Brendan Eich, the CEO of Brave, has written a letter to the U.S. Senate Committee on Commerce, Science and Transportation urging them to implement GDPR-like legislation in the United States.
GDPR stands for General Data Protection Regulation and works to secure the data and privacy of all individuals within the European Union (EU) and the European Economic Area (EEA). In addition, it addresses the exporting of personal data outside these two organizations. GDPR seeks to give individuals control over their personal information and simplify the regulatory atmosphere for international business ventures.
Based in San Francisco, Brave is a new kind of browser that allegedly offers users faster speeds and stronger security by blocking trackers and advertisements. In his letter, Eich describes GDPR as a “great leveler” and says it has allowed many new businesses in Europe to flourish by preventing larger, more established corporations from disadvantaging them.
“The GDPR’s principle of ‘purpose limitation’ will begin to prevent dominant platforms from using data that they have collected for one purpose at one end of their business to the benefit of other parts of their business in a way that currently disadvantages new entrants,” Eich writes.
“In general, platform giants will need ‘opt-in’ consent for each purpose for which they want to use consumers’ data. This will create a breathing space for new entrants to emerge.”
Eich says GDPR-like standards have been adopted in several countries around the world including China, Brazil, Japan, India, South Korea and Argentina. Together, these countries make up roughly 51 percent of the world’s overall GDP and have experienced higher levels of efficiency and innovation in their business markets.
Eich believes that should the U.S. move in a similar direction, the country can keep its competitive edge and affirm its reputation as a leading global tech hub.
Furthermore, he suggests that GDPR-like protocols will establish greater trust within the United States between businesses and customers, as it is not necessary to track people’s movements online: the main reason for doing so is simply to generate ad-based revenue from the sites customers visit. Since late 2017, approximately 615 million devices built to block ads and tracking have been activated, suggesting a growing level of unease and distrust amongst everyday consumers.
“A GDPR-like standard in the United States will establish the foundation of trust to enable innovation and growth,” he writes. “This certainly applies in our own online media and advertising industry. Contrary to some of our industry colleagues, I believe that it is not tenable for any platform, publisher, technology vendor or trade body to claim that they must track people to generate revenue from advertising … Trust will only return as the GDPR-like laws begin to curtail the online advertising industry’s worst practices.”
Tracking movements to garner ad revenue occurs through a process known as online behavioral advertising (OBA). Data is collected from all the sites a consumer visits. Ads are then selected for display to the consumer based on his or her past maneuvers. Eich says OBA occurs via several third-party networks operating quietly through “opaque processes” with no central authority to be held accountable. In other words, this is a form of “behavioral tracking,” and he questions how ethical and safe it really is.
Recently, Eich filed privacy complaints in both Britain and Ireland against internet giant Google for playing “fast and loose” with customers’ private data. In his initial complaint, Eich said that Google offers intimate data about its consumers to several hundred companies without their knowledge to auction and place ads. He claims this goes against GDPR requirements that personal data be processed in a way that all consumers remain secure.
In addition, Facebook was at the height of scandal earlier this year when it was revealed that data firm Cambridge Analytica had gathered private information on millions of social media users without their knowledge and used it for political purposes. Cases like these are suggestive that tech companies have garnered too much power, and user data is usually under threat of being compromised.
Interestingly, GDPR also offers a “right to erasure” clause, in which a subject’s collected data is immediately erased from a company’s records granted the information was gathered unlawfully, is no longer needed, or the subject in question withdraws consent for the data to be used. This could present issues for blockchain-based companies, as all information on the blockchain is recorded in real-time to ensure irrefutable evidence of transactions and other relevant data.
At the same time, one of the primary requests among investors who engage in crypto-transactions via the blockchain is improved privacy and anonymity. Heightened usage of privacycoins like Monero and Zcash are proof of this, which means statutes similar to those of GDPR could be in line with the ideologies of privacy-focused blockchains.
GDPR is based on standards the United States initially endorsed back in 1980 through legislation known as the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. This legislation included a definition of the term “personal data” similar with that offered by GDPR. Also, the Federal Trade Commission (FTC) has been fighting for GDPR-like features for over 10 years.
Brave as a company stands to gain little, if anything, directly from GDPR-like legislation being implemented in the United States. While the Brave browser protects user privacy and restricts advertisements, GDPR-like legislature would simply push forward what Eich and his company already believe: users deserve privacy over their online data. Eich’s letter reiterates that societies around the world are shifting toward a paradigm with a level playing field on the internet and that the United States should follow suit.
Image credits: CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1224378 and Darcy Padilla — CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=31783773