In 2018, Americans learned data-analytics firm, Cambridge Analytica, micro-targeted millions of voters in the 2016 election with campaign messaging built around specific personality traits, such as neuroticism and openness to new experiences.

More surprising, was the fact this information was gathered via a personality quiz people voluntarily filled out on Facebook.

Even more surprising, was the fact this was all legal.

For those who weren’t made aware of their level of digital exposure by the Cambridge Analytica story, the number of ads that pop up on their smartphone’s for products they were just talking about is a constant reminder. The technology available to track your location, browsing history, interests, and shopping habits is also able to process this information into sophisticated personality profiles to deliver messaging almost designed for you specifically.

It also raises the question, in a society that values the ability to keep your private life private, who should be the ultimate authority in the use and ownership of your digital identity?

I discussed this issue with Denise Howell, technology lawyer and expert on the subject of data privacy in this episode of You Don’t Have to Yell. You can listen to the episode below, on iTunes, Spotify, or wherever else you get your podcasts.

Show Notes

From my conversation with Denise, it seems there are three competing approaches to digital privacy playing out globally:

  • The European Model - Everything is the individual's. The European Union led the way in data privacy with the passage of GDPR, a law that requires individuals opt in to being tracked before a company can hold their data, and gives them the right to request companies delete this data at any time.
  • The Chinese Model - Everything is the state's. China has taken the exact opposite approach to the EU, using data available through smartphones and personal computers as a way to tamp down on dissent. The long term vision appears to be using everything from smartphone data to facial recognition technology to feed into China's social credit system.
  • The US Model - Everything's for sale. As with most things American, the United States has defaulted to erring on the side of whoever can make money off it. Americans routinely sign away their right to privacy by downloading and using specific apps, which very often communicate with each other to provide a detailed profile of the user.

While the best way for Americans to protect their data today appears to be going back to using a rotary phone (here's a picture, for those who've never used one), there does seem to be some momentum to give individuals more control over their personal data at the state level. Three states have already enacted laws protecting personal data, and another 24 have legislation in process.

This is a promising first step, as industry groups will often ask for broader federal regulations in place of a patchwork of state ones, which could make the job of getting data protections similar to GDPR available for all Americans. 

Until then, we'll just have to deal with ads for cold medicine popping up on our phone every time we sneeze.

Additional Resources

Denise Howell provides some great resources on technology law on her site

She was also kind enough to scare me straight with some other articles on how data is used to target voters: