The federal government’s role in limiting and monitoring the power and activities of the private sector has always been a hot button issue in America. The issue dates back to the nation’s inception when the founding fathers fervently debated the ideal balance between state’s rights and federal power, and what impact this division of power meant for the individual. The US, being founded on the principles of individual rights and the protection of the individual against a tyrannical government, has always grappled with the dilemma of creating a government powerful enough to protect these rights, yet not powerful enough to threaten them. The creation of the internet has deepened the complexity of this issue and created a pressing need to determine the proper balance of power between the government and the governed. The purpose of government on a local, state and federal level is to protect the constitutional rights afforded to all US citizens. However, the borderless and boundless nature of the internet has made traditional geographic boundaries relatively meaningless, leaving governing bodies at every level struggling to enact or enforce any meaningful legislation to control or punish internet actors.

            In 2016 a data mining firm called Cambridge Analytica collected the data of millions of US Facebook users, many without their explicit consent (Granville). Evidence has shown that this data was then used in an attempt to manipulate the political views of users in the run up to the 2016 US Presidential election. Once the details came to light in 2018, Congress began an investigation into Facebook’s user policy and how they were protecting and managing user data. The question was raised, what responsibility does a commercial social media business like Facebook have to its users? And what role does the Federal government play in regulating how such commercial social media businesses operate regarding such sensitive data? Facebook’s global impact is undeniable, and cannot be left unchecked by federal regulation. In the last ten years social media platforms have exploded to include millions of individual users, as well as commercial and political interest groups. The popularity of these new social media platforms has allowed groups like Cambridge Analytica to access unprecedented amounts of information. If this bourgeoning cyber eco-system is left unchecked by governmental regulation, abuse and misuse will be inevitable. The solution is to create a set of regulations that allow for free expression and an open transmission of ideas, while still protecting users from unauthorized access to their personal data. The United States is in a unique position to create a dynamic set of legislation that can then be used a blue print by other nation states, and therefore make the internet a safer, and more egalitarian environment globally.

            Privacy has always been a contested concept in the US. While it is not a concept that is explicitly enshrined in the Constitution, it has been inherently assumed to be an inalienable right. This concept is explored in Helen Nissenbuam’s book, Privacy in Context: Technology Policy and the Integrity of Social Life. According to Nissenbuam, the idea of what is considered “private” has evolved over time and across cultures (3). As the author points out, the “private sphere” has traditionally be considered to include an individual’s house, or the right to object to someone peering in your window without your consent. The birth of the internet has inflamed a serious debate regarding what privacy means in the modern day. According to Nissenbuam, “there is the unsettled controversy over whether what people post on social network sites constitutes private or public information (because it is available unprotected over the public web)” (102). As people increasing use social media platforms to share information with others, as well as store sensitive information in the cloud, the question of who has rightful access to this information has become paramount.

            The Privacy Act of 1974 began to pave the way toward federal recognition and definition of individual privacy rights. This act, “placed significant limits on the collection, use and transmission of personal information by federal agencies” (Nissenbaum, 93). In passing this legislation, the federal government recognized the need for the creation of legal protections for sensitive personal information that individuals are required to disclose to the government. Through this legislation, the federal government implicitly acknowledged that sensitive personal information inherently belongs to the individual, and not the federal agency that collects and stores it. It also acknowledged that the responsibility to protect this information lies solely with the federal agencies, or the collectors of the information. 

            HIPPA (Health Information and Privacy Protection Act) is an example of legislation passed to protect personal information by protecting medical information from improper disclosure. Not only does HIPPA protect patient privacy, but hold’s medical professionals accountable, “with civil and criminal penalties that can be imposed if they violate patients’ privacy rights” (HHS.gov). Legislation like HIPPA therefore protects individual patients by creating a system of accountability for those collecting information, but also protects medical providers by creating a clear set of rules regarding the management of such information.

            In addition to protecting medical information, banking institutions are also federally regulated when dealing with user’s sensitive data. Under the Gramm-Leach-Bliley Act, “the privacy rule protects a consumer’s ‘nonpublic personal information’ (NPI). NPI is any ‘personally identifiable financial information’ that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise ‘publicly available’” (“How to Comply with the Privacy of consumer Financial Information Rule of the Gramm-Leach Bliley Act.”). Particularly significant is the “opt –out” notice requirement. According to this legislation, financial institutions must provide notice explaining, “the individual’s right to direct you to not share her NPI with a nonaffiliated third party; a reasonable way to opt out; and a reasonable amount of time to opt out before you disclose her NPI” (“How to Comply with the Privacy of consumer Financial Information Rule of the Gramm-Leach Bliley Act.”). With the passing of this legislation, the federal government again acknowledged the right of the consumer to control the use of their personal data. Financial institutions were bound to specific rules regarding how they managed sensitive data, setting clear guidelines enforceable by law.

