Constant cyber hacks and distributed denial-of-service (DDoS) attacks have unfortunately become the new normal in today’s internet-connected society. We’re not even a third of the way through 2018, and already dozens of data breaches and attacks have occurred, including hackers recently stealing information associated with nearly 900,000 credit cards used by Orbitz customers and more than 5 million credit and debit cards used at Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor stores. This unrelenting onslaught has significantly eroded consumer trust in the broad ecosystem of information and communications technologies (ICTs). The growing distrust risks a calamity of public confidence that could undermine both our economy and democracy, creating a ticking time bomb.
On April 12th, the Irish High Court elevated a series of questions to the European Court of Justice (ECJ, the Supreme Court of the European Union) regarding the validity of key legal instruments used by American tech companies to process Europeans’ personal data. Judge Caroline Costello of the Irish High Court is concerned about the national surveillance practices of the United States and the level of privacy rights observed there.
Europe’s new privacy law, the General Data Protection Regulation (GDPR) will enter into force in May 2018. Understandably, given that data breaches and privacy violations have been in the headlines lately -- and given that the GDPR will reshuffle privacy protection in Europe and beyond -- many in the United States are looking to the GDPR for ideas of what to do - and what not to do. We think that it would be impractical and ineffective to copy and paste the GDPR to U.S. law -- the institutions and legal systems are just too different.
Recently, reports surfaced that Cambridge Analytica, a political consulting firm that supported President Trump’s campaign, maintained copies of private data for about 50 million Facebook users without the majority of these users’ knowledge or consent. Public Knowledge finds Facebook’s lack of consumer privacy protection particularly egregious in this case and urges Congress to protect consumers by returning control of personal data to Americans.