The following piece originally appeared in The Mercury News.
By Mike Montgomery
Californians are in danger of being put in position to make the same mistake Facebook did: trusting in something that promises one thing but delivers another.
It’s clear, as founder and CEO Mark Zuckerberg apologetically told Congress, that Facebook made mistakes and didn’t do enough to prevent its data “from being used for harm.”
But at the root of the Cambridge Analytica scandal, in which the company used data from 87 million Facebook users in an effort to deviously manipulate voters, was broken promises.
Facebook was promised by the original collector that the data was to be used only for “academic research.” It wasn’t. The collector promised not to sell or share the data with third parties. It didn’t. When confronted, the parties promised to destroy the data. They did no such thing.
Promises are like that. They don’t always deliver the goods.
That’s why Californians must be skeptical of the promises from backers of a ballot measure that appears headed for the November ballot. They have given their proposal the apple-pie name of the “Consumer Right to Privacy Act,” and are promising that its enactment would improve the lives of Californians.
Let us do what Facebook didn’t, and seriously examine the validity of that promise.
For starters, the Internet isn’t called the “world wide web” for nothing. It seamlessly crosses continents and oceans. It isn’t practical, possible or even desirable for California to attempt to wall itself off from the rest of the world by adopting a set of regulations that apply only from the Sierra to the Pacific.
Businesses that offer goods and services online – essentially every company in the world – cannot effectively operate if required to follow conflicting rules in a multitude of places.
It also must be noted that much of the use of personal data is, in fact, welcomed by consumers because of the convenience it makes possible.
For example, travel sites such as Expedia and Travelocity are able to put together cost-effective packages for air travel, hotels and car rentals because they can share with providers relevant personal data about their customers, such as their names. We are able to use how-did-we-ever-live-without-it services such as Google Maps or Waze because we agree to share our location.
Because this initiative prevents companies from denying service if a consumer declines to share requested information, it’s not inconceivable that those services would have to shut down in California.
That scenario may seem far-fetched, but consider the financial risks companies would have to take to conduct online business in California under this proposed initiative. It would make it possible for any individual to sue for violations without even having to show they were harmed in any way. It would mandate a minimum damage award of $1,000 per consumer, per violation.
In addition, the initiative would require any company that does business in California to provide a personal, detailed response within 45 days to any consumer who requests information about the company’s use of personal information. Just the cost of complying with that requirement could persuade businesses that provide goods and services online to steer clear of this state.
This initiative also promises a heightened right to privacy, which may be desirable, but not at any cost. For instance, a ban on cellphone videos would ensure more privacy, but at a cost that is clearly unacceptable.
Unacceptable also are only-in-California regulations that would reduce our access to desirable services, restrict our connection with the global economy and unduly hamper the technology sector that has fueled California’s robust economic expansion.
When someone makes a promise it’s best to check it out to see whether they can deliver. In the case of those who are promising a better future by promoting this initiative, the truth is they will deliver just the opposite.