent.

First, individual member states are empowered to investigate violations of GDPR and assess fines. Compare this to the California Consumer Privacy Act, which only applies to online activity and transactions within the state.

Second, companies in violation of GDPR at the upper level may face fines of up to 20 million euros ($22.7 million U.S. — higher than the record-setting FTC fine Google had to pay in 2012) or, according to GDPR EU.org, “2 percent of the worldwide annual revenue of the prior financial year,” whichever is greater.

Lawmakers and regulators in the United States can learn two major lessons from these key aspects of GDPR:

• Effective enforcement requires unilateralism: Privacy laws developed through the individual initiatives of state legislatures will result in a decentralized patchwork of repetitive and perhaps contradictory statutes. Federal legislation will be necessary to protect the best interests of the broadest swath of consumers.
• Punishments must be strong enough to act as a deterrent: Using the California Consumer Privacy Act once again as an example, $7,500 fines are not going to dissuade the leaders of any major tech company from sacrificing user privacy and security for the bottom line. The use of both a flat fine and a fine proportionate to the global earnings of the company show that GDPR means business.

What’s next for privacy?

One area where governments on both sides of the Atlantic need to improve is educating their people on the relevance of online privacy to their daily lives. According to CNBC, the Facebook user base hasn’t appreciably diminished in the wake of its many privacy scandals. And, despite the international outcry, users across the internet generally exhibit minimal interest in preserving their privacy.

As governments scrutinize the major players in the tech industry, they need to make a concerted effort to ensure that not only are consumers’ rights protected, but that consumers understand the importance of those rights and how they can take an active part in protecting their security and privacy online.

Dan Goldstein is president and owner of Page 1 Solutions, LLC, an Internet marketing company representing attorneys, doctors and dentists. He has published numerous articles and is a frequent speaker on internet marketing topics. Goldstein is an attorney and is licensed to practice law in Colorado. 

Adam Rowan is the content specialist at Page 1 Solutions. He has written content for publications for readers in business, marketing, legal, and other industries for more than 10 years.