May 17, 2024
Privacy Luxury?
Expert Commentary & Strategic Cybersecurity--By Nick Reese
May 17, 2024
Originally published May 10, 2024 in GoTech Insights.
We’ve all been there. You board a plane for a long flight, and in an annoyingly genius bit of marketing, the airline ensures they walk you right past the business class seats so you can see how comfortable you COULD be. But instead of stopping in row 3 and enjoying some complimentary champagne and macarons (seriously, Icelandair does this), you waddle to the back, dodging haphazardly stored overhead luggage until you reach row 24 right next to the lavatory. You settle into the realization that the middle seat in the back of the plane is your whole universe for the next 7 hours. But it doesn’t have to be, right? All you have to do is part with a little more (ok, a lot more) of your hard-earned cash, and you can enjoy the comforts of lay-flat seats, real silverware that won’t break off in the middle of your chicken curry, and less bleary-eyed arrival at your destination. This is an example of paying for luxury, a commodity that no one has the right to on an airline. Airlines solved the question of luxury or right a long time ago, if it was ever a question, and we all accept it even if we don’t like it. The biggest question surrounding data privacy policies surrounds whether we view this privacy as a luxury or a right and the answer will inform the future privacy laws and policies that so many are calling for.
In Europe, the question of whether data privacy is a right or a luxury is settled. The General Data Protection Regulation or GDPR makes for excellent fodder for talking points for American officials who interact with EU officials, but its impact is undeniable. Many Americans will argue with the generous help of American regulatory skepticism that GDPR and technology regulations like it stifle innovation. Maybe that’s true, but we aren’t here to debate it. What we know for sure and can see every time we have to accept cookies on a new webpage is that GDPR views the issue of data privacy as a right for all EU citizens regardless of where they are in the world. In the EU, you own your data.
The US takes an entirely different approach as it pioneered a system by which consumers get “free” services in exchange for a broad and liberal view of how that service can use the data that you generate. Signing up for a social media account or email account does not require you to remove your credit card from its resting place, but that hardly means it is free. Sure, there are targeted ads, but those ads are targeted because the platform has harvested your data and sold it to those ad companies. We all know this, and maybe we don’t like it, but we still use those services at the end of the day. In the American view, companies own your data and can monetize its value to the maximum. In exchange, you get an email account with a few gigs of storage, which barely qualifies as a sneeze of that tech company’s budget.
Many privacy advocates will say that we need to stop allowing companies to profit from our data, and that absolutely sounds like a righteous cause we can all get behind. However, removing the data monetization revenue stream means that those companies have to find another way to generate revenue or go out of business. The likely way they could generate new revenue is by having users directly pay for services that data revenue previously paid for. This is where the conversation gets interesting because not everyone will be able to pay, and that has implications. Chiefly around whether privacy is a right or a luxury reserved for those who can afford the price tag.
Let’s imagine a world where email accounts don’t collect and sell your data. The company offering the privacy-protected email service would, by necessity, need to charge some amount per month for its service. This means, in effect, that those who can afford privacy can purchase it, and those who cannot are out of luck. Maybe the same company provides tiers of service. To make that viable, the lower tiers would need to provide less of something, storage, emails per day, privacy protections, cybersecurity protections, etc. If the company did not do this, it would ensure that everyone would sign up for the lowest tier and hurt its revenue stream. You can imagine similar situations with social media sites and search engines.
So what? So, some people pay, and some people can’t afford it. Capitalism, right? Well, there is a serious inequity problem that could be created if we start to get into the business of limiting who can get access to social media and other communications and information-gathering tools. Literal revolutions have been started and coordinated using these tools. Women and girls who are not permitted to receive formal education have sought education materials using these tools. If we go to a fully paid model, we cut access to the internet and its full suite of services from those who need it the most. A 2011 UN report specifically called for States to ensure the protection of access to the Internet:
Given that the Internet has become an indispensable tool for realizing a range of human rights, combating inequality, and accelerating development and human progress, ensuring universal access to the Internet should be a priority for all States (United Nations Human Rights Council ).
It would be difficult, even in a thought exercise, to imagine a world where privacy goes to either extreme. Fully a right where companies are prohibited from profiting from user data or fully a luxury where data can be protected if you have enough money to sit in business class. The more likely scenario is a hybrid model that ends up as an outgrowth of the lessons learned from GDPR and from the various state legislation on privacy, such as the California Consumer Privacy Act .
As calls grow for federal privacy legislation, the central question is whether we will consider privacy a right or a luxury. Either choice has implications, and even leaning more heavily in one direction or the other has implications. It is critical that policymakers and lawmakers consider what would happen if data revenue were limited or removed from technology companies and what that would mean not for innovation but for access for those who cannot afford to pay directly. The nightmare scenario is one where those whose data can be profited from by companies are ONLY those who cannot afford to pay for privacy. This would equate to the creation of a digital caste system where the wealthy can afford to buy their way out of the aggregated data, and those who cannot afford it are exploited for profit.
So, it comes down to a balance between luxury and right – something like economy plus. But the balance between luxury and right is going to be the central story of how any future broad, sweeping privacy policy legislation is created and rolled out. But more importantly, it will tell the story of the second and third-order effects those policies and laws will have…and on whom.
Thanks for reading Frontier Foundry Substack! Subscribe for free to receive new posts and support my work.