Should the United States adopt something like Europe’s new Privacy Laws?
Introduction
In my opinion I think that the United States should adopt something like Europe’s new Privacy Laws. General Data Protection Regulation (GDPR) is a regulation of the European Union (EU) allows EU citizens to have more control over their personal data. What it seeks to do is to simplify the regulatory environment for individuals as well as businesses so that both can fully benefit from the digital economy. The United States has problems related to data privacy. In Zimmer’s work he discusses how researchers released social media profiles that were not deidentified well, causing privacy concerns. Additionally, in Buchanan’s work the author notes that big data does not differentiate between people’s preferences (a person may agree to have their data used for marketing but not for intelligence gathering). In this Case Analysis I will argue that consequentialism shows us that the United States should follow Europe’s lead because these privacy controls will help to do the greatest good for citizens’ privacy in the United States.
Discussion involving Zimmer
When discussing Zimmer’s work one of the concepts that I think is pertinent is the fact that he does discuss the European Union’s definition of personally identifiable information (PII). He states that the European Union has a much broader definition of what PII is. The EU states that an identifiable person as one that can be identified (either directly or indirectly) by an ID number or to physical, physiological, cultural, economic, mental, or social identity. Zimmer states that California only requires information like name, social security number, driver’s license number and credit card number to be removed from the dataset (and as such is sufficiently anonymous). This shows that there is a significant gap between these two definitions.
Additionally, Zimmer notes the difference between harm-based and dignity-based theories of privacy. He notes that some of the researchers of the project made public comments that reveal gaps in their understanding of privacy as it relates to the T3 research project. Kaufman, a Harvard University professor, discusses the possible re-identifiability of the dataset in a harm-based way. He mentions “hackers”, “attackers” and what one might “do” to the dataset. This viewpoint exposes a harm-based theory of privacy protection. However, there is a broader theory of privacy: the dignity-based theory of privacy. In this theory it is recognized that someone does not need to be a victim of hacking or there be harm done for there to be concerns about one’s personal privacy. Rather having one’s personal information taken from a social networking profile and put into a database is an offence to one’s human dignity. Therefore, the dignity-based approach aligns and supports the EU’s privacy laws.
Zimmer also notes even though the T3 researchers stated that “all identifying information was deleted or encoded” the identify of the source was discovered in a short period of time. It was initially stated that the source that the data was drawn from was an “anonymous northeastern American university”. However the sources were quickly narrowed down to 13 possible universities and then assessed to be Harvard College. This re-identification showed the how fragile the privacy that was present. This gives further support that an EU-style law should be implemented in the United States.
Finally, as it relates to consequentialism, I think that the EU’s laws will do good in comparison to other less-stringent privacy laws. Consequentialism focuses on the consequences of one’s actions and takes the position that one’s actions are right if the consequences are good. It is also noted in the description of the course on Canvas that this theory is useful when thinking about policy choices and the public good.
Therefore, the fact that there is not as much information that is considered PII shows that the EU’s stance is stronger on privacy than the United States. As a result of this stronger stance, I think that the United States should adopt Privacy Laws that are like Europe’s. Additionally, the dignity-based theory of privacy protection noted by Zimmer further supports the EU’s privacy laws.
Discussion involving Buchanan
In terms of the discussion involving Buchanan, she discusses the use of a certain model (the Iterative Vertex Clustering and Classification model) to identify ISIS/ISIL supporters on Twitter. While at first glance that may seem to be something that one could use to support fewer privacy protections there are downsides to it. The author notes that ethicists and privacy advocates have pushed back against data mining and analytics in the name of security and national intelligence. The author also notes that privacy is fragile in the age of pervasive computing and gives the example of the Snowden revelations. This fragility is something that we should keep in mind when developing new laws and it is something that the EU-type privacy laws could protect.
Additionally, the author notes that the ethics of the methods of the research are not as clear as the context of the research. In order to think about the ethics of the Iterative Vertex Clustering and Classification model some of the questions that can be asked are; What is the end goal with respect to the use of the methodology? and Who will use the methodology? These methodologies do not discriminate between terrorist supports and regular people. As such the indiscriminate way these technologies can be used lends support to the introduction of EU-type privacy laws into the United States.
Also, the author notes that the United States is seeing more reflection about ethics and more intentionality when performing analysis. Recent publications as well as conferences have addressed this topic with the National Science Foundation and the National Association of Education being among them. This reflection could lend support to the introduction of an EU-type privacy law in the United States as well.
The author also notes that big data research does not necessarily allow us to consent to either the use of marketing or intelligence. For example, one may agree to use one’s data for marketing purposes but at the same time does not want their data used for intelligence gathering. Big data can reveal a lot of information about a person and their network of relations. The article also notes that society has contributed to surveillance as we have never-ending data streams and have agreed to wide ranging data collection for convenience. This behavior exposes the amount of information that has been opened for others to see and gives support for an EU-type of law to be introduced in the United States.
As discussed above consequentialism takes the position that one’s actions are right if the consequences are good. Additionally, a form of consequentialism is utilitarianism with utilitarianism being defined as the right decision does the greatest good for the greatest number of people. With this utilitarianist viewpoint in mind I think that the availability for surveillance to occur on a large scale with so many people would cause great harm. If there were introduction of EU style laws to prevent this from occurring, then I think that it would do the greatest good for the greatest number of people.
Conclusion
In conclusion, I think that there should be the introduction of a European Union style privacy law to the United States. The discussions of Zimmer and Buchanan add their support to this argument. In Zimmer’s work it is discussed how Harvard was quickly found as the source of a dataset revealing the fragility of the researchers privacy practices. In Buchanan’s work the Snowden revelations are mentioned and they show how fragile privacy can be.
Additionally, the ethical tool of consequentialism gives further support to this argument. Utilitarianism (a form of consequentialism) states that the right decision does the greatest good for the greatest number of people and it is my position that the EU-type privacy law would benefit far more people than it would harm.
An introduction of a US law similar to the European Union’s General Data Protection Regulation (GDPR) would strengthen the privacy of individuals and ultimately create a better system.