Unveiling the Challenges of Internet Privacy in the Age of Big Tech Corporations
In this analysis, we'll delve into the current state of internet privacy and the issues surrounding big tech companies. With a focus on search engine giants and social media behemoths, we'll explore how these entities collect and use user data, as well as the implications this has for individual privacy rights.
Additionally, we'll consider potential solutions to these problems and the role that both government regulation and consumer action can play in protecting online privacy. In light of recent controversies and high-profile data breaches, understanding the complexities of internet privacy has never been more critical.
With the world becoming increasingly reliant on digital technology, concerns about internet privacy are escalating. Big Tech corporations, including Amazon, Google, Apple, Meta (Facebook), and Microsoft, have come under fire for utilizing unethical practices that violate user privacy. Worries persist over the Amazon Echo's potential to record conversations, Apple's willingness to surrender data to any inquirer, and Google's practice of selling user data.
Recently, Google faced legal action from 40 states for violating its users' privacy rights. The lawsuit focused on the vagueness of the company's location tracking policies, resulting in a historic $392 million settlement payment to the states. This settlement marks the most extensive internet privacy settlement in the history of the United States, highlighting the critical need for better safeguards to protect individual privacy online.
While federal action has yet to take place, individual states have taken a stand against Big Tech corporations. A coalition of 40 states, including Tennessee and Oregon, spearheaded a lawsuit against Google. The states' attorney generals accused the tech company of misleading users by continuing to collect sensitive information even after location tracking was turned off in user settings. This lawsuit is just one of several that Google is facing, with Arizona having already settled for $85 million and Washington D.C., Texas, and Indiana filing lawsuits of their own. These suits all share a common theme: concerns over location tracking policies. Despite the lack of federal action, states are taking a proactive approach to hold Big Tech accountable for their actions and protect individual privacy rights.
A recent study conducted by the Associated Press in collaboration with researchers from Princeton highlights the gravity of the issue. The study found that certain applications, such as Google Maps, could pinpoint a user's precise location, storing it in their Google account, even for seemingly innocent searches. Despite turning off the location history setting, users' data was still being collected, leading to a lawsuit.
Google is also under scrutiny from the European Union, which is taking a more stringent approach than the U.S. in its enforcement of antitrust laws and regulations surrounding internet privacy. The company is facing antitrust lawsuits and legal action from the E.U. over privacy concerns, indicating that international efforts are being made to curb the unethical practices of Big Tech corporations.
To address the issue of internet privacy, the European Union has implemented the General Data Protection Regulation (GDPR), which is touted as the most stringent privacy and security law in the world. Passed in 2016, the GDPR became effective on May 25th, 2018, and applies to any company that interacts with individuals within the E.U. Companies that violate the regulation are subject to significant fines, up to €20 million or 4% of the company's total revenue.
In 2019, Google was fined €57 million by the Commission Nationale de l'informatique et des Libertés (CNIL) for failing to obtain user consent for ad personalization, which violated the GDPR. The CNIL also highlighted Google's security risks, and consumer rights groups in Europe have targeted the company for violating user consent. The implementation of the GDPR demonstrates the E.U.'s proactive approach to internet privacy, and its willingness to enforce strict regulations on Big Tech companies that engage in unethical practices.
In contrast to the European Union's GDPR, the United States lacks a comprehensive law to safeguard user data. The U.S. has several fragmented laws such as HIPAA, FCRA, COPPA, and VPPA that have not been updated to match the current times. Unfortunately, most states permit companies to use user data without notifying them. Only three states have comprehensive privacy laws, namely California with CCPA and CPRA, Virginia with VCDPA, and Colorado with ColoPA. Unlike the EU, which regulates global companies, these laws apply only to individuals residing in these states.
The United States' inadequate consumer protection laws allow companies like Google to exploit their users. Meanwhile, the European Union's General Data Protection Regulation (GDPR) has forced companies like Google and Facebook to improve their privacy laws. Google generates a large portion of its revenue through advertising, with over 80% coming from this sector. Advertisers use user data collected by Google to target their ads, and the company sells this information to better suit users' interests. Security technologist Bruce Scheiner has criticized Google's business model, stating that it involves spying on users and using the collected data to serve ads and influence their purchasing behavior.
Google conducts auctions on search keywords, whereby it attempts to find relevant ads for a user's search and ranks them based on factors like relevance, bid, and quality. While this may sound alarming to some, to Google and advertisers, it's just another revenue-generating tool.
Advertisers use Google Analytics, a service that tracks website activity, to gather data on users. However, the CNIL found that the service may have granted U.S. intelligence agencies access to French user data and did not adequately ensure privacy when transferring data between Europe and the U.S. In response to lawsuits and settlements, tech companies like Google are changing their approach to user data. Apple has introduced a pop-up window for users to choose whether they want their data tracked by an app, and Google has set a timeline for phasing out trackers in Google Chrome. However, these measures may not fully protect user privacy.
Google has announced a plan to gradually phase out cookies in their Chrome browser by 2023 in an effort to address privacy concerns and comply with regulations. The plan aims to find a balance between collecting data and being non-intrusive. Meanwhile, Apple has implemented a pop-up window that allows users to choose whether or not their information is tracked by an app. Apple also requires apps to disclose what data they collect, which reveals that Gmail collects a significant amount of data compared to other popular email apps. Though Google claims not to use this information for advertising purposes, regulators and privacy-conscious individuals remain concerned.
As people become increasingly reliant on technology, companies such as Microsoft, Apple, Amazon, and Google must be held accountable by both governments and consumers to protect their rights. While Google and Facebook have made some strides in improving their data tracking, such as Google's plan to eliminate cookies and Facebook's efforts to restrict third-party access to user data, these actions are only the bare minimum. Although the U.S. federal government has yet to catch up to the issue, many states are working on creating comprehensive privacy laws and actively pursuing action against these tech giants. Meanwhile, the E.U. is enforcing the GDPR to prevent companies from breaking the law. Security technologist Schneier emphasized the importance of breaking up large tech monopolies and deciding which surveillance models are ethical and align with the values of society.
The inadequate state of consumer protection laws in the U.S. enables tech giants like Facebook and Google to exploit users. These companies have been compelled to revamp their privacy policies to comply with the E.U.'s General Data Protection Regulation (GDPR), while the U.S. has antiquated and fragmented laws that require modernization to align with the E.U.