I remember the first Data Privacy Day in 2007. This blog had started in 2006, and I was so excited about Data Privacy Day that I spent time every day searching for relevant events that I could point readers to. I even tried my hand at making a graphic for the day that said, “If you collect it, protect it.” I know, I know….
My first Data Privacy Day posts are not available on this site as they were on a non-WP site that I archived offline in 2009, but my naive excitement is something I will always remember.
It’s now more than a decade later. There seem to be fewer Data Privacy Day (or Data Protection Day) events. Or maybe I just stopped looking for them as much. I think I became somewhat jaded from waiting year after year, wondering if this would be the year when we finally get a strong federal consumer privacy law. Each year, it feels like things have gotten worse — not better — and if you doubt that for a minute, just look at what has gone on and what is going on with Facebook, Cambridge Analytica, biometrics, Clearview, and other companies that are collecting and selling massive amounts of your personal data. Or just read the daily news stories about misconfigured databases exposing personal and sensitive information. Things haven’t gotten better in terms of data protection if we now have huge stores of data in the cloud that are misconfigured and indexed so that we can find exposed files.
And now we also see major businesses are able to acquire your personal health information from healthcare systems.
Then there’s the fact that in 2009, this blog and I were sued for protesting some media psychologists who were speculating publicly about a celebrity’s mental health problems. Their suit got nowhere on two coasts thanks to some great lawyers who volunteered to represent me and this blog. But fast forward one decade from that, and I have now been sued civilly in India and there’s an injunction against me and my other site that says I can’t even tell you about a really really serious data leak that 1to1Help.net in India had. I’ve told you about it anyway, but I may never be able to travel to India because that company was so desperate to cover up their data security incident that they ran to a court there, told them a story that is demonstrably false, and got an injunction against me. One of the law firms that helped me in 2009, Covington & Burling, is assisting me again, but they cannot represent me in India. Nor should I need representation in India for reporting on a privacy breach. 1to1Help.net screwed up. They need to own it, be transparent about it, and stop trying to shoot the messenger.
If journalists cannot responsibly report privacy breaches that impact the public, we all need to be very afraid.
There have been some rays of hope, though. One is that companies need to comply with GDPR, and that gives even us Americans some more protection, at least in principle, although I’m not sure how much actual compliance there has been. A second ray of hope has been California’s more protective legislation, as some companies are moving to comply with it nationwide rather than have different policies and methods for different states.
Can we make more significant progress, though? Yes, but it’s still an uphill battle as I don’t see where we have really gained more consumer advocates in Congress, do you? Or not enough to pass strongly protective bills.
So I’ll read the news today and continue posting privacy news developments and warnings to this blog. But until Data Privacy Day is *everyday,* and until press freedom organizations rise up to strongly denounce companies that try to cover up their data leaks and who try to criminalize journalism, I fear we are not going to see a lot of progress.