SecurityPledge: Will Technology Companies Sign Data Privacy Agreement?

Who among us is safe from Cambridge Analytica and other data gathering that pokes into our personal lives? The best answer right now isn’t a reassuring one: We're not sure and not many.

You recall, of course, it was Cambridge Analytica that surreptitiously availed itself of the personal data of tens of millions of Facebook users without their permission to use for its own, and ostensibly its clients’ gain. The scandal’s fallout has energized the debate over digital privacy and further exposed the absence of federal law on how technology companies collect and share their customers’ personal data. Now, the appropriately chastened -- not yet legally but certainly publicly -- data-driven political influence firm has sparked a group of 10 privacy and civil liberties groups to chide technology companies for failing to fully shield their customers’ privacy from such shenanigans.

SecurityPledge: The Call for Privacy

Those organizations have launched, a campaign to urge the technology industry to take “concrete steps” to protect their users. The sponsors include grassroots groups 18 Million Rising, the American Civil Liberties Union (ACLU), Color of Change, Coworker, Fight for the Future and Sum of Us.

“Many companies have for too long ignored their obligation to treat data responsibly, prevent information from being used to discriminate, and provide users’ full control over how it is handled,” said Neema Singh Guliani, ACLU legislative counsel.

Backers of the pledge are asking Internet users to endorse an open letter calling on technology companies to make the necessary technological and policy commitments to ensure their users’ private information isn’t turned against them.

“Technology can empower and grant freedoms to us all, but now our online data is empowering data brokers, ISP’s, surveillance companies, and runaway government agencies to discriminate, exploit, and limit our freedoms,” the sponsoring outfits said. “We're calling on companies to reaffirm the power of their users and to build proven security into every service, site and technology.”

SecurityPledge: Four Goals to Note

Specifically, the pledge calls for companies to:

  • Limit the amount of data they collect and give users control over how it is shared.
  • Offer end-to-end encryption by default to ensure that users’ communications are protected from corporate and government surveillance.
  • Provide users with full transparency about what data is collected, how it is used, and what measures are in place to prevent it from being abused.
  • Support legislation and policy reforms that limit government access to user data except with a warrant and judicial oversight.

The organizations behind the campaign said they will encourage users to support technology businesses that have taken these steps and avoid those that haven’t done so. The sponsors listed 20 prominent technology and telecommunications companies whose collective user count, not considering multiples, totals 12.5 billion people. None of those enterprises have signed the pledge to this point.

“Cambridge Analytica is just the tip of the iceberg, and this problem doesn’t begin and end with Facebook. If the largest tech companies take the steps outlined in the security pledge, it will change the course of human history for the better, and protect billions of people’s basic rights,” said Evan Greer, deputy director of Fight for the Future.

Washington Politicians Take Note

The pledge could indirectly gain support from some Congressional legislators. Sen. Mark Warner (D-VA) has signaled the need for Congress to consider regulating how tech companies handle consumer data. And, Sen. Amy Klobuchar (D-MN) and other lawmakers are strong proponents of digital privacy.

“We have not put the proper restrictions in place to give users control,” Amie Stepanovich, U.S. policy manager at digital privacy advocate Access Now, recently told The Hill. “These are basic tenets of data protection that a good portion of the world has written in the law and the U.S. had lagged behind.”

The European Union is slated on May 25 to begin enforcing the General Data Protection Regulation (GDPR), a uniform platform that requires businesses to adhere to a common set of rules to protect the personal data of all EU citizens.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.