Privacy policy impasse as ‘crisis’

By Robert Gilway
|
October 1, 2021
| No Comments

By Jim Harper

A recent letter sent to new Federal Trade Commission (FTC) chair Lina Khan is easy to deride as a partisan regulatory effort. But it offers more as a jumping-off point for understanding privacy and — more importantly — for understanding our constitutional system of government. Privacy is no more demanding of federal regulation now than it was 20 years ago. Seeking such regulation from an independent agency rather than through normal legislative channels is a counter-constitutional tradition that has already gone too far. The FTC should not step in where Congress won’t.

via Pixabay

Last week, nine senators sent a letter to Khan asking the FTC to create “strong protections for the data of members of marginalized communities, prohibitions on certain practices (such as the exploitative targeting of children and teens), opt-in consent rules on use of personal data, and global opt-out standards.” To justify immediate regulatory action in the face of congressional inaction, they said that “consumer privacy has become a consumer crisis.”

The budding language of emojis helps highlight a tension: There is a crisis, and the crisis has not spurred congressional action. Indeed, the letter has but nine signatories. 🤔

“Crisis” has been a staple of the privacy discussion for a long time. Fifteen years ago, people talked of the coming “privacy Exxon Valdez.” Ed Felten, founder of the Center for Information Technology Policy at Princeton University, former chief technologist at the FTC, and deputy US chief technology officer in the Barack Obama White House, wrote about privacy crisis in 2006: “It’s hard to imagine a large loss where the privacy harm doesn’t seem incidental. So it will have to be a leak of information so sensitive as to be life-shattering. I’m not sure exactly what that is.” Computer security expert Adam Shostack responded that “there will be no privacy Chernobyl,” reprising the thought two years later. (Six years later — four years ago — Shostack wrote that “privacy has had its Chernobyl moment.” 🤔 😂)

These are professional friends whom I enjoy and admire. It
is not a failure of theirs but a failure of the crisis metaphor to capture what
is going on. The senators who wrote to the FTC failed to put rhetorical fish in
the proverbial barrel when they declined to claim a “privacy Fukushima,”
“privacy Katrina,” or “privacy COVID-19.” There is no real crisis.

In our public policy debates, the word “privacy” stands in
for a host of values that are threatened in various ways by advancing
information technologies and rapidly changing business practices. The sources
of threat differ, and there are tensions between the values themselves. In
their four-pronged prescription, the authors of the recent letter address
fairness vis-à-vis race and socioeconomic status, fairness vis-à-vis
age/competence, and control of personal information (the heart of true privacy,
in my opinion). I discussed the many dimensions of privacy in a recent report,
Privacy and the four categories of information technology.”

There is the acute possibility of unfairness in our new
technology and business systems. They tend to outstrip people’s knowledge and
capacity to control personal information, so they indeed threaten privacy. But
attacking these problems in one fell swoop is beyond another type of capacity —
the capacity of government officials and agencies to comprehend and wisely
choose.

In our democratic system (and in social contract theory),
the power to act on select national priorities moves from the people to their
elected representatives, who are pledged to use that power for the good of the
nation. It is arguable whether privacy (as fairness, control, or anything else)
is an object of the powers the people gave Congress at the founding.

The limits on congressional power having fallen away in the 20th century, not yet to be restored, the question becomes whether it is appropriate for elected representatives to give their power away to unelected administrative functionaries. It is not. An important book on the revival of royal prerogatives in the administrative state of today — yes, royal prerogatives that we thought had been wrested away — is Philip Hamburger’s “Is Administrative Law Unlawful?” Spoiler alert! Yes.

It is easy to deride a blog post from a right-of-center
think tank as a partisan anti-regulatory effort. This piece throws cold water
on privacy regulation, and it tracks a tired constitutional catechism:
enumerated powers, non-delegation, and so on. If any skeptical reader arrives
this far — I suspect I could count you on my fingers and have a hand free —
consider that the governance system I argue for here is as or more important to
you than privacy. It is our democracy.

Learn more: The FTC moves toward a command economy | An obscure Supreme Court ruling is a cautionary tale of federal power | What if data brokers aren’t doing anything wrong?

The post Privacy policy impasse as ‘crisis’ appeared first on American Enterprise Institute – AEI.

Housing Finance, Housing Policy