Cyber Brief: Data Privacy

Recent years have seen increased interest in data privacy and answering the question of what sort of data collection, by whom and for what purpose, is legitimate. The U.S.’s Federal Trade Commission for years has filed complaints against companies with misleading or malicious data privacy policies, such as its 2012 cases against Facebook and Google. Though the latter of these cases ended in a record $22.5 million civil penalty, and the FTC continues to bring cases against the misuse of consumer data, these questions have remained largely unanswered. Two recent laws have attempted to legislate answers to these questions: the European Union’s 2016 General Data Protection Regulation, which came into effect in 2018, and California’s Consumer Privacy Act of 2018. Both laws, to varying degrees, attempt to limit the ways that companies can collect or use consumer data without notifying the individual.

2018 also saw increased Congressional interest in the issue following the Cambridge Analytica scandal, with both the House and Senate holding hearings questioning tech giants about their data security and consumer privacy practices. More recently, several Senators sent letters to Facebook, Apple, and Google about “Project Atlas,” a paid data collection research program run by Facebook which specifically targeted teenagers.

A recent report from NATO highlights the dimensions of this question beyond individual privacy. Inadequate data privacy can allow for malicious actors to track military forces and influence the actions of soldiers. While it remains unclear how the global question of data privacy will be resolved, there are increasing economic and security incentives to find answers.

The following is a collection of documents related to questions of data collection, ownership, and privacy.

Documents

Federal Trade Commission vs., Facebook, Inc. – Complaint, July 27, 2012. Unclassified.

United States of America vs. Google, Inc. – Oder for Permanent Injunction and Civil Penalty Judgment in the United States District Court for the Northern District of California, November 16, 2012. Unclassified.

Julie Brill, “Privacy and Data Security in the Age of Big Data and the Internet of Things,” January 5, 2016. Unclassified.

Official Journal of the European Union, Regulation (EU) 2016/679 of the European Parliament and of the Council, April 5, 2016. Unclassified.

Federal Trade Commission, Privacy & Data Security Update: 2016, January 2017. Unclassified.

California Office of the Attorney General, California Consumer Privacy Act of 2018, Version 2 (Amendments), November 17, 2017. Unclassified.

Federal Trade Commission, Privacy & Data Security Update: 2017, January 2018. Unclassified.

European Commission, “Questions and Answers – General Data Protection Regulation,” January 24, 2018. Unclassified.

Mark Zuckerberg, CEO, Facebook, Statement for the Record for the Senate Committee on the Judiciary and the Senate Committee on Commerce, Science, and Transportation, “Facebook, Social Media Privacy, and the Use and Abuse of Consumer Data.” April 10, 2018. Unclassified.

Ashkan Soltani, Statement for the Record for the Senate Committee on Commerce, Science, and Transportation, “Cambridge Analytica and Other Facebook Partners: Examining Data Privacy Risks.” June 19, 2018. Unclassified.

Damien Kieran, Data Protection Officer, Twitter, Inc., Statement for the Record for the Senate Committee on Commerce, Science, and Transportation, “Examining Safeguards for Consumer Data Protection.” September 26, 2018. Unclassified.

Andrew DeVore, Vice President and Associate General Counsel, Amazon.com, Inc., Statement for the Record for the Senate Committee on Commerce, Science, and Transportation, “Examining Safeguards for Consumer Data Protection.” September 26, 2018. Unclassified.

Guy “Bud” Tribble, Vice President for Software Technology, Apple, Inc., Statement for the Record for the Senate Committee on Commerce, Science, and Transportation, “Examining Safeguards for Consumer Data Protection.” September 26, 2018. Unclassified.

Alastair Mactaggart, Chair, Californians for Consumer Privacy, Statement for the Record for the Senate Committee on Commerce, Science, and Transportation, “Consumer Data Privacy: Examining Lessons from the European Union’s General Data Protection Regulation and the California Consumer Privacy Act.” October 10, 2018. Unclassified.

NATO StratCom COE, Responding to Cognitive Security Challenges, January 2019. Unclassified.

Richard Blumenthal, Edward J. Markey, and Josh Flawley, “Letter to Tim Cook,” February 7, 2019. Unclassified.

Richard Blumenthal, Edward J. Markey, and Josh Flawley, “Letter to Mark Zuckerberg,” February 7, 2019. Unclassified.

Richard Blumenthal, Edward J. Markey, and Josh Flawley, “Letter to Hiroshi Lockheimer,” February 7, 2019. Unclassified.