Over the past several years the business of privacy has grown exponentially. The International Association of Privacy Professionals indicates that it now has more than 40,000 members, with 1,000 new members joining each month in 2018. To put this growth in perspective, the IAPP had only 10,000 members in 2012. The growth of the IAPP in the past several years has followed the broader professionalization of privacy, with businesses and governments increasingly creating privacy offices and investing in privacy and cyber security technologies.
The professionalization of the privacy industry has been focused around the control of personal data and complying with government regulations, most recent and notable being the EU General Data Protection Regulation. With the growth of privacy as a profession, personal data is being increasingly respected and companies understand that consumers should have greater control over their own information.
That being said, if the privacy industry’s ultimate goal is to seek the protection of privacy, the industry must become advocates for change. Rapidly evolving technologies are constantly creating new threats to personal privacy. Privacy professionals are in a position to understand these emerging threats and be on the front lines in the fight to protect privacy as a fundamental right.
As advocates, privacy professionals will face at least three inherent challenges in the pursuit of legislative solutions to address privacy harms. Foremost, privacy is such a broad topic that addressing the issue can seem like an overwhelming task. The answer is to personalize privacy and connect theoretical harms to real world scenarios. The most successful privacy initiatives have been able to move legislation by clearly defining harms and mobilizing support. For example, a collection of advocates were recently able to pass, FOSTA-SESTA, a law designed to remove civil immunity from those online platforms that knowingly facilitate human sex trafficking. Through effective collaboration and public engagement, advocates were able to raise awareness for the issue and gather broad support for the legislation.
Another problem is that privacy is a component of many other causes. Privacy issues are raised within the context of online safety, online content moderation, civil rights, criminal and economic justice, women’s rights, mental health and technology. While existing and established organizations working in these spaces address privacy, they typically do so within the confines of their limited spheres. For example, the American Civil Liberties Union works on issues surrounding constitutional rights and threats to privacy from government surveillance, data tracking and corporate collection of information. The ACLU does not address broader privacy objectives such as preventing online harassment or reforming Section 230 of the Communications Decency Act.
The legislative results belie the need for advocates that can coalesce around broad privacy objectives and mobilize support at scale. Despite the number of organizations taking on privacy as a cause and the amount of attention on privacy issues, at the Federal level, privacy legislation has been incremental at best. Congress is replete with examples of where no action was taken despite tough talk following a well-publicized privacy breach.
Advocates also face the challenge of raising awareness for privacy issues outside the traditional privacy realms of consumer protection and government surveillance. In July 2017, Congresswoman Katharine Clark introduced the Online Safety Modernization Act of 2017. The bill would criminalize nonconsensual pornography, swatting and the publication of personally identifiable information of another for the purpose to “threaten, intimidate, harass or cause other harm.” Furthermore, the bill would direct the Department of Justice to: develop a strategy to “reduce, investigate, and prosecute cybercrimes;” to publish statistics on cybercrimes against individuals; add resources to address cybercrimes; make grants to state and local governments to prevent and enforce and prosecute cybercrimes.
Congressman Clark’s bill would protect important privacy rights, including what Justice Brandeis called “the right to be let alone.” However, the legislation has not received much attention from existing advocacy/privacy organizations. Without advocates to mobilize support for the bill, the legislation has languished in committee with only seven co-sponsors.
For privacy professionals addressing privacy within the confines of compliance, become an advocate for privacy causes that may be outside your particular area of expertise. If you have been involved in implementing GDPR protocols, learn about another aspect of privacy, such as issues surrounding cyber harassment or cyber bullying and become an ally for organizations working in those privacy areas by offering your support, knowledge and resources. For example, consider contributing to the Cyber Civil Rights Initiative or Without My Consent, two organizations that help victims of online abuse. If you live or work in New Jersey, help me grow the advocacy organization that I started, the Privacy Initiative of New Jersey. At a minimum, contact your local, state and Federal representatives and support privacy legislation, like the Online Safety Modernization Act, that addresses gaps in the law and educate your legislators as to importance of protecting privacy.
With the spotlight on privacy in connection with Cambridge Analytica, Facebook and the enactment of GDPR, privacy is having its moment. Now, to build off the momentum of this moment, privacy needs a movement with advocates passionate not just about protecting data, but all aspects of privacy, from removing expunged criminal records appearing on the Internet to government surveillance issues to the problem of data brokers selling personal information to any willing buyer. Privacy professionals should be at the forefront of this movement, bringing their issue expertise to addressing the privacy challenges of today and tomorrow.
If you want to comment on this post, you need to login.