22 July 2022

Examining the intersection of data privacy and civil rights

Samantha Lai and Brooke Tanner

For historically marginalized groups, the right to privacy is a matter of survival. Privacy violations have put these groups at risk of ostracization, discrimination, or even active physical danger. These tensions have long pre-dated the digital age. In the 1950s and 1960s, the government used surveillance programs to target Black Americans fighting against structural racism, with the Federal Bureau of Investigation’s (FBI) Counterintelligence Program (COINTELPRO) targeting Dr. Martin Luther King, Jr. and members of the Black Panther Party. During the HIV/AIDs epidemic, LGBTQ+ individuals were fearful that with an employer-based healthcare system, employers would find out about a doctor’s visit for HIV/ AIDS and that individuals would then face stigma at work or risk losing their jobs.

Under modern-day surveillance capitalism, interested parties can collect and monetize online data at an unprecedented scale with little scrutiny or limitation. That is why the recent overturning of Roe v. Wade highlights the urgent and pressing need for comprehensive federal privacy legislation, particularly to reduce the potential for further exploitation and manipulation of individuals who seek fair reproductive rights. Further, Congress needs to find consensus around federal privacy legislation to address other surveillance and data collection concerns, in particular commercial surveillance practices that enable discriminatory advertising, racially biased policing, and the outing or surveillance of historically marginalized groups.

Privacy and abortion rights

With Dobbs v. Jackson Women’s Health Organization overturning the precedent set by Roe v. Wade, individuals seeking abortions are put at risk by existing unfettered data collection practices. Since the ruling, many have brought attention to reproductive health apps. Used by individuals to track their menstrual cycles and reproductive health, these apps also collect data that could be used to determine an individual’s pregnancy status. Notably, in 2019, the period-tracking app Flo had to settle with the Federal Trade Commission (FTC), after selling user data to firms including Facebook and Google. Other period-tracking apps have also been known to sell data to third parties for targeted advertising.

These privacy risks also extend beyond the usage of apps designed for reproductive management. Judges have based past convictions of abortion seekers on evidence collected from people’s location data, text messages, and online activity. A company called SafeGraph sold the phone location data of 600 people who had visited Planned Parenthood clinics. In June of this year, it was also revealed that Facebook had been collecting data on individuals visiting websites of crisis pregnancy centers. Internet searches could also be used to incriminate individuals. In 2017, lawyers used a Mississippi woman’s online search for abortion drugs as evidence in a trial on the death of her fetus. In another case in Indiana, a woman was convicted based on text messages to a friend about taking abortion pills.

Without a federal privacy mandate, location, text, and app data could be subject to exposure and exploitation as a result of current controversies over reproductive rights.

Privacy and LGBTQ+ populations

For the LGBTQ+ community, many of whom do not publicly disclose their gender identity or sexuality due to potentially dangerous consequences, data collection and targeting have become critical matters of safety and equal opportunity. For example, the lax privacy policies of some dating apps have placed LGTBQ+ users at risk. A Catholic news outlet obtained Grindr’s location-based data and used it to track a phone belonging to a closeted Catholic priest, who later resigned from his position. Grindr also forwarded user data to potentially hundreds of third parties and shared HIV health data with two outside companies. Beyond dating apps, technologies such as dockless bikes and scooters collect location data that can put LGBTQ+ individuals at risk, especially if it shows that a person has been at a gay bar or LGBTQ+ activity groups. For LGBTQ+ children and teens in intolerant families, technology services such as parental surveillance tools could mean that they could be outed to their families based on their online searches or online activities.

Privacy and targeted advertising

While companies like Facebook recently announced new non-discrimination efforts, ad data can embed historical data that reflects systemic discrimination as people search or gain eligibility for certain products and services. Poorly designed algorithms can also perpetuate these biases in housing, employment, and banking ads. In 2015, researchers from Carnegie Mellon University found that Google ads’ algorithms showed higher paying job advertisements to more men than women. Facebook’s targeted advertising options allowed companies such as Uber to only show job openings to young men, excluding female, non-binary, and older male job seekers.

