I just published an op-ed in the Boston Globe entitled “States can fight authoritarianism by shoring up privacy laws.” Boston Globe (Dec. 23, 2024). It’s paywalled, but I’m allowed to repost it, so here it is below. I’m working on a law review article on this topic, and I hope to have a draft in the next month or so. Please stay tuned.
Crackdowns on immigrants. Surveillance of abortion providers and abortion seekers. Harassment of critics. These maneuvers in the demagogue’s playbook would be harder to pull off with better digital privacy.
As the United States and much of the world turn back to the darkness of authoritarianism that blighted the previous century, we must remember that privacy is one of the bulwarks against the power of authoritarian governments. Unfortunately, we’re living in a more intensive surveillance society than ever before, and our privacy laws are ill equipped to protect us against government access to our personal data.
In the years to come, the federal government and many state governments might engage in surveillance and data gathering as they round up immigrants, punish people for seeking, providing, or assisting abortions, and attack gender-affirming health care. The government might use personal data in its effort to retaliate against those who stand in its way. Such efforts might be assisted by mobs of vigilantes who will use personal data to dox, threaten, embarrass, and harm anyone they don’t like — much like the way many people eagerly assisted totalitarian regimes in finding “undesirables” and rooting out and punishing dissenters.
Our best hope for protection is that legislators in Massachusetts and other states who are concerned about these risks take steps now to upgrade their privacy laws.
Writing more than two decades ago, I critiqued how digital dossiers existed for all of us — extensive repositories of personal data gathered by companies — and how the government could readily gain access to this data. The Fourth Amendment provides minimal to no protection for much of our personal data in the digital age. This is because of the Third-Party Doctrine, a misguided rule manufactured by the US Supreme Court in the 1970s that holds that whenever personal data is in the hands of third parties, people no longer have a reasonable expectation of privacy in it — and as a result, there’s no Fourth Amendment protection. The Third-Party Doctrine is especially problematic and ill-suited to our modern times, when so much of our personal data is in the hands of third parties such as credit card companies, search companies, cloud service providers, online merchants, data brokers, social media companies, and app creators.
When the government demands that companies turn over personal data and let authorities use surveillance technologies, will companies refuse to cooperate? If history repeats itself, the answer is no. Last century, many companies supplied the Nazis with the technology and information they wanted. Here at home, when the federal government demanded data from companies after 9/11, they readily turned it over — even when it was against their own privacy policies. Even companies that are not eager to cooperate often buckle under government pressure.
Unfortunately, Congress has failed to address this problem. The data broker industry is inadequately regulated. The laws that regulate government surveillance are outdated. And there are minimal restrictions on government access to personal data. Perhaps Congress didn’t see the urgency. Perhaps lawmakers thought that government was mostly benevolent, just overzealous at times. Those who warned that strong legal protections were needed because of the possibility of an authoritarian government were dismissed as Cassandras. Now it’s likely too late for federal legislation.
Unfortunately, self-help measures by individuals won’t solve the problem. Many privacy laws give people rights to delete their data and to opt out of certain uses of their data. But these rights are quite limited, and most people don’t have the expertise or time to do the necessary chores. Even when people don’t share data about their health, beliefs, ethnicity, immigration status, and other sensitive matters, AI can be used to infer this data from relatively mundane data about their daily activities.
It is long overdue that the problem of government surveillance and data gathering be addressed. Although a federal law is unlikely, there is hope by way of the states.
States can enact “data minimization” laws to restrict which personal data companies can gather and how long they can hold it.
States can regulate the data broker industry that supplies data to government entities.
States can also pass laws that restrict government access to data. These laws can’t stop the federal government, but they can stop other state governments.
States can also more strictly regulate surveillance technologies, such as video cameras and facial recognition systems. States can pass laws that require accountability and oversight and put limits on their own agencies’ use of surveillance technologies. States can also require that privacy safeguards are built into such technologies.
If a few large and powerful states passed such laws, many companies will follow the strictest laws rather than adopt a state-by-state approach.
Now is an urgent time to start thinking about the weaknesses in existing privacy laws. Privacy is one of the most essential tools for resisting the troubling abuses of authoritarianism.
Daniel J. Solove is a professor at George Washington University Law School and author of the forthcoming book ”On Privacy and Technology.”
This op-ed originally appeared in the Boston Globe as: Daniel J. Solove, “States can fight authoritarianism by shoring up privacy laws,” Boston Globe (Dec. 23, 2024).
* * *
Professor Solove’s Newsletter (free)
Sign up for Professor Solove’s Newsletter about his writings, whiteboards, cartoons, trainings, events, and more.
Pre-Order Prof. Solove’s forthcoming book,
ON PRIVACY AND TECHNOLOGY