Everyone seems anxious to help out during the coronavirus pandemic.
Google, for example, has created online reports in 131 countries to help governments find out where people have been.
The company says the published information will not include any personally identifiable information, such as the location, contacts and movements of any single person.
Google will only provide anonymous, aggregated data to show how many people visited six different types of destinations.
Google knows who has visited homes and workplaces, retail and recreation locations, grocery stores and pharmacies, parks and transit stations. It has this data for anyone who has granted permission for Google to track his or her location history.
Did you read all the fine print in the terms and conditions or did you just click “Accept” so it would give you directions or tell you where the movie was playing?
Well, too late now.
Your cell phone knows where you are, and many of your apps probably do, too, and apparently so does the government of the city of Los Angeles. Mayor Eric Garcetti publicly warned people who had congregated in parks and on beaches, “We know who you are.”
Data is an important asset for companies that do any business online. Google is an advertising company that sells audiences. There’s nothing necessarily sinister about that. Broadcast TV networks also sell audiences to advertisers, which is why professional sports command such high TV license fees. Advertisers know their customers, and if they want to reach them, they look for opportunities to put their ads in places where their customers will see them.
The difference is that TV advertising is a blunt instrument and Google is a hypodermic needle with a map of all your veins. Some people find the excruciatingly well-informed and targeted online advertising to be a little unsettling, especially if anyone else can see your screen when it pops up without warning.
Unease over data collection is one of the reasons state lawmakers adopted the California Consumer Privacy Act, which went into effect on Jan. 1. Attorney General Xavier Becerra is still working on the regulations that will implement the law, and companies that will have to comply with it are extremely concerned that they will be hit with massive fines while they’re still trying to figure out what’s prohibited and what’s mandatory
For example, the law gives consumers the right to find out what personal information has been collected about them by companies, but the companies face huge liability if they give that data to someone who isn’t supposed to have it. Should they require people to submit Social Security numbers and other sensitive data in their requests, or is that even riskier? Identity theft, phishing and every other kind of security threat are all magnified and potentially multiplied by the requirements of the CCPA.
The disruption from the coronavirus outbreak is an added challenge. In March, the Association of National Advertisers asked Becerra to delay the scheduled July 1 start of enforcement. “Businesses are understandably focused on ensuring the health and safety of their workers and maintaining economic viability in the face of immense challenges,” the ANA wrote in public comments on the regulations. “Businesses should not be penalized under the CCPA for current conduct or activities when their attention is rightfully focused on the dire and important matter of managing the novel coronavirus.”
In the United Kingdom, officials have “suspended data protection regulatory actions during the outbreak,” the ANA wrote, urging the California attorney general to follow the same approach.
But so far, Becerra is sticking with the July 1 date to begin prosecutions for violations of the CCPA and its still-unfinished regulations. Expect California’s usual savagery against businesses that have the audacity to offer goods and services to residents. “How Dare You” has replaced “Eureka” as the new state motto.
Concerns about privacy should not be limited to private companies. What we really have to watch is the collection and use of data by government entities.
Businesses use and sell data, but governments can arrest people and worse.
We should be especially concerned about relationships and contracts between tech companies and governments, including our own, during periods of exceptional cooperation in an emergency. Like now.