Such discrimination extends to housing and other essential services. Online redlining has been found among mortgage brokers who used cookies to offer higher interest rates to African Americans and Latinos based on data collected on user behavior and location. In 2019, Facebook (now Meta) and the U.S. Department of Housing and Urban Development (HUD) settled a case over the social media company not displaying housing ads to people based on protected characteristics (including race).

Privacy and religious minorities

Muslim Americans have faced increased scrutiny as many aspects of their privacy have been ignored in the name of national security. A prayer app called Muslim Pro and a dating app, Muslim Mingle, among other apps sold personal location data of their users to the US military and defense contractors. Out of 50 Muslim prayer apps, only five encrypted personal data in any way, while almost all shared data with third parties. The NYPD used digital means as well and tracked Muslims’ location data and name changes to analyze as potential signs of “radicalization.” The online surveillance of religious minorities, especially without intent, demonstrates just how widespread abuse of personal and interest-specific data is among both public and private sector actors in the existing digital economy.

Privacy and activists

Activist groups like Black Lives Matter, have been blatantly surveilled due to the lack of data privacy laws. Law enforcement officials can collect or subpoena social media and location data, undermining the civil rights of activists and protesters. During the 2020 Black Lives Matter protests that erupted after the death of George Floyd, the FBI used a geofencing warrant to collect location data of Android phones that had passed through the area near the headquarters of the Seattle Police Officers Guild (SPOG), which had been set on fire during the protests. Further, documents obtained by The Intercept indicate that the Department of Homeland Security had been surveilling and collecting data on Black Lives Matter activists since the 2014 protests. While the surveillance of Black communities is not new, the wealth of online data and lack of user privacy has exponentially grown, and without guardrails on acceptable and appropriate use, they will continue to thwart the efforts of civil society organizations.

Privacy and policing

While most current data privacy laws focus on how companies handle individuals’ data, legislators should not forget the dangerous impacts unregulated surveillance programs have on civil rights. Law enforcement facial recognition networks include over 117 million American adults and one out of four state and local law enforcement agencies. Private companies like Clearview AI, a prominent commercial provider of facial recognition technology, have been able to scrape publicly available images from websites, similar commercial companies, and various data brokers. Similarly, smart doorbells such as Amazon’s Ring and Google Nest’s Doorbell also utilize facial recognition technologies, and in some cases, partner with local law enforcement agencies who can lawfully retrieve video footage from these devices without using a warrant. Unfortunately, the misuse of such available data, coupled with a range of other surveillance tools, can result in the unlawful arrest of innocent civilians, especially Blacks and Hispanic individuals.

U.S. PRIVACY POLICY MUST TACKLE THESE USE CASES

These and other use cases point to the urgency of moving forward with privacy stipulations that ensure protection and some adherence to contemporary civil rights. To be more effective in addressing, and potentially redressing these and other consumer harms, the following might be considered as plausible conditions or contexts for any pending legislation. This includes the American Data Privacy and Protection Act (ADPPA), for which a bipartisan group of legislators released a discussion draft of earlier this year.
Improve and offer strategies for more consumer agency

Privacy advocates and civil rights organizations have developed comprehensive resources on how individuals could better protect their online privacy. The Electronic Frontier Foundation’s Surveillance Self-Defense toolkit provides comprehensive information on how individuals could maximize their online privacy by adjusting their social media and device settings, and the New York Times has concise pointers to digital privacy protections. Some key tips include:Looking through and changing social media privacy settings to limit publicly available data
Using ad and third-party cookie blockers to limit data collected from targeted advertising
Look into data collected by devices and installed apps, and change settings to limit access to location, photos, contacts, and other potentially sensitive information.

Pending privacy legislation must include both consumer outreach about these potential harms and ensure “privacy by design” in the architecture of new and emerging software, and other technologies. Doing so will both empower consumers around their online footprint and bring more consumer tools for management of their online data.
Ensure data minimization and clarity in Terms of Services

Existing terms of services are difficult to navigate. Even if users would rather not have certain applications and websites track their online activity and location data, they are often faced with problems with interpreting the plethora of agreements for specific products and services.

No comments: