Last month, the Committee for Justice submitted a letter for the record to members of the House Committee on Energy and Commerce for the April 11 hearing entitled “Facebook: Transparency and Use of Consumer Data.” We also submitted a similar letter for the record to members of the Senate Committee on the Judiciary and Senate Committee on Commerce, Science, and Transportation for the April 10 hearing entitled “Facebook, Social Media Privacy, and the Use and Abuse of Data.”
Our letters concluded that rushing to enact new legislation regulating online data collection and use would hinder innovation in the rapidly evolving world of social media and data-driven marketing and negatively impact our nation's economic growth.
In light of the Wednesday Senate Judiciary Committee hearing on “Cambridge Analytica and the Future of Data Privacy,” we would like to emphasize that we remain convinced that a rush to enact data privacy legislation is not only unnecessary but, if enacted, would hurt consumers and threaten the online ecosystem that has transformed our daily lives.
Here are a few particularly relevant highlights from our letter to the Energy and Commerce Committee:
Government-imposed restrictions on data collection would undercut economic growth, the vibrancy of the online ecosystem, and consumer satisfaction. In recent decades, consumers’ personal and professional lives have been transformed for the better by a vast collection of data-driven online resources that are made available to consumers for no cost because they are subsidized by advertising. These resources have also been an engine of economic growth, even during difficult economic times. For example, more than 70 million small businesses now use Facebook to grow and create jobs. In particular, data-driven marketing, at issue in this hearing, is estimated to have added more than $200 billion to the U.S. economy in 2014, a 35% increase over just two years earlier.[1] Government-imposed restrictions on such marketing would slow or reverse this economic growth, while hurting consumers by causing the demise of many of the data-driven online resources they rely on.
Legislation designed to reign in big companies like Facebook will inevitably harm small companies and tech startups the most. When regulations restrict companies' ability to collect and use data, advertisers and other online companies experience decreased revenue. Large companies can typically survive these decreases in revenue, while small companies are often driven out of business. The vast majority of Internet companies fall in the latter category and include the very companies that might otherwise grow to compete with and even supplant Facebook and the other tech giants of today. The European Union’s Privacy and Electronic Communications Directive (2002/58/EC) provides an unfortunate example of the harm privacy regulations can inflict on small businesses.[2] It is one reason why there are relatively few technology start-ups in Europe and most of them struggle to receive venture capital funding.[3]
Public opinion polls showing support for stronger data protections are misleading because they rarely confront consumers with the monetary of and other costs of their choices. [4] A 2016 study found that, despite most participants’ unease with an email provider using automated content analysis to provide more targeted advertisements, 65 percent of them were unwilling to pay providers any amount for a privacy-protecting alternative.[5] …[S]uch studies remind us that most consumers do not value data privacy enough to pay anything for it. That should not be too surprising considering that today's thriving but largely unregulated social media ecosystem is not something that was thrust upon consumers or arose from factors beyond their control. Instead, it arose through the collective choices and values trade-offs of billions of consumers.
The Cambridge Analytica incident that sparked this hearing must be put in perspective. It is important to remember that the personal data disclosed by Facebook to an academic app builder named Aleksandr Kogan was not the sort of highly private data—credit card numbers, health records, and the like—that is sometimes stolen by hackers to the great detriment of consumers.[6] The data disclosed by Facebook came from the profiles of its users and consisted mostly of names, hometowns, and page likes—in other words, the type of data most people on Facebook are public about.[7] However, even that data is no longer available to app developers today.[8] ...Finally, the concern that has focused so much attention on the Kogan incident—claims that the data was used by Cambridge Analytica to put Donald Trump over the top in 2016—have little basis in fact.[9]
[1] Deighton, John and Johnson, Peter. “The Value of Data 2015: Consequences for Insight, Innovation and Efficiency in the U.S. Economy.” Data & Marketing Association. Dec. 2015. http://thedma.org/advocacy/data-driven-marketing-institute/value-of-data/.
[2] OJ L 201, 31.7.2002, p. 37–47, ELI: http://data.europa.eu/eli/dir/2002/58/oj.
[3] Scott, Mark. "For Tech Start-Ups in Europe, an Oceanic Divide in Funding." The New York Times. January 19, 2018. https://www.nytimes.com/2015/02/14/technology/for-tech-start-ups-in-europe-an-oceanic-divide-in-funding.html.
[4] McQuinn, Alan. "The Economics of 'Opt-Out' Versus 'Opt-In' Privacy Rules." Information Technology and Innovation Foundation. Oct.6, 2017. https://itif.org/publications/2017/10/06/economics-opt-out-versus-opt-in-privacy-rules.
[5] Strahilevitz, Lior Jacob, and Matthew B. Kugler. “Is Privacy Policy Language Irrelevant to Consumers?" The Journal of Legal Studies 45, no. S2. Sept. 9, 2016. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2838449.
[6] Symeonidis, Iraklis, Pagona Tsormpatzoudi, and Bart Preneel. Collateral Damage of Online Social Network Applications. 2016. https://eprint.iacr.org/2015/456.pdf; Ruffini, Patrick. "The Media's Double Standard on Privacy and Cambridge Analytica." Medium. March 20, 2018. https://medium.com/@PatrickRuffini/the-medias-double-standard-on-privacy-and-cambridge-analytica-1e37ef0649da.
[7] Albright, Jonathan. "The Graph API: Key Points in the Facebook and Cambridge Analytica Debacle." Medium. March 20, 2018. https://medium.com/tow-center/the-graph-api-key-points-in-the-facebook-and-cambridge-analytica-debacle-b69fe692d747.
[8] Facebook, "The New Facebook Login and Graph API 2.0." Facebook for Developers. April 30, 2014. https://developers.facebook.com/blog/post/2014/04/30/the-new-facebook-login/.
[9] Kavanagh, Chris. "Why (almost) Everything Reported about the Cambridge Analytica Facebook 'Hacking' Controversy Is Wrong." Medium. March 26, 2018. https://medium.com/@CKava/why-almost-everything-reported-about-the-cambridge-analytica-facebook-hacking-controversy-is-db7f8af2d042?mc_cid=849ab4c39f&mc_eid=5a60ec2d43l