Holiday season is upon us, and so are the promotional emails, sponsored ads, refer-a-friend discounts, and, of course, influencer suggestions. Scroll. Swipe. Click. Add to cart. Continue shopping.
One of the most intriguing things about the concept of privacy, if you ask me, is that it involves so many delicate acts of balance and compromise. How much do we value privacy when it is so appealing to take 10% off? How much of that transaction includes the invisible price we put on our personal data? Luckily, there is more guidance for consumers today than ever before on how valuable privacy is in the holiday marketplace.
As everyone is getting into gift-giving mode, privacy professionals may enjoy browsing through the "Privacy Not Included: a holiday buyer’s guide from Mozilla." This product and service review site is intended to help people learn more about the most (and least) privacy-protective and data secure gadgets out there. It examines 151 different gifts, rating each based on a set of factors that include whether they have cameras or microphones, track your location, and use encryption and strong passwords.
The guide rates products along three dimensions: privacy, security and artificial intelligence. It explores questions such as whether and how the product/service can snoop on you, what data the company collects from you and how it uses it, and it also rates the company’s known track record of protecting users’ data. It also looks at whether the product/service meets minimum security standards, uses encryption, strong passwords, security updates, and whether and how it manages vulnerabilities. In assessing AI, Mozilla looked at whether the AI is untrustworthy, the kinds of decisions the AI makes about you or for you, whether the company is transparent about how the AI works, and whether users have any control over the AI features. For products/services that raise red flags, it also provides tips on how to protect yourself.
It assesses a range of products and services. These include text and video call apps such as Threema, Signal, FaceTime, Facebook Messenger, and Google Duo/Hangouts; video conferencing and productivity apps Slack, Zoom, and Teams; game consoles like the PS5, XBox Series X & S, and Nintendo Switch; as well as STEM/coding learning kits for kids, such as the iRobot Root and Artie 3000 Coding Robot, both of which were given top marks by Mozilla researchers.
Other products/services in the “Best Of” category included the iRobot Roomba robot vacuum, the Garmin Venu smartwatch, and Apple’s Homepod Mini smart speaker. Those near the bottom of the ranking are the Facebook Portal smart display, the Amazon Echo smart speaker, and exercise equipment, like the NordicTrack Treadmill and Rower and the Peloton Bike and Tread.
But Mozilla is not the only organization shining much-needed light for consumers onto the privacy actions of companies just before the biggest shopping day of the year. On Nov. 19, Reuters published findings from its investigation into Amazon’s lobbying activities, which found Amazon has co-written or authored outright multiple pieces of U.S. state privacy legislation, from Washington’s 2017 law on biometric identifiers to this year’s Virginia Consumer Data Protection Act. And this adds to the efforts of Amazon, Google and others across the pond to “weaken” and “stall” efforts toward the passage of the ePrivacy Regulation.
Indeed, in the EU, the tracking and data collection practices of big U.S. companies are drawing more and more attention from regulators and lawmakers. Though few details are known about the scope of the alleged infraction(s), Amazon has set the record for the largest GDPR fine.
But now the regulatory chorus is growing stronger in the U.S., where governance has long held the principle of self-regulation at its core. It is worth remembering that recently-appointed FTC Chair Lina Khan achieved scholarly stardom with her publication in the Yale Law Journal entitled “Amazon’s Antitrust Paradox,” which scrutinized the behemoth’s market dominance. Though the focus of her analysis was on anti-competitive behavior rather than privacy practices, we know she is also skeptical toward some commonly-held beliefs about the regulation of online platforms — and has even been dubbed a “privacy hawk” (aside: wouldn’t we all love to be complimented like that?). Also, as IAPP’s Joe Duball 30% increase in the FTC’s appropriations over the next decade and enable it to create a new bureau to enhance its work on unfair and deceptive practices in privacy, data security, identify theft and related issues.
Appetite also remains on Capitol Hill for greater consumer protection through new federal privacy legislation. Last week, U.S. Representatives Anna G. Eshoo, D-Calif., and Zoe Lofgren, D-Calif., reintroduced their Online Privacy Act, the first version of which appeared in 2019. The bill still stands out as one of the most protective of consumer privacy for its rights to access, correction, deletion and data portability, as well as the establishment of a private right of action. The bill is also notable for its mandate to create a new federal Digital Privacy Agency staffed by some 1,600 employees. The updated bill provides additional privacy protections and also would create an Office of Civil Rights within the newly-established DPA. Furthermore, it would allow state privacy regulators, i.e., the California Privacy Protection Agency, to enforce the law alongside state attorneys general. The bill has received endorsements from numerous consumer rights advocates, nonprofits and academics, including Shoshana Zuboff, Francesca Bignami and Joseph Turow.
As privacy remains at center of so many of these legislative agendas, there’s no telling everything that is in store for privacy professionals before the year comes to an end. With that, I wish everyone very happy holidays full of comfort, joy, and lots and lots of privacy.
Photo by Tamanna Rumee on Unsplash