Imagine knowing how much your personal data is worth to Big Tech. Or how little.
That’s the idea behind legislation set to be rolled out Monday that would require large tech companies like Facebook and Google to put a price tag on the information they collect from users. Such data — app usage, locations, relationship statuses, and more — comprise the core of tech platforms’ highly lucrative and largely opaque business models.
The proposed bill would give users a peek under the hood. And tech critics say that could be a crucial step toward holding Silicon Valley giants accountable for data breaches that have grown increasingly common in recent years.
“The consumer protection and privacy laws in the U.S. require you to prove harm,” said David Carroll, an associate professor of media design at The New School. “But it's really hard to say that money was stolen from you, because you can't put a price tag on data — even though Wall Street and investors and VCs put a price tag on data. The law just doesn't seem to yet.”
Facebook’s Terms of Service include a clause that limits its liability for security lapses, and the company has argued in court that any damages from such breaches are largely speculative.
But a price tag on user data could provide a bit more clarity to such debates. Sponsored by Sens. Mark Warner (D-Va.) and Josh Hawley (R-Mo.), the new bill would also mandate that large tech companies disclose the types of data they collect and give users the option to delete them.
“For years, social media companies have told consumers that their products are free to the user,” Warner said in a statement. “But that’s not true — you are paying with your data instead of your wallet.”
The Securities and Exchange Commission would be charged with figuring out how to calculate the value of information for individual users. That might be easier said than done.
“You are paying with your data instead of your wallet”
Advertising business like Facebook and Google do hold real-time auctions where brands bid on the opportunity to target highly specific segments of users. And Facebook alone reported that it raked in nearly $35 in average revenue per user in the US and Canada in the fourth quarter of last year.
But that’s an aggregate value of both the user base’s cumulative data and the company’s various ways to monetize it. On an individual level, personal information may be far less valuable. It could also carry vastly different dollar amounts depending on which company uses it, and how.
“My address and purchase history is worth a lot to an e-commerce company, nothing to a healthcare company,” Antonio García Martínez, an author and former product manager of Facebook’s ad targeting team, tweeted in criticizing the proposal. “The whole thing seems impractical.”
The Senate proposal mimics certain aspects of the California Consumer Privacy Act that is set to go into effect next year. That state-level statute not only requires companies to disclose what information they hoover up but also gives users the opportunity to opt out of such data collection for a fee up to the value of said data.
To Ashkan Soltani, formerly a senior adviser in the Obama White House and chief technologist at the FTC, the idea that regulators can’t figure out how to price user data represents circular and ultimately self-serving logic from tech companies. The solution is to compel transparency.
“There's a tradeoff you're making in using these services,” said Soltani, who advocated the California privacy law. “The people who are in the best position to know what the tradeoff is are at these companies. And that doesn't seem fair.”
The proposed regulations Silicon Valley rolled out in recent months are largely aspirational; no such laws are likely to pass a Republican-controlled Senate. But they do point to what appear to be slow-emerging areas of focus for lawmakers in the future: more transparency for political ads, stricter enforcement mechanisms for content moderation, and more.
Some tech giants have signaled that they’re open to new regulations — and in certain cases they're taking proactive steps to preempt them. In April, the European Commission announced that Facebook had agreed to accept some liability for future data breaches like the Cambridge Analytica scandal last year.
Additional laws could have the unintended effect of cementing big companies’ dominance. A Wall Street Journal report last week suggested that landmark privacy legislation in the European Union, GDPR, is pushing more advertisers toward Facebook and Google. Such huge firms have far more resources to comply with new laws than their smaller counterparts do.
As for the proposal unveiled in the Senate on Monday, Facebook spokesman Andy Stone told VICE News, “We look forward to continuing our ongoing conversations with the bill’s sponsors.”
Cover: In this April 30, 2019 file photo, Facebook CEO Mark Zuckerberg, left, makes the keynote speech at F8, the Facebook's developer conference, in San Jose, California.