Is Big Brother Watching You?
BY AUSTIN KIM '25
While you might come across the saying "Big Brother is watching you" in reference to the widespread government surveillance of citizens worldwide, the reality is that it’s unfolding in your own life. Most of you already know that apps like TikTok are tracking our birthdays, finger strokes, and mothers’ maiden names. How is this even legal, why is this happening, and why is it so much worse than you think? There is a simple explanation: the lack of comprehensive federal data regulation in the United States of America. Governments around the globe have noticed faulty data practices surrounding companies and subsequently passed comprehensive data regulations such as the European Union, Brazil, China, Australia, and South Korea; however, the US has not taken action. Unfortunately, there are too many problems in the sector-specific legislation and state legislatures to the corporate indignity that stops progress.
Unlike other countries, the US has a mish-mash of sector-specific laws that range from healthcare to banking to education, but not quite everything in between. There are infinitely many industries that do not have the capability to utilize sector-specific law on data, so many slip through the cracks. Unfortunately, data brokerage is one of them, so chances are, your data is already stolen through TikTok: one of the most-used apps on your phone. Did you know that your personal information may be more prone to danger in the US than in China? Well, for example, after Grindr, an LGBTQ social networking and dating app, was resold back to the US due to fears of Chinese surveillance, Catholic groups bought data from Grindr to locate gay priests. This controversial use of data raised ethical concerns regarding privacy, but ultimately, nothing can be done until sector-specific law gets passed. In addition to companies legally selling your data, your information can also be stolen. Last year, Surfshark found that the US is the most data-breached country since 2004, with over eight violated accounts per person. Stronger data regulations would force companies like Acxiom, Epsilon, and Equifax to be more careful in their transactions and more explicit with consent. However, as of now, faulty data regulations allow companies to stockpile your personal information, letting a small leak cost hundreds upon millions of accounts and billions of dollars in damages.
Unfortunately, the local AB community is no exception to this madness; Massachusetts does not have a comprehensive data protection law, so we have no failsafe for federal inadequacy. However, we are not alone in our failure because only one state, California, has comprehensive data regulations. Seven other states have enacted legislation on data regulation, but most lack something essential: the Private Right of Action (PRA). The PRA is the ability of a citizen to sue a company for a third-party leak of their own personal data. Without it, individuals can not protect themselves because only the government can investigate and sue companies for faulty data practices. The Private Right of Action is essentially the right to sue; it’s a core feature of any bill, especially in data regulation. Thus, California is the only state that takes a stand. Not only do US federal laws fall flat, the state legislation does not hold up either. Ultimately, this lack of protection in comprehensive data protection leaves citizens vulnerable and unaware that their data is being stolen.
Nevertheless, it feels like there is a simple fix. The US just has to pass a comprehensive data law in Congress. Last year, it came quite close with the American Data Protection and Privacy Act (ADPPA), which had bipartisan support and a strong vote out of committee; however, Big Tech would not let the Act happen easily and lobbied. All the major data brokers increased their lobbying funds between Q2 and Q3 of last year when the ADPPA started gaining traction within the House. Big Tech knows that a bill with a Private Right of Action would be the downfall of their corrupt practices. The same situation happened with the state data regulations as they failed to include a Private Right of Action. Consequently, the pursuit of effective data legislation seems to be at a crossroads between the need to change and resistance from industry names. In the end, data law is deeply ingrained in society, and Big Tech will never consent to change its practices.
Our founding fathers knew that legislative comprehensibility was one of the most important issues for a country because if citizens couldn't grasp the laws, they could be deceived and ensnared in an opaque system. Although the future of data law seems bleak due to inadequate regulations spanning federal, state, and private sectors, citizens can always fight fire with fire and join citizen lobbying groups to help oppose corrupt institutions. Just simply reading this article can be advantageous because it might prevent you from automatically clicking the "accept all cookies" button or granting camera and location permissions. As data governance evolves, citizen activism and awareness remain a powerful force. Always remember that you are not just your data; you are more than just 1s and 0s, and you can make your voice known.