California is ramping up efforts to protect consumer privacy, creating a dedicated department in a state with a strong tech presence.
As Americans embrace doing more tasks online, their data is increasingly vulnerable to manipulation beyond what is originally expected, and in some cases, outright theft. When it gets to the point now where even venerable companies entrusted to safeguard the data are among those named in privacy dust-ups, states like California are formulating a more comprehensive response.
An Issue So Pressing, It Has Its Own Unit
California’s new Privacy Enforcement and Protection Unit in the state’s Department of Justice aims to hold companies accountable for safeguarding consumer data. The unit will be part of the eCrime Unit established last year to prosecute identity theft, data intrusions and crimes involving the use of technology.
The office will enforce privacy protections using existing state and federal laws that regulate how companies can collect, store, use and destroy personal data, and also educate consumers on their rights and help industry develop best practices, according to Travis LeBlanc, Special Assistant Attorney General for Technology for California.
“There is a clear desire on the part of industry to get some help in coming up with an appropriate privacy practices,” said Joanne McNabb, formerly of the California Office of Privacy Protection, named to head education and outreach for the unit.
The news follows an announcement that Apple, Google, Microsoft, Facebook, Amazon, Hewlett-Packard and Research in Motion agreed to improve mobile privacy protections to catch up with California’s Online Privacy Protection Act, one of the strongest consumer privacy laws in the nation. The Golden State’s Attorney General’s office aims to hold these tech companies’ feet to the fire, announcing it plans to meet with these mobile platform providers this fall to evaluate their progress in implementing the agreement.
Why More Oversight?
Tech companies are feeling the heat after a number of incidents that put the industry in the hot seat over matters of privacy and data.
Facebook was under the microscope last fall when Reps. Edward Markey (D., Mass.) and Joe Barton (R., Texas) asked the Federal Trade Commission to investigate Facebook’s cookie-tracking practice.
The Congressmen’s letter was in response to claims made by Australian blogger Nik Cubrilovic, who said he learned of the problem in 2011, but was unable to get an official response until he wrote about it on a blog post last fall, which finally sparked debate and drew Congress’ attention.
After the Facebook flap, Sen. Al Franken (D., Minn.) put pressure on Sprint, AT&T, Samsung and HTC, about how their use of Carrier IQ’s software collects, stores and transmits user information. The senator’s inquiry followed several class-action lawsuits filed in several states against companies using Carrier IQ.
The sheer breadth of the Carrier IQ issue shook many, lulling them into thinking these “bugs” were a one-off phenomenon. And for those with any lingering doubts, Google’s recent Safari snafu might serve as the final nail in the coffin.
Google admitted it got around Apple’s browser’s privacy settings to embed its “+1″ button in some ads, which then planted a cookie on users’ systems, tracking online activity. The Mountain View, Calif.-based company said it inadvertently tracked Apple’s Safari browser-users, and discontinued the practice after becoming aware of it.
Like the Facebook fiasco, it wasn’t a federal agency, a technology company or an elected politician, but rather a gifted computer scientist, Jonathan Mayer, who discovered the issue. Mayer suspected online advertisers might be getting around browser settings designed to prevent this sort of digital sharing. The idea that two of these problems came to light by computer geeks working alone causes many to wonder: are these just the tip of the iceberg and who is looking out for the consumers here?
The Google matter did draw Federal Trade Commission interest and examination over whether Google’s circumvention of Safari’s privacy settings violated its settlement, where the search giant promised to not “misrepresent” its privacy policies to consumers.
Will It Make a Difference?
These and other missteps are spurring an increasing number of investigations by both state and federal governmental agencies to the point where they may be overwhelmed, becoming fodder for an ongoing parade of public hearings by lawmakers. Most importantly for consumers, this leads to skyrocketing data insecurity. The result is often an uneven and, judging by the frequency of incidents, ineffective apparatus to watch for these activities and to give greater consumer protection.
California’s dedicated privacy unit will likely help coordinate the growing string of investigations, and its creation certainly illustrates the growing importance of security, data and consumers as a political priority. Perhaps a specific agency can do more than the current patchwork of state and federal agencies, local politicians and computer sleuths with a hunch have been able to do thus far.
For many years, technology greatly outpaced law enforcement and the legal system’s ability to respond, but that tide may be turning and California is seemingly catching on. One thing is sure, though — with big data devouring every idea, interaction, and move we make, we can only hope this proves a good start.