While the advent of Internet has drastically advanced our life in a gradually globalized and networked modern world, the growing influence of Internet and technologies draws public’s concern on cybersecurity and overflow of personal data on the Internet. The two largest issues with Internet user privacy are the abuse of user data for financial value of technology companies, and the controversial manipulation of users’ online communication data for governmental surveillance. This essay discussed how does the process of public policymaking relate to these issues by applying theories of politics and public policy and policymaking model.
Upon entering the 21st century, the social collaboration in all different industries have been strengthened, creating the trend of internationalizing business, marketplaces and organizations. The deployment of Internet satisfies the needs for data exchange in these flows of goods, services and finance, and the technical means of retrieving and exchanging data are widely used and are available to ordinary individuals. While mostly the data generated from the Internet are necessary for the offer of the information service or help to manage the service, sometimes it is abused for potential economic and political value (Gutwirth, 2009).
Over the past years, sensitive personal data were repeatedly unlawfully obtained and mishandled in numerous data breaches. Most recently, sensitive personal information, including credit scores, of almost 150 million people was compromised in the 2017 Equifax data breach (e.g., Zou and Schaub, 2018) and around 87 million Facebook users were impacted by the Cambridge Analytica data scandal in 2018 (e.g., Revell, 2018). The information gap between user and the corporation due to the complexity of data collection technology can lead to the situation that users’ data are often misused unknowingly until many years later revealed by
reporters. This failure in market mechanism calls the need for public policy to strengthen regulation to protect the privacy, equality and integrity of democracy in international society.
The earliest policy formulation can be traced to decades ago, when the UN Human Rights Committee concluded that the gathering and storage of digital personal data “must be regulated by law,” and that countries should take “effective measures” to prevent this information from reaching those who would use it to abuse rights in analysis of the human right 1988. The committee also embraced a vision of a world in which people can control data about themselves, stating that everyone should be able to find out whether government bodies and private entities hold such information about them, and get that data corrected or deleted if it is wrong or was collected illegally (Vincent, 2018).
The General Data Protection Regulation is a rule passed by the European Union in 2016, set new rules for how companies manage and share personal data. First, the GDPR sets a higher bar for obtaining personal data than we’ve ever seen on the internet before. By default, any time a company collects personal data on an EU citizen, it will need explicit and informed consent from that person. Users also need a way to revoke that consent, and they can request all the data a company has from them as a way to verify that consent. It’s a lot stronger than existing requirements, and it explicitly extends to companies based outside the EU. For an industry that’s used to collecting and sharing data with little to no restriction, that means rewriting the rules of how ads are targeted online (GDPR, 2018).
Second, the GDPR’s penalties are severe enough to get the entire industry’s attention. Maximum fines per violation are set at 4 percent of a company’s global turnover (or $20 million, whichever is larger). That’s a lot more than the fines allowed by the Data Protection Directive, and it signals how serious the EU is taking data privacy. Google and Facebook could withstand a fine like that (they have before), but it would be enough to sink a smaller firm. If the new consent rules ask companies to reshape their data policies, the proposed fines give them the motivation to make it happen (GDPR, 2018).
Most importantly, the GDPR gives companies a hard deadline: the new rules go into effect on May 25th, 2018. The result has been a mad dash to adapt current practices to the new rules and avoid one of those crushing fines. Google suffered a major blow on Tuesday after European antitrust officials fined the search giant a record $2.7 billion for unfairly favoring some of its own services over those of rivals (Scott, 2017). The penalty, of 2.4 billion euros, highlights the aggressive stance that European officials have taken in regulating many of the world’s largest technology companies, going significantly further than their American counterparts. And this is an example of the market based action that the institution take to regulate the company’s action by using their profit intuitive.
However, In the US, there is no single, comprehensive federal (national) law regulating the collection and use of personal data (Jolly, 2017). In my opinion, this governmental inaction reflects how the values and preferences of governing elites affect policy development, known as the Elite Theory. In the Facebook–Cambridge Analytica data scandal, for example, the data was used to influence voter opinion on behalf of politicians who hire them. Assume that this remains unknown to the public, it would be a win-win to large interest groups, Facebook and politician in this case. It also does no harm to the nation’s economy, health or environment, therefore not a damage to any “elites” interest. Furthermore, there is very low electoral incentives to address these privacy issue by governmental officers and senators under federalism. The availability of these information to public can be very limited and largely controlled by the central government, especially in the case of governmental surveillance. That political structural deficiency would shape the policymaking as well according to Institutional Theory. And it reflects how could certain aspects of government structure empower or obstruct political interests.
These two theories can be further demonstrated by ACLU’s long fought to bring greater transparency and public access to the FISC — the secretive court that oversees the government’s surveillance programs. Foreign Intelligence Surveillance Act (FISA), which was enacted by Congress after the abuses of the 1960s and 70s and regulates the government’s conduct of intelligence surveillance inside the United States, generally requires the government to seek warrants before monitoring Americans’ communications. In 2001, however, President Bush authorized the National Security Agency to launch a warrantless wiretapping program, and in 2008 Congress ratified and expanded that program, giving the NSA almost unchecked power to monitor Americans’ international phone calls and emails. The American Civil Liberties Union (ACLU) filed its lawsuit challenging the law’s constitutionality right after this. After many years of struggle, in February 2013, the Supreme Court dismissed the ACLU’s lawsuit challenging the law.
In conclusion, the overall public policy in Europe and the US reflects the general stages of policymaking, the market-based and educational instrument government can use to make policy, and elite theory as well as institutional theory that can be applied to explain this process.