            However, most private sector companies are not bound by clear federal legislation. As pointed out by Nissenbaum, the ground breaking Privacy Act of 1974 “did not incorporate the private sector in its scope” (93). Through the lens of a 1970’s politician, the internet and social media would have been inconceivable. With the explosion of the internet and the rise of social media outlets, federal legislation has failed to catch up with modern technology and current federal privacy laws are ineffective in dealing with current challenges. Per Nissenbuam “informational norms evolve over time” (3).  With this evolution, the regulations must keep pace without becoming over-bearing and overly restrictive.

            The Cambridge Analytica data mining project exposed the dangers of a lack of regulation in the private sector. As mentioned previously, Cambridge Analytica is a data firm funded by a Republican donor Robert Mercer and Stephen Bannon, a crucial figure in Trump’s campaign for presidency and later a white house advisor (Granville). In 2013, Aleksandr Kogan of Cambridge created a Facebook APP asking users to answer questions to create a psychological profile. Thru this app, Kogan was able to access the data of 87 million users, many of whom did not explicitly consent to their data being harvested (Meredith). Cambridge Analytica obtained this data, and began working with the Trump campaign to create targeted political ads based on the data they had mined (Kirchgaessner).

            The Cambridge Analytical scandal has brought to light the crucial need for legislation regulating corporations like Facebook that collect massive amounts of data. Per recent investigations, Cambridge Analytica’s purpose was political. According to the New York times, “Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gained access to private information on more than 50 million Facebook users. The firm offered tools that could identify the personalities of American voters and influence their behavior.” (Granville). However, later this number was increased to 87 million. Therefore, the collection of this data was not simply to target consumers by analyzing their spending behaviors, or to gain insight into what products they may be interested. The collection and analysis of this data was specifically to be used to manipulate and sway the American people during a national election. Without legislation to ban this type of behavior, any powerful interest group could easily make contracts with large social media corporations to access their data and use it to improperly influence issues of national significance.

            Facebook became one of the first social media platforms to collect personal data of millions of people worldwide. This unprecedented collection of data by a single private business was bound to lead to major challenges and questions of management. The question becomes, what role does the US federal government have in regulating a global conglomerate like Facebook in light of the Cabridge Analytica scandal? Many free market economists would argue that the market will correct itself. Naturally there will  be situations such as the Cambridge Analytica scandal, and a successful private company will respond to consumer demand by making appropriate changes. These changes will then become the industry standard, and hence no federal intrusion into the free market is necessary. However, Facebook was aware of the misuse of millions of users data for almost two years without taking meaningful action to hold the third party app responsible, or notify the millions of users of the misappropriate of data. (Granville). Facebook, like any company in the private sector, acted in its own self-interest and in the interest of its shareholders. This lack of action by Facebook may have resulted in manipulating the views of millions of America’s during a presidential election, and may have drastically impacted the outcome. Having access to such an incredible amount of data, and having the enormous amount of influence over people’s everyday lives, Facebook can no longer be considered a normal corporate business, and must be held to a different standard regarding its data policies, therefore requiring new federal regulations.

            One compelling reason that new regulations must be enacted is that this is not the first time Facebook has faced issues regarding user information. In 2011 Facebook settled on an agreement with the FTC regarding, “charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allow[ed] it to be shared and made public” (FTC, “Facebook Settles FTC Charges That it Deceived Consumers by Failing to Keep Privacy Promises”). One of the specific charges levied against them was, “Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only”. In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.” (FTC, “Facebook Settles FTC Charges That it Deceived Consumers by Failing to Keep Privacy Promises”). In the settlement, Facebook agreed to comply with certain stipulations regarding their information policy, including being, “required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumer’s information” (FTC, “Facebook Settles FTC Charges That it Deceived Consumers by Failing to Keep Privacy Promises”). The failure of Facebook to adequately monitor the activity of a third party app like Cambridge Analytica is evidence that using the FTC to charge  Facebook with individual claims isn’t an effective way to ensure compliance.

            This is why federal regulations regarding the use of personal data by large social media platforms is crucial. The internet is trans-global, and the US needs to align its federal regulations with those of other nations who have taken on the responsibility to create laws to protect their citizens. For example, England has enacted the Data Protection Act. This act creates specific rules on how organizations, business and the government must treat personal data. The act ensures that all data is used fairly, lawfully, for a specific stated purpose, relevant and not excessive, accurate, and kept safe and secure (GOV.UK). As a result, Cambridge Analytica’s offices in London were searched under a legal warrant to investigate if the DPA was violated (Clark.) Therefore, under English laws there can be criminal consequences for the unlawful use of personal data.

            The EU has taken incredible strides to enact the EU General Data Protection Regulation (GDPR). The GDPR, which will take effect in May 2018, and, “is expect to set a new standard for consumer rights regarding their data” (Nadeau). This new legislation protects information such as name, address, IP Address, location, health and genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation (Nadeau). It also allows users to see the data a company has stored on them and how a company is using that data (Kharpal). Not only does the GDPR apply to EU member nations, but for any business presence within the EU (Nadeau).

