An invitation to walk in the Labor Day Parade got me thinking about labor law as an alternative path to meaningful data privacy regulation.
Think about this: There is a popular meme used to explain the exchange of our data for free online services.
“When something online is free, you are not the customer; you are the product,” it says.
This idea is generally adapted to fit the regulatory argument du jour. Another popular way to explain the exchange of our data for free services is to say, “The services we enjoy are not free; we are paying for them with a new form of currency, our data.”
There is some validity to each of these ideas, but both assume that users inevitably exist to serve the commercial interests of the data elite. I reject this notion. At the moment, most users are humans, and in America, being human comes with some “unalienable” rights.
We are a workforce
We are neither digital products nor possessors of a fungible currency that represents the marginal value of our data. We are underpaid digital workers whose labor behaviors generates raw data, which is used in the manufacture of digital products. These digital products, such as interactive advertisements, generate hundreds of billions of dollars of revenue for the organizations we work for.
Our de facto employers include Google and its family of products: YouTube, Waze, Gmail; Facebook and its products: Instagram, WhatsApp, etc.; Twitter; and every other social network, search service or digital product—website or app—we are offered free access to.
The current approach to regulation
In September 2019, Google agreed to pay the Federal Trade Commission and the New York Attorney General a record $170 million to settle allegations that YouTube violated the Child Online Privacy Protection Act (COPPA) by collecting personal information from viewers of child-directed channels without first notifying parents and getting their consent.
Some may see this fine as a victory. It is anything but that. If Google had obtained permission from these children’s parents, it would not have been fined. But Google would have still acquired all of the same data. Google was fined for a protocol error. Nothing in this lawsuit attempted to do anything to protect the children or the parents or any of us from how Google will use the data, how the data is classified (or misclassified), or what deals are made with it.
In charging Google $170 million for its alleged violation, regulators viewed the issue of data privacy through last century’s lens. It is as if the regulators did not have the appropriate language or understanding required to draft a law that would protect us from the abuse or misuse of data, so they could only regulate its collection.
A different approach to regulation
If we want meaningful transparency regarding the use of our personal data, which I assert are the fruits of our labor, maybe we should be thinking differently about how to use the laws of the land.
We have only vague definitions for data privacy, and there are years of regulatory hurdles to defining an appropriate and fair national digital authentication schema.
But if we can make the case that we are employees of the data elite organizations that use our data, we can collectively bargain for the work conditions and wages we think we deserve. To do this, one human resources lawyer suggests that we ask the data elite organizations what they would have to pay researchers, pollsters and other gatherers of data if we refused to provide our services to them. This would set a value on our labor.