I’ve been committed to the field of privacy for 3 decades, and I’ve had the pleasure to mentor multiple generations of smart and committed people to the field. But I can’t remember a time when the profession felt more disempowered and disrespected than now.
Where have all the senior privacy leaders at Big Tech gone? Virtually all the Big Tech companies have lost (or fired) their most senior privacy leaders this year. The most senior privacy leaders at Microsoft, Google, Facebook, and Apple have all exited this year, or recently. These are the companies that process vast amounts of personal data, so it’s not a minor question to ask why they’ve lost their most senior privacy leaders. Undoubtedly, each person who exited their employer will have their own story, and I won’t tell it, even if I know it. But if these companies have lost their most senior privacy leaders, who is left there to ensure that these companies respect their users’ privacy?
The privacy leaders of my generation (and I knew them all) all shared one characteristic: they advocated for good privacy in their organizations internally, and they worked collaboratively with regulators to find solutions when required. But perhaps the collaborative model is no longer the fashion in Silicon Valley: perhaps the truculent, cage-fighting ethos has the ascendancy, reflecting the personalities of some of its leaders: media-hungry, kick-boxing, “I am Caesar” and anyway, I have a survivalist bunker in case it doesn’t work out. In that world, you don’t want privacy leaders, you want privacy litigators. Privacy litigators can make an easy meal of the average privacy regulator, who have tiny technical and litigation resources.
Privacy only makes sense as a human value, since its only purpose is to protect the autonomy and dignity of an individual human being. In an age when Big Tech fires many thousands of workers (in the name of “efficiency”), often without warning, by email at 2 am, with immediate effect (I don’t need to name names, do I?), it’s fair to ask what respect they have for individual human beings. If you don’t respect your own employees as human beings, why would you respect your users, or their or anyone’s privacy?
Try to read a privacy policy, when you randomly click on some website. It will inevitably begin with the phrase: “We care about your privacy”. Then it will go on to list the innumerable ways that they plan to violate your privacy, to track and profile your data, and to share it with hundreds of their “partners”. You cannot possibly understand these privacy statements, and neither can I. They’re not designed to explain privacy practices: they’re designed to create a veneer (or fiction) that their companies’ data collection practices have been disclosed, and that users have somehow “consented” to them. Of course, you can’t consent to something that you can’t understand, but a click looks like consent, so that’s all these companies are seeking. The latest atrocity is the attempt by sites to ask you to consent to tracking your “precise location”. Usually this phrase is buried innocuously deep inside the privacy statement. If you are dumb, or bored enough, to click “I accept”, these companies will track your precise location (within meters) every time they encounter you on the web, and share that with their hundreds of partners, and store your precise locations forever, and heaven knows what they’ll do with that. Nothing creepy there?
No comments:
Post a Comment