In early April, Facebook Inc. Chief Executive Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg set out on media tours to address a breach that allowed Cambridge Analytica Ltd., a data firm with connections to President Donald Trump’s 2016 campaign, to harvest the data of nearly 87 million users.
In an April 6 interview with NBC, Sandberg said Facebook wouldn’t be offering users the option to completely opt out of data-driven targeted advertisements, because otherwise people would need to pay to use the social network.
But a Morning Consult poll shows that most U.S. adults (63 percent) said they would be unwilling to give a company access to their personal data for targeted advertising to keep a service free.
The survey, conducted May 18-21 among 2,204 adults, showed that of the adults between the ages of 18-29, a 48 percent plurality said they would not be willing to give up their data, while 32 percent would be willing. The older the respondent, the more likely they were to say they are unwilling to give access to their data. The poll’s margin of error was 2 percentage points.
The survey also showed that 79 percent of all adults do not want companies to share data with other entities in order to advertise to them online. Adults between the ages of 18-29 were the only ones to fall below that level, with 67 percent saying they don’t want companies to share data with third parties.
The European Union begins implementing its General Data Protection Regulation, or GDPR, on Friday, which will change the way all companies that conduct business in EU member countries can collect, store and process user information data, with a big push to require consent from users before sharing their data with third-party app developers.
Similar regulations have been brought up in Congress. Days after Zuckerberg testified in front of Congress on April 10 and 11, House Minority Leader Nancy Pelosi (D-Calif.) tapped fellow California Democratic Rep. Ro Khanna, who represents the state’s 17th Congressional District, in Silicon Valley, to draft what’s being called an Internet Bill of Rights, which would outline an internet user’s right to data privacy and appear on the homepage of a company’s website.
“The key for the United States is to strike a balance,” Khanna said by phone Wednesday. “The GDPR, I think, goes too far. If you go and try and buy something on a European website, you will have to click about 25 times anytime you see an ad, anytime you see a pop-up box, and I think American consumers would find that pretty frustrating.”
On the other hand, Khanna said, U.S. websites have user agreements and nothing more. He also said creating any sort of online data regulations “absolutely will” be a priority if the Democrats take back a majority in the House of Representatives in the November midterm elections.
“This is why we’ve come to Congress,” Khanna said. “This is a significant part of people’s identities, and what they’re looking for Congress to do is say, ‘Our Bill of Rights, our constitutional values, should be embedded in the cyber world.’”
The question is whether or not the American attention span will hold out until a new congressional term starts. Eleni Kyriakides, international counsel at the Electronic Privacy Information Center, thinks it will.
“This might be a particular moment in time, but Americans cared about privacy long before Cambridge Analytica, too,” Kyriakides said by phone Thursday. “There’s a lot of momentum not just here in the United States, but around the world. The GDPR is only just the beginning.”
As Jennifer King, director of consumer privacy at Stanford University’s Center for Internet and Society, points out, timing is everything.
She said it is “an incredible coincidence” that the news about the Cambridge Analytica breach came out around the same time that GDPR was getting ready to be implemented “because it has shone the light on the threat third-party data collectors pose in the ecosystem,” she said Monday by phone.
In a statement, a Facebook spokesperson said Wednesday that the company is offering all Facebook users the same privacy controls and settings, no matter where they live, as it updates the platform to become GDPR compliant.
King also said the implementation of the GDPR on Friday could further inspire American interest in privacy regulations. Those traveling to Europe could find they enjoyed the user experience online so much, for example, that they start relying on virtual private networks, or VPNs, more to replicate the interface when they’re back in the States.
“It’s interesting to see that we have the GDPR coming in to play at a time when we’ve just had a huge incident blow that up in a way that nothing else has before,” King said.