In July 2019 the EDPB promulgated guidelines for interpreting the GDPR with regard to video data. These guidelines contain the normal GDPR balancing test. As with all data collection within the GDPR’s purview, there must be an important and documented reason (compelling reason) to gather the data (in this case video feeds and still camera images) pursuant to Article 6 (1) (f) of the GDPR. Next, the data collector must demonstrate that the need to collect the data outweighs the data subject’s right to not have the data collected. For instance, a data subject might not expect to be filmed trying on clothes but would expect to be surveilled in a jewelry store. Finally, the data collector must demonstrate that there is no other way to safeguard the stated compelling reason other than by usage of the video data.
Sound familiar? It should because it is basically the same test that the Supreme Court uses in protecting fundamental rights. Privacy as we all know is not in the Constitution of the United States. However, privacy was found in Griswold v. Connecticut to be inherent in most of our critical amendments to the Constitution.
The foregoing cases suggest that specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance. See Poe v. Ulinan, 367 U. S. 497, 516-522 (dissenting opinion). Various guarantees create zones of privacy.
Griswold v. Connecticut, 381 U.S. 379, (1965).
The Court stated the test that limitation of such a fundamental right must overcome:
Such a law cannot stand in light of the familiar principle, so often applied by this Court, that a “governmental purpose to control or prevent activities constitutionally subject to state regulation may not be achieved by means which sweep unnecessarily broadly and thereby invade the area of protected freedoms.”
Griswold v. Connecticut, Id.
So could EU’s framework work in the United States? I am not sure. For one thing, data collection and the sale of data is an important industry in the United States. According to “The Great Hack” on Netflix data is worth more than oil or gold. That is stunning!
The other problem I foresee is that the enactment of data privacy regulation will have to be at the Federal level. For instance, California’s Consumer Privacy Act is modeled almost entirely on the GDPR. But how will companies headquartered in California such as Google and Facebook handle data collected regarding California residents and data collected regarding residents of states with no Consumer Privacy Act? It seems fraught with difficulties…should California be able to set the state of privacy law for the entire nation? Definitely not!
Returning to the video surveillance guidelines promulgated by the EDPB, video surveillance is scary stuff. Recently, the news contained a story about how Google has possibly been helping China engage in video surveillance “shaming.” Jaywalkers images are flashed on large television screens in Beijing. It is part of China’s social rating of its citizens.
So clearly, we need data privacy protection. The ironic part is that governments are excluded from the recent video surveillance guidelines. So what is happening in China could possibly happen in EU countries despite the GDPR?
But what if data collection and usage were not subject to government oversight but rather to capitalism. What if you could choose to have laws such as the GDPR protect your data collection or choose to allow it to be used for enumerated purposes and you were paid a substantial sum for its usage. Almost like a copyright, every time your data is processed, analyzed or sold, you would receive a fee.
Monetization of data collection at the individual level would make compliance with the GDPR and its like easier and cost effective. Monetization would level the playing field for the individuals making them an equal in the data collection industry instead of playing defense like the GDPR’s posture.
The term Data Monetization is usually associated with business collecting data and selling it to a third party or using it to increase the business’s own bottom line. What I am proposing is to take it a step further and put the actual individual into the monetization game.
Instead of fighting the inevitable gathering of personal data by businesses and governments, let’s work with it. The genie cannot be put back in the bottle. The election of 2016 in the United States and the English vote on Brexit are the writing on the wall. We cannot stop the collection of data and maybe we shouldn’t even try.
Bloggers and YouTube personalities already make a living off sharing their personal lives. A similar GDPR law in the United States would have a chilling effect on those booming industries. How can a blogger know what speaks to his or her audience without gathering data from those individuals that follow the blogger’s posts?
I don’t think regulation is the overall answer. Let capitalism work its magic and then let regulation fill in the holes that capitalism exacerbates or fails to solve.
This is my first post on this subject and I welcome comments and suggestions to these ideas. All opinions are welcome!