“Data privacy” is one of those terms that feels stripped of all emotion. It’s like a flat soda. At least until America’s failures to build even basic data privacy protections carry flesh-and-blood repercussions.
This week, a top official in the Roman Catholic Church’s American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went.
I know that people will have complex feelings about this matter. Some of you may believe that it’s acceptable to use any means necessary to determine when a public figure is breaking his promises, including when it’s a priest who may have broken his vow of celibacy.
To me, though, this isn’t about one man. This is about a structural failure that allows real-time data on Americans’ movements to exist in the first place and to be used without our knowledge or true consent. This case shows the tangible consequences of practices by America’s vast and largely unregulated data-harvesting industries.
The reality in the United States is that there are few legal or other restrictions to prevent companies from compiling the precise locations of where we roam and selling that information to anyone. This data is in the hands of companies that we deal with daily, like Facebook and Google, and also with information-for-hire middlemen that we never directly interact with.
The Internal Revenue Service has bought commercially available location data from people’s mobile phones to hunt (apparently ineffectively) for financial criminals. U.S. defense contractors and military agencies have obtained location data from apps that people use to pray or hang their shelves. Stalkers have found targets by obtaining information on people’s locations from mobile phone companies. When Americans go to rallies or protests, political campaigns buy information on attendees to target them with messages.
I am exasperated that there are still no federal laws restricting the collection or use of location data. If I made a tech to-do list for Congress, such restrictions would be at the top of my agenda. (I’m encouraged by some of the congressional proposals and pending state legislation to restrict aspects of personal location data collection or use.)
Most Americans by now understand that our phones are tracking our movements, even if we don’t necessarily know all the gory details. And I know how easy it can be to feel angry resignation or just think, “so what?” I want to resist both of those reactions.
Hopelessness helps no one, although that’s often how I feel, too. Losing control of our data was not inevitable. It was a choice — or rather a failure over years by individuals, governments and corporations to think through the consequences of the digital age. We can now choose a different path.
And even if you believe that you and your family have nothing to hide, I suspect that many people would feel unnerved if someone followed their teenager or spouse everywhere they went. What we have now is maybe worse. Potentially thousands of times of day, our phones report our locations, and we can’t really stop them. (Still, here are steps we can take to tone down the hellishness.)
The New York Times editorial board wrote in 2019 that if the U.S. government had ordered Americans to provide constant information about their locations, the public and members of Congress would likely revolt. Yet, slowly over time, we have collectively and tacitly agreed to hand over this data voluntarily.
We derive benefits from this location-harvesting system, including from real-time traffic apps and nearby stores that send us coupons. But we shouldn’t have to accept in return the perpetual and increasingly invasive surveillance of our movements.