Dr. Courtney Barclay: TikTok ban just a quick fix for weak data privacy laws in U.S.

·4 min read
A man opens the TikTok app on his phone.
A man opens the TikTok app on his phone.

TikTok, a popular social media app, has been banned from devices in U.S. state and federal agencies, staff phones within the European Union and the networks of dozens of American universities. Recently, members of the U.S. Congress called for a national ban on the social platform. These bans are in response to concerns over cybersecurity vulnerabilities, but also a concern for how the Chinese-owned company uses the data it collects on individual users.

Whether government bans are warranted, they would represent merely another patch in the piecemeal approach to privacy law that has left American consumers largely unprotected from the collection and potential misuse of their private information.

Social media companies, including TikTok, collect a lot of information about you. Some of this is obvious, such as when you enter your email, birthday and other common fields to set up an account. Some of it happens more in the background, such as tracking your internet searches, videos you watch, posts you like and accounts you follow. Even more unseen data collection occurs as some of these apps track your activity when you’re not scrolling through their feeds. This can include your location, what websites you visit and other apps you use across your devices.

Six years ago:Chinese military stole masses of Americans' data in Equifax hack, U.S. says

Dr. Courtney Barclay:Why amicus curiae briefs are a fixture at the U.S. Supreme Court

[LETTERS LINK]

Social media platforms (and other companies that collect this data) use this information to improve and personalize the user experience, as well as to target relevant ads to users. However, the massive, unauthorized data collection of personal information also could be used for any number of objectionable purposes, such as discriminatory insurance rates based on search histories about medical conditions, facilitating every variety of scams and disinformation campaigns.

Despite the mounting threat and longstanding concerns of abusive data collection practices, the United States has repeatedly failed to enact the kind of comprehensive privacy protection laws comparable to the other parts of the world.

Following World War II, there was a strong backlash against the widespread collection and misuse of personal information by authoritarian, fascist and communist regimes. European democracies enacted uniform privacy laws of general applicability, while the United States took a different approach. In the E.U., for example, you have the right to know what data is being collected, stored and used by any data-collecting entity, as well as the right to correct any inaccurate data.

In the United States, the Privacy Act of 1974 establishes fair information practices similar to the rights of users in the E.U., but it only applies to data collection by federal agencies. Private companies and state governments are not bound to those same practices.

Despite the rise of cyber attacks involving things like phishing, denial of service and malware, people often still create passwords that are easy to crack (simple numerical sequences, for instance, or personal information that might be publicly accessible, such as birthdays or street numbers) and use the same log-ins across all of their accounts.
Despite the rise of cyber attacks involving things like phishing, denial of service and malware, people often still create passwords that are easy to crack (simple numerical sequences, for instance, or personal information that might be publicly accessible, such as birthdays or street numbers) and use the same log-ins across all of their accounts.

In the absence of a generalized right to privacy, the U.S. government has recognized privacy rights only in specific areas, such as the Video Privacy Protection Act, Right to Financial Privacy Act, Health Information Privacy Protection Act, Family Educational Rights and Privacy Act, Electronic Communications Privacy Act, Children’s Online Privacy Protection Act and so many more. The 50 states have all passed their own laws addressing privacy concerns, including data breaches, hacks and opt-out marketing.

These laws have been passed in response to significant, but discrete problems that made national headlines and for which consensus grew among the American public, much like TikTok’s controversial U.S. launch and impressive market expansion. The result is a patchwork of different federal and state privacy laws and judicial precedents. Typically these legal patches are slow to apply to serious problems and fail to keep up with the rapidly evolving pace of new technology-driven threats to individual privacy and liberty.

As the debate over banning TikTok rages, the U.S. seems poised once again to fight an important battle while overlooking the more significant war on data privacy. While TikTok may raise national security concerns unique from American-based platforms, much of the rhetoric around the bans go beyond the Chinese government spying on Americans and focuses on the amount and value of data being collected without informed consent. A ban on a single platform will not solve this problem. What is needed is a federal declaration that privacy is a fundamental right and that consumers are entitled to, at the very least, minimal control over their personal data.

Several states, most notably California, have provided models for national legislation. The California Consumer Privacy Act creates a variety of consumer rights around data collection, use, sharing and retention. And these efforts are starting to effect changes in business practices nationwide as platforms adjust to comply with the new standards in states like California. A ban on TikTok may address some of the security concerns related to Chinese spying, but it fails to address the commonplace data breaches of American companies, the widespread selling of data to third parties or the potential data discrimination.

Addressing the problem of TikTok but failing to pass a federal data privacy protection law that addresses the underlying practices of the data collection industry, the U.S. government seems to say to the American consumer, “Scroll at your own risk (and everyone else’s).”

Barclay
Barclay

Courtney A. Barclay, Ph.D., J.D., is the associate dean for Academic and Faculty Affairs at Jacksonville University College of Law.

This guest column is the opinion of the author and does not necessarily represent the views of the Times-Union. We welcome a diversity of opinions.

This article originally appeared on Florida Times-Union: Scroll at your own risk, banning TikTok won't help broken privacy laws