Consumers are overwhelmingly pleading for the government’s help in the face of an ever-growing list of corporate data breaches and privacy mishaps — but few have faith help will ever arrive.
A full 75% of Americans say there should be more government regulation of consumer data and how businesses may use that information, according to a study published Friday by the Pew Research Center. The figure reflects the views of as many as seven in ten Republicans, and more than eight in ten Democrats.
The widespread support for government action underscores consumers’ growing frustration with a largely unregulated data marketplace, and a digital economy that critics say often values profits over privacy.
As businesses increasingly scavenge for insights on consumers’ shopping preferences, entertainment habits and even their bodily functions, the Pew study highlights how many Americans feel they’ve lost control over their own personal information. Seventy-nine percent of Americans say they aren’t confident companies will take responsibility when they misuse consumer data, and three out of four Americans told Pew they are not confident that companies’ mistakes will be held accountable by the government.
“There’s a sense that companies are not necessarily the best stewards of the data,” said Lee Rainie, Pew’s director of internet and technology research and the author of Friday’s report, in an interview. “I think it’s pretty clear that the public is not convinced the government is doing all it can and should.”
Some notable incidents that likely contributed to that perception, said Rainie, include the 2013 disclosures about government surveillance by former intelligence contractor Edward Snowden and Facebook’s Cambridge Analytica scandal.
The nation’s top privacy watchdog, the Federal Trade Commission, has sought to make the issue a priority. Beginning in the Obama administration, the FTC published reports on commercial data brokers like Equifax (EFX) and prosecuted a number of high-profile data breaches. This year, the FTC entered into a $5 billion settlement with Facebook (FB) over privacy breaches and a $170 million settlement with YouTube over alleged privacy violations.
But despite the record-breaking amounts of some of those financial penalties, critics of the government — including lawmakers and some within the FTC itself — have said it isn’t doing enough. Rohit Chopra and Rebecca Slaughter, two of the FTC’s Democratic commissioners, have said the Facebook settlement should have held company executives personally liable. US senators including Missouri Republican Josh Hawley and Connecticut Democratic Richard Blumenthal have criticized the $5 billion penalty as little more than a slap on the wrist for Facebook.
In a House hearing this week, FTC Chairman Joseph Simons said the agency has done as much as it could with the legal tools at its disposal. The FTC lacks the power to do what European regulators can to hold businesses accountable, he said, or what California officials will be able to do under the state’s new privacy law beginning next year. The California Consumer Privacy Act, or CCPA, takes effect Jan. 1.
“On the privacy side, we have a 100-year-old statute that was not in any way designed to anticipate the privacy issues we face today,” Simons said in the hearing. “My predecessors at the FTC did an amazing job inventing, essentially out of whole cloth, a privacy regime that is the most aggressive in the world. So I think if you want us to do more on the privacy front, then we need help from you.”
In a statement addressing the Pew study, the FTC said: “This supports our recommendation that Congress enact new federal privacy legislation that would give us additional tools to protect consumers from misuse of their data.”
Despite the sweeping support for tackling this issue from consumers, lawmakers have struggled to craft a bipartisan bill this year to address privacy and data. The key roadblocks include a dispute over how far a federal bill should go in overriding state privacy laws, and whether private citizens and groups should be allowed to sue companies for privacy violations.
Some House lawmakers are pushing forward anyway. Last week, California Democratic Reps. Zoe Lofgren and Anna Eshoo introduced a bill that would clarify Americans’ rights over their data and establish a new, federal-level digital privacy regulator. The bill was welcomed by privacy and consumer advocates. But it includes a provision on private lawsuits that is unlikely to pass muster with Republicans in the Senate.
In light of the gridlock, some experts say Americans’ frustration with the federal government is understandable.
“Consumers are right to be skeptical,” said Margot Kaminsky, an associate law professor at the University of Colorado who studies privacy issues. But, she added, consumers should expect “a wave” of lawmaking at the state level. States including Texas, Connecticut and Hawaii have established task forces to study the CCPA as it goes into effect — a potential prelude to their own attempts at legislation.
“The concerns reflected in the Pew study are having a noticeable impact on the ground in state politics,” she said. “States are stepping in as consumer protectors in privacy law, just as they are in a variety of other spaces.”