It’s Time for Privacy Legislation to Protect Baby Boomers From Big Tech

It’s time to fight back against Big Tech’s war on privacy. As Congress holds a series of hearings on the abuse of market power online, it’s time for the U.S. government to intervene with legislation that protects consumer privacy against the onslaught of digital threats.

As we age, our privacy and security risks rise. The baby boomer generation is now the most targeted by scammers, and those in the “sandwich generation” have the triple burden of protecting themselves, their children and their elderly parents. Members of this generation are among the most prolific users of Facebook, and they also have substantial financial resources that are attractive to advertisers (and to criminals).

The No. 1 thing legislation needs to do is to require more transparency. When you log into a site like Google, for example, it should be clear – to everyone, not just to the savviest consumer – that your information is being collected and monetized. And there needs to be an easy way to opt out. This shouldn’t be embedded in a complex set of privacy settings and controls. Even someone logging onto the site the first time should easily be able to understand the implications.

Google recently reiterated its commitment to phasing out the use of cookies for tracking consumer behavior. On the face of it, this sounds like a very positive and progressive step forward to address consumer privacy concerns. However, Google plans to adopt and use more modern, more effective technologies for aggregating consumer data to build profiles for even more effective targeting of their advertising. Given this, it is hard to see how these modest steps by Google are sufficient to address the privacy needs of their users.

Further, with baby boomers increasingly using social media like Facebook and Twitter, they’re vulnerable to identity theft that can cost them thousands of dollars out of pocket. According to data released earlier this year by the Federal Trade Commission, identity theft reports in 2020 tripled from 2018, with the amount of money lost rising incrementally with age starting at age 30. Those ages 50 to 59 lost a median amount of $325, for example, and those ages 60 to 69 lost $436.

Privacy and identity theft (when someone fraudulently applies for a credit card in your name, for example) are inseparably linked. Every time a consumer searches in Google, buys a product on Amazon, posts on Facebook or asks Siri a question, it’s yet another data point that is collected on that consumer. That data is then aggregated into extensive profiles on consumers. But because the big technology companies aren’t fully transparent with what they’re doing with this data, most consumers are unaware that these practices are occurring, and unaware that there are ways that they can choose not to have their data collected. This is why transparency, informed consent and choice are critical issues for Congress right now.

Most people actually know they’re at risk — but they don’t necessarily know in what ways, or what to do about it. IDX’s 2019 Study on Social Media Security and Privacy Concerns found that more than three-quarters of adults believe they are at risk when it comes to their security on social media. But privacy settings that limit data collection on platforms like Facebook, for example, are complicated – probably because making it simple would cause Facebook to lose profits, based on their business model. Solving our country’s security and privacy crisis will take a two-sided effort between government legislation and consumers who take control of their personal information.

I’m not a big believer in government regulation when it doesn’t absolutely have to happen. But when it comes to privacy, we need government protection. It should be illegal to monitor someone’s digital space the same way it’s illegal to peek through their windows at night. Devices like Alexa, for example, listen 24 hours a day, seven days a week, and those recorded conversations are then analyzed to improve AI and voice recognition technology.

There has been significant movement toward the goal of giving consumers their rights to digital privacy, in Europe with its General Data Protection Regulation and in California with the California Consumer Privacy Act. But consumer privacy protection needs to be ubiquitous and uniform throughout the United States – the same way that when you buy a pack of cigarettes, no matter where you are, that pack is marked with a cancer warning. An inconsistent fabric of state privacy laws just doesn’t provide the broad and consistent privacy protections that Americans require. This is why federal privacy legislation is needed.

As the CEO of a privacy technology company, I am a big supporter of tech innovation and what technology can do for our country – like the amazing advancements in telehealth during the pandemic. But that innovation shouldn’t mean putting Americans at risk – affecting not just their financial well-being but their emotional well-being as well. The Identity Theft Resource Center has warned that the stress of identity theft can take a major emotional toll. And coping with stress becomes more difficult in older age, according to a Harvard Health report.

The core group of internet users – those in late middle age with both children and parents to watch out for – are the most at risk. Big Tech must commit to transparency of how the private data of their consumers is collected and used, so that users can choose how they protect their privacy on these platforms. This kind of change won’t come about without federal legislation.


Tom Kelly, a Silicon Valley serial entrepreneur and an expert in cybersecurity technologies, is president and CEO of IDX, a Portland, Ore.-based provider of identity protection and privacy services such as IDX Privacy.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Morning Consult