I am cross-posting this blog from my colleague Abe Scarr, Illinois PIRG Director. Illinois is one of numerous states taking action to protect consumer internet privacy following the FCC's complicity in allowing the Congress to repeal its pending broadband privacy rules. The states have always been "laboratories of democracy," testing new and innovative policy ideas and providing examples for Congress to take nationwide. Their leadership is needed now more than ever, not only as laboratories, but also as strongholds of good policy, acting to protect their citizens when Congress or the executive branch or even indepedent agencies like FCC and FTC (also complicit in this privacy giveaway) do not.
By Abe Scarr
Yesterday the Illinois State Senate passed SB1502, the Right to Know Act. You can see how your Senator voted here. In the wake of Congress repealing rules protecting broadband privacy, there is renewed and intense public interest in what information internet giants are collecting, storing, and selling about consumers. After years of massive data breaches, its clear that companies are collecting too much information about consumers, storing it for too long, and not taking appropriate security measures to protect it from hackers. And though well less known, the public is becoming more aware of the risks of our new big data economy, such as price discrimination. The investigative news organization Pro-Publica released an investigation in April demonstrating how insurance companies, relying on aggregated demographic data, charge residents of minority neighborhoods in Chicago more for car insurance than residents of white neighborhoods with the same risk. US PIRG's Ed Mierzwinski has been writing about the types of risk big data poses to consumers for years.
Consumers are quite understandably up in arms about what is happening with their private personal information: an April poll of Illinois residents commissioned by the Digital Privacy Alliance found that 94% dissaproved of "corporations collecting, sharing, or selling your personal information, such as your social security number, credit card number, race, religion, gender, or location, without your knowldge."
The Right to Know Act, championed by Cook County Sherrif Tom Dart and sponsored by Senator Michael Hastings is simple: if a website or app collects, stores, and shares your personal information with a third party, then you have a right to know what information they are collecting about you, and who they are sharing it with. That's it, simple. The bill would do nothing to change companies' data collection, storage, or sharing practices. It would only apply if a company does all three things: collect, store, and share/sell consumers' personal information.
You would think legislators would trip over themselves to support such a simple, incremental, popular policy to give consumers basic information about what is happening with their personal information, but the Senate passed the bill with just 31 votes -- 30 are needed to pass. Only one Republican, Senator McCann, voted to protect consumers.
As I watched the floor debate, I was baffled by how weak the opposition arguments were, and how they managed to convince a large number of Senators, both Democratic and Republican, to not vote for consumer protection (a number of Democrats, rather than record a 'no' vote, simply did not vote, but earlier told proponents they would not support the bill).
Here is a summary of the opposition arguments:
- Misinformation: the majority of opposition arguments rested on simple misinformation. They claimed the bill would require companies who otherwise are not collecting, storing, and sharing personal information to start doing so. This is false or, if you prefer, an alternative fact. The legislation requires no change in behavior and only requires companies allready engaged in this behavior to be transparent about it.
- Burdening small bussiness and entrepenuers: The opposition repeatedly claimed this legislation would place heavy burdens on small businesses and scare away tech entrepenuers. (Somehow, almost every time they talk about a small business, they mention "your local pizza parlor." Come on guys, come up with more examples, you're making me hungry!). My response to this: if you have the capability to collect, store, and sell consumers' personal information, you have the capability to be transparent about it. The best response to this argument, however, comes from actual tech entrepeneur Derek Eder, who wrote in Crain's Chicago Business: "Enhancing consumers' privacy by making data collection practices more transparent will not hamper the ability for small businesses and tech startups in Illinois to thrive— in fact, it will do just the opposite."
- This does not protect consumers: Finally, opponents flipped their earlier argument that this would change data collection and storage behavior to say 'if this isn't changing behavior, then this doesn't actually protect consumers.' This argument misses the power of giving consumers the information they need to make informed decisions. When consumers have accurate information, they are better prepared to make decisions about what websites and apps they share their data with, and which they don't. As consumers demand better practices, the market will respond. And, as Senator Hastings pointed out on the floor, if this did nothing to protect consumers, its curious why big tech has hired an army of lobbyists to spread misinformation to defeat this bill.
Thankfully, a majority of Senators were not swayed by these weak arguments. On to the House.