Dec 21, 2019

The privacy smokescreen

Illustration: Eniola Odetunde/Axios

Tech companies appear to be bowing to new privacy rules springing up in Europe, California and elsewhere, putting in place processes to show they're complying.

Yes, but: Some of these moves are smokescreens that allow the companies to avoid making big, painful changes, some legal experts argue — enabled by a legal system that offloads enforcement onto the very companies being regulated.

The big picture: Companies are painting over existing practices with a veneer of rule-following, argues NYU law professor Ari Waldman in an upcoming article for the Washington University Law Review.

  • "Mere symbols of compliance are standing in for real privacy protections," he writes.
  • Companies that are meant to be constrained by privacy law are able to "recast and reframe it to benefit themselves," Waldman tells Axios.

The stand-ins, according to Waldman, include privacy policies, impact assessments, trainings, audits and paper trails.

  • "These things have all the trappings of systems but instead are really just window dressing," he says.
  • In surveys and interviews with privacy professionals, Waldman turned up a check-the-boxes approach to privacy.

What's happening: As privacy laws in Europe and California kick in, companies are setting up new internal structures to comply with them, says Dominique Shelton Leipzig, a privacy attorney at Perkins Coie.

The other side: "To conclude that assessments aren't working, I think, is a false conclusion," says Al Gidari, a longtime privacy lawyer now at the Stanford Center for Internet and Society.

  • "Those processes work really well in companies because if they don't, people go to jail, employees get fired, companies get prosecuted," he tells Axios. But it's up to companies to prioritize privacy and implement effective systems.
  • Gidari argues that internal assessments are necessary at big tech companies like Google, which he represented when it was investigated by the Federal Trade Commission in 2011. It's not possible to formally audit dozens of products and services on a regular basis, he says.

The bottom line: The offloading of enforcement to companies is a result of vague, toothless laws and weakened agencies like the FTC that would otherwise be in charge of enforcement.

  • "Procedure is not enough," says Waldman. Laws should require a substantive change like a ban on sharing certain data, rather than a process like assessments of whether or not the data is being dealt with correctly.
  • And penalties should be much higher for wrongdoing, Gidari argues. When the FTC fined Facebook $5B for a privacy violation earlier this year, the company's stock went up. "It's awfully hard to see how that alone is sufficient," Gidari says.

"When you have companies setting the rules, my biggest concern is that it's just going to be streamlined toward the most efficient process for them — but not necessarily the most efficient process for users or the fairest process for users," says Frank Pasquale, a law professor at the University of Maryland.

Go deeper: The global shortage of privacy experts

Go deeper

Trump says he will campaign against Lisa Murkowski after her support for Mattis

Trump with Barr and Meadows outside St. John's Episcopal church in Washington, D.C. on June 1. Photo: Brendan Smialowski/AFP via Getty Images

President Trump tweeted on Thursday that he would endorse "any candidate" with a pulse who runs against Sen. Lisa Murkowski (R-Alaska).

Driving the news: Murkowski said on Thursday that she supported former defense secretary James Mattis' condemnation of Trump over his response to protests in the wake of George Floyd's killing. She described Mattis' statement as "true, honest, necessary and overdue," Politico's Andrew Desiderio reports.

5 hours ago - World

The president vs. the Pentagon

Trump visits Mattis and the Pentagon in 2018. Photo: Brendan Smialowski/AFP via Getty

Over the course of just a few hours, President Trump was rebuffed by the Secretary of Defense over his call for troops in the streets and accused by James Mattis, his former Pentagon chief, of trampling the Constitution for political gain.

Why it matters: Current and former leaders of the U.S. military are drawing a line over Trump's demand for a militarized response to the protests and unrest that have swept the country over the killing of George Floyd by police.

New York Times says Tom Cotton op-ed did not meet standards

Photo: Avalon/Universal Images Group via Getty Images)

A New York Times spokesperson said in a statement Thursday that the paper will be changing its editorial board processes after a Wednesday op-ed by Sen. Tom Cotton (R-Ark.), which called for President Trump to "send in the troops" in order to quell violent protests, failed to meet its standards.

Why it matters: The shift comes after Times employees began a coordinated movement on social media on Wednesday and Thursday that argued that publishing the op-ed put black staff in danger. Cotton wrote that Trump should invoke the Insurrection Act in order to deploy the U.S. military against rioters that have overwhelmed police forces in cities across the country.