WASHINGTON, D.C. — U.S. Sen. Sherrod Brown (D-OH) – ranking member of the U.S. Senate Committee on Banking, Housing, and Urban Affairs – delivered the following opening statement at today’s hearing entitled “Privacy Rights and Data Collection in a Digital Economy”.
Sen. Brown’s remarks, as prepared for delivery, follow:
I’m excited to be working in a bipartisan way with Chairman Crapo on protecting Americans’ sensitive personal data – an issue everyone agrees is important.
As we start to think about this subject, I hope we do it with an open mind. Technology has advanced rapidly, and we should have some humility to admit that we don’t even know all there is to know about what happens when personal information is collected on a large scale. As it turns out, personal information can be far more than your name, address and social security number. Sometimes harmless data, once it becomes big data, can reveal big secrets.
Take for example a fitness tracking app that became popular among US soldiers stationed abroad. Many of those servicewomen and servicemen tracked their daily workouts, and when the aggregated fitness tracking information became public, heat maps of common running paths revealed the locations of secure military facilities all over the world.
Even when we agree that data is sensitive, we’re often not good at protecting it.
Most of us still remember the Equifax breach that exposed the detailed financial information of more than half the U.S. adult population – information that will remain useful to potential criminals for the rest of those 147 million Americans’ lives.
The Equifax case also reminds us that we can’t fix this by just warning people they should share less personal data on the internet. People weren’t putting their Social Security Numbers on Facebook – Equifax had collected data from various sources, and in many cases people weren’t even aware Equifax ever knew anything about them.
There’s a lot of data floating around that can be compiled and analyzed in creative ways to make shockingly accurate predictions about our lives.
What you think of as your “personal data” isn’t limited to bank passwords and credit scores.
As we learned several years ago, even if you don’t have a Facebook account, Facebook builds a shadow profile of your activities, interests, and preferences from digital breadcrumbs spread by your friends and associates online.
Sometimes you may not realize that data is being monetized. Remember Pokémon Go? Did you know that businesses can pay to have Pokémon show up near them in the game, herding customers into their stores?
There’s a common saying that “if you’re not paying for the product, then you are the product.” Services that appear free make money from your personal data.
It’s not easy for consumers to protect themselves. “Buyer beware” is not a helpful warning, since most people cannot afford to protect themselves by opting out of internet services just like they cannot opt out of banking products with arbitration clauses in them.
In today’s world, telling people to look out for themselves when it comes to protecting their personal data is about as useful as telling people to look out for themselves when it comes to food safety.
We can’t tell people to avoid the internet and avoid having their data collected any more than we can tell people to stop eating dinner. We can’t abandon the people we serve when it comes to protecting them.
If we don’t take this seriously, a handful of big tech corporations and financial firms will continue to strong-arm customers into sharing their most intimate details.
So in addition to talking about ownership and control of our data today, I hope we can also talk about where government needs to step in and create rules around the appropriate uses of personal data - regardless of whether a customer opts-in. And I hope we can talk about what kind of data should or should not be collected, and for how long it should be stored.
This problem isn’t just important to our personal privacy and our economy -- it’s also critical to our democracy. As the Cambridge Analytica scandal demonstrated, a big enough pile of seemingly meaningless data can give a bad actor ways to meddle in our elections.
The Banking Committee is only responsible for one slice of the data ecosystem – I hope to work with the Chairman of the Banking Committee as well as the Chairs and Ranking Members of the other committees of jurisdiction to set some commonsense rules on the use of Americans’ sensitive personal data.