The EU has long been a champion of data protection, but did the GDPR go too far? The regulation may not be enough to protect big data, said Alex Feinberg.
TechRepublic's Dan Patterson spoke with ex-Googler Alex Feinberg about data protection and compares cybersecurity concerns among Americans and Europeans.
Patterson: Are Americans' concerns about privacy overblown?
Feinberg: Well, I don't know that I would think that Americans have a ton of concern about privacy relative to their counterparts in Europe. Just arriving in New York City a couple of days ago, I was shocked riding the subway to hear that large bags are subject to search because in my civics class when I was 17 years old I was made aware of the fourth amendment where police officers were theoretically, or at least in the Constitution, required to present probable cause if they wanted to search my bag. Yet sitting in the subway what I found was that an announcement was made, "Your bags are subject to search". I reacted, thinking it was a little bit odd, nobody else did. And I think over time, while the elites in the United States are more and more cognizant of potential abuses of authority, either by the NSA or by other private organizations, you see a lot of the middle tier Americans just let it go, and they just let either private organizations or governments to encroach slightly more every year on data that you and I might think would be theirs.
This is very different than what happens in Europe because Europe did experience actual fascism slightly more than 70 years ago, and even more recent for some countries like Spain. A lot of people are very, very concerned with what their information will, or how their information could be used if it were in the wrong hands. We don't have to rehash the history of Germany, the history of Mussolini's rule, history of Franco's rule in Spain, but I can imagine for the people there and for their children and probably the grandparents of those regions lived through it.
Patterson: Yeah. Let's actually dive in there.
Patterson: History's an important lesson, right. There are important lessons in history. Since World War Two, Americans' and Europeans' attitudes about privacy have shifted, especially when we think about the GDPR and we think about Silicon Valley, two vastly different approaches to privacy and consumer's ability to control their destiny.
Patterson: Help us understand, take us inside a little bit of the history of, Europeans' history, with privacy and data and why has that been so important, and why does that set a precedent that impacts the rest of the world?
Feinberg: Well, 80 years ago in Europe if you were writing the wrong thing to your neighbor, you would have somebody in Jackboots knocking on your door, taking you somewhere that you didn't want to go. That's true for some segments of the American population, maybe Japanese Americans, but it's not true for the majority of Americans. And so fortunately we don't have in our history aa significant lineage or an autocratic ruler who massively abused authority in war times. I mean, yeah, Lincoln suspended habeas corpus. Yes, Franklin Roosevelt did put Japanese Americans in internment camps, but as far as country wide abuses of authority where fascist leaders looked through their private data of citizens to arrest people by the hundreds or thousands or even millions, that has not happened to date.
And so, because it hasn't happened to date, most Americans are not even cognizant of the potential for that happen. Where every European who studied their own history knows that that not only can happen, but it did quite recently. And so you could almost think that if any reaction were necessary to encroachments on privacy, it could be said that Europe has something to the extent of a PTSD-type over-reaction because they've seen it in their rear view mirror. They know what that's like. We don't know what that's like. We don't have a long history. We don't have a multi-hundred year history of warring states. We're new. We're the new kids on the block, and so we haven't learned from the lessons that other people do, so we care less. We really do care less.
And so I think what that's ultimately allowed for is Silicon Valley companies to make very, very lucrative business models harvesting user data. And because our campaign finance laws are different in the United States compared to Europe, it's much easier for those large companies to harvest user data, make a lot of money selling it to advertisers, take the profits that they're generating from selling it to advertisers, and recycle it into lobbying payments to make sure that the laws are constructed in such a way that allows them to continue to do that. That type of capital flow from corporations to government officials is much less prominent in Europe, so the likelihood for that to happen anytime soon is very low. Whereas here, it happens all the time.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- What is GDPR? Everything you need to know about the new general data protection regulaitons (ZDNet)
- GDPR: A cheat sheet (TechRepublic)
- GDPR in real life: Fear, uncertainty, and doubt (ZDNet)
- GDPR: Regulatory compliance is just the beginning (TechRepublic)