            It is the US’s best interest to implement a similar policy as England’s Data Protection Act or the EU’s General Data Protection Regulation. In a globalized economy, US businesses will be forced to comply with these rules if they are doing business with member nations. According to some estimates, two thirds of US companies will be affected byt the EU General Data Protection Regulation (Nadeau). In light of the Cambridge Analytica scandal, the federal government must catch up to Europe and create a set of federal regulation that all social media outlets must comply with. The US has a history of cooperating with our European allies in an attempt to regulate aspects of the internet. One example is the Convention on Cybercrime which was signed by twenty three countries in 2006 (Mueller, 174). This agreement, “erect[ed] a harmonized standard for defining certain computer crimes as criminal, in order to facilitate international cooperation among law enforcement” (Mueller, 174). By creating legislation in tandem with our European allies, consistent policies can govern the behavior of international social media outlets like Facebook, and force them to take user data privacy and security seriously.

            Ultimately the US must create legislation that has immediate and enforceable consequences for those who break the law. This legislation must require that social media outlets meet certain security criteria, must notify users of any data breaches, must notify users of how their data is used, and if their data is shared with third parties. Users must be given more control over who can access their data, and must be given the explicit option to have their data sold or shared with a third party.

            Facebook was the first of its kind. In a very short time, the amount of users on its platform exploded into millions of users across the world. The huge amount of data collected was largely unprecedented. With such a vast amount of data, and a huge amount of control over how that data is used, Facebook is one of the most powerful international actors of our time. While Facebook continually claims that its main purpose is to connect people, the reality is that Facebook is a for-profit organization that generates revenue through ads. However, it is also a powerful societal force. Many individuals access their news, express their opinions, and read the opinions of others. Facebook has a unique ability to influence the thoughts and perceptions of its users. This power can be hazerdous, as in the case with Cambridge Analytica. The possibility that a data firm may have deliberately and significantly affected the outcome of a US election is disturbing. It was inevitable that Facebook’s lack of initiate to protect user data, as well as a lack of coherent federal laws governing the protection and use of personal data would lead to abuse and misuse of customer information. Now is the time for the US to establish strong federal legislation, in line with our European allies, to hold social media companies, and all private commercial businesses, accountable to the individuals who trust them with their most personal information.

Works Cited

Coaston, Jane. “Youtube, Facebook, and Apple’s Ban on Alex Jones, Explained: And Why Some on the Right are Calling it ‘Collusion.’” Vox, https://www.vox.com/2018/8/6/17655658/alex-jones-facebook-youtube-conspiracy-theories. Accessed 10/22/2018

Fausset, Richard, and Alan Feuer. “Far-Right Groups Surge Into National View in Charlottesville.” The New York Times, https://www.nytimes.com/2017/08/13/us/far-right-groups-blaze-into-national-view-in-charlottesville.html?_r=0. Accessed 10/22/2018

Mihailidis, Paul, and Samantha Viotty. “Spreadable Spectacle in Digital Culture: Civic Expression, Fake News, and the Role of Media Literacies in ‘Post-Fact’ Society.” American Behavioral Scientist, vol. 61, no. 4, Apr. 2017, pp. 441–454, doi:10.1177/0002764217701217. Accessed 10/22/2018

Molina, Brett. “Gab, the Social Network Used By Accused Pittsburgh Synagogue Shooter, Goes Offline.” USA Today, https://www.usatoday.com/story/tech/nation-now/2018/10/29/gab-goes-offline-pittsburgh-synagogue-shooting/1804582002/. Accessed 10/29/2018

Rickford, Russell. “Black Lives Matter: Toward a Modern Practice of Mass Struggle.” New Labor Forum, vol. 25, no. 1, Jan. 2016, pp. 34–42, doi:10.1177/1095796015620171. Accessed 10/22/2018

Rodino-Colocino, Michelle. “Me too, #MeToo: Countering Cruelty with Empathy.” Communication and Critical/Cultural Studies, vol. 15, no.1, Jan. 2018,  pp. 96-100, doi: 10.1080/14791420.2018.1435083. Accessed 10/22/2018

Roose, Kevin. “The Alt-Right Created a Parallel Internet. It’s an Unholy Mess.” The New York Times, https://www.nytimes.com/2017/12/11/technology/alt-right-internet.html. Accessed 10/22/2018

Shirky, Clay. “The Political Power of Social Media: Technology, the Public Sphere, and Political Change.” Foreign Affairs, vol. 90, no. 1, Jan/Feb 2011, pp. 28-41, https://www.foreignaffairs.com/articles/2010-12-20/political-power-social-media. Accessed 10/22/2018