In the face of such exploitative forces, Americans have historically asked government to shield them. The law protects us from banks that would abuse our ignorance and human weaknesses—and it precludes the commodification of our financial data. When manufacturers of processed food have stuffed their products with terrible ingredients, the government has forced them into transparently revealing the full list of components. After we created transportation systems, the government insisted on speed limits and seat belts. There are loopholes in all of this, but there’s an unassailable consensus that these rules are far better than the alternative. We need to extend our historic model to our new world.
Fortunately, we don’t need to legislate in the dark. In May, the European Union will begin to enforce a body of laws that it calls the General Data Protection Regulation. Over time, European nations had created their own agencies and limits on the excesses of the tech companies. But this forthcoming regime creates a single standard for the entirety of the EU—a massive and largely laudatory effort to force the tech companies to clearly explain how they intend to use the personal information that they collect. It gives citizens greater powers to restrict the exploitation of data, including the right to erase data.
The time has arrived for the United States to create its own regulatory infrastructure, designed to accord with our own values and traditions—a Data Protection Authority. That moniker, as I wrote in my book World Without Mind, contains an intentional echo of the governmental bureau that enforces environmental safeguards. There’s a parallel between the environment and privacy. Both are goods that the unimpeded market would ruin. Indeed, we let business degrade the air, waters, and forests. Yet we also impose crucial constraints on environmental exploitation for commercial gain, and we need the same for privacy. As in Europe, citizens should have the right to purge data that sits on pack-rat servers. Companies should be required to set default options so that citizens have to affirmatively opt for surveillance rather than passively accept the loss of privacy.
Of course, creating a Data Protection Authority would introduce a dense thicket of questions. And there’s a very reasonable fear that the rich and powerful will attempt to leverage these rules in order to squash journalism that they dislike. Thankfully, we have a more press-friendly body of jurisprudence than the Europeans—and we can script our law to robustly protect reportage. Besides, the status quo poses far graver risks to democratic values. Once privacy disappears, it can never be repaired. As demagogues exploit the weaknesses in our system, our political norms might not recover.
When Cambridge Analytica deployed an app to bamboozle Facebook users into surrendering data, it cracked a fiendish joke. It gave its stalking horse creation a name—and it was a name that seemed to acknowledge a vast and terrible exploitation. The company called its product thisisyourdigitallife. If we can move beyond rhetorical venting, it needn’t be.