OUR PRIVACY regime is not working. This fact became painfully apparent over the past year as Americans realized how much of their information Internet companies possess and how little they have done to protect it. The most popular proposal so far doubles down on the same system that has failed. We need a better approach.
Every recent scandal about today’s technology titans has a familiar bottom line: The sites that have become inescapable features of day-to-day existence know where we live and work, what we buy and think about buying, whom we talk to and about what. They use their deep knowledge of us to make money, insufficiently mindful of any risk. All the while, most of us remain unaware.
It’s not hard to see how this happened. Privacy in the United States runs on a model of “notice and consent,” which is what it sounds like: Companies tell consumers what data they will collect and what they will do with it; consumers agree. But companies often do not tell consumers as much as they ought to, and consumers often cannot parse the disclosures anyway. Even tech-conscious users click automatically past privacy policies because they are long and complicated — and because they see no other option.
