I think of her every time a privacy advocate friend takes a job with a huge data-guzzling firm, always ardently believing their hiring proves that their new employer really cares about privacy. From there, either they become assimilated into defending practices they used to excoriate, or they quit in frustration. Usually, the latter. It is this experience that Northeastern University professor Ari Ezra Waldman documents in Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power, for which he embedded himself in three (unnamed) companies in order to document how privacy laws play out in real-world practice. From this vantage point, he attends meetings and watches as his chosen companies design and release products, write privacy policies, and brief politicians and lobbyists. Cloud computing security: Five things you are probably doing wrong Waldman’s findings in the book, described in a recent talk at the Computers, Privacy, and Data Protection (CPDP) conference, are depressing – especially for those who have spent large parts of their careers ushering data protection and privacy laws into existence. “An army of foot soldiers, who ironically see themselves as part of the resistance,” is what he calls the legions of privacy professionals on whom Silicon Valley CEOs depend for a privacy-friendly veneer over the manipulation and deception that are endemic in today’s apps and online services.
Information capitalism
Over and over again, Waldman sees engineering and design teams exclude the privacy personnel he watches, while the privacy teams themselves spend enormous effort writing the kinds of policies that none of us want to read. Does their work “performing accountability” eventually result in consumer-friendly changes to products? Well…no. All the impact assessments in the world are insufficient to stop these companies from putting out products that default to “dark patterns” or change the relationship they have built between collecting data and generating profits. SEE: Cloud computing security: Five things you are probably doing wrong “Information capitalism,” as Waldman calls it, survives the entire process of legal compliance unchanged. It has assimilated the privacy laws and normalised warping the laws’ intent to serve its own interests. Often, the laws themselves don’t help as much as they should. Vaguely written clauses enable businesses to stay inside the law without really changing their data extraction practices. What’s needed in such cases, Waldman writes in a chapter on how to make changes, is unequivocal bans. No amount of tweaking, for example, will make facial recognition benign, and someone whose life has been damaged by a decision made by an algorithm is not sufficiently protected by a law that gives them the right to understand how the decision was made. In addition, privacy law could learn from other sectors such as securities law, which specifies standards for independent audits and oversight. No-one wants to blame well-meaning, highly-trained professionals who are doing their best. But, Waldman concludes, the reality is that information capitalism survives in part because of the efforts of today’s privacy professionals. Next time a friend says they’re taking one of those jobs, get them to read Waldman first. RECENT AND RELATED CONTENT How to delete your Twitter account and protect your data The best encryption software: Protect your data UK privacy watchdog fines Clearview AI £7.5m and orders UK data to be deleted Murena, the privacy-first Android smartphone, arrives Meta updates privacy policy with more detail about what data it collects Read more book reviews
Human-Centered AI, book review: A roadmap for people-first artificial intelligenceFour Internets, book review: Possible internet futures, and how to reconcile themCogs and Monsters, book review: Retooling economics for a digital worldA Biography of the Pixel, book review: The life and times of ‘digital light’Don’t Look Up, movie review: Smart, funny and depressing
