In an age in which social media has created a public stage for the 24/7 documentation of curated realities, the lines between the public and private, the fake and real have become blurred. Individuals’ personal info is both public entertainment and highly lucrative data for corporations and governments alike — but at what cost to everyday people?
We are at a pivotal moment in the discussion of appropriate regulations for a rapidly evolving digital world, the value of our personal privacy, and whether we have fundamental rights regarding its safekeeping.
Worldwide events have elevated the urgency of this debate. The recent congressional hearings on Facebook’s business and consumer practices didn’t just cover the corporation’s complicity in promoting fake news and genocidal hate speech. Beginning in 2014, Cambridge Analytica lawfully used Facebook’s platform to collect private information of more than 50 million users, which was ultimately used to undermine the 2016 presidential election and profoundly alter the course of our national governance.
On the local level, law enforcement agencies across the Bay Area are considering acquiring facial recognition technology, which — in addition to tracking your every public move — misidentifies Black, Chinese, and other minority groups at higher rates. The implications of misidentifying wanted persons portends extraordinary harm to marginalized groups.
The e-transportation industry has mainstreamed access to mobile transportation apps, some of which implicitly obtain consent to run your credit report and share results with third-party advertisers and government agencies when you unwittingly click through their terms of service.
Most corporations do not have public policies for responding to data requests from law enforcement or contracting for unethical services, which has been highlighted in a series of protests locally by tech employees demanding their employers pull out of contracts with Trump’s immigration and detention agencies. The lack of policy guidelines has left information about San Francisco residents and visitors — including undocumented San Franciscans — vulnerable to ICE and other threats.
Finally, Europe’s recent passage of the General Data Protection Regulation demonstrated, among other things, that the United States is far behind other countries in the work to protect personal information from unlawful or unwarranted use.
With a lack of urgency at the state and federal level to keep pace with an evolving e-commerce and data landscape, cities have a leading role to play in navigating these thorny issues. In San Francisco, an epicenter of tech innovation, it’s appropriate we should be at the forefront of data privacy regulation as well. That’s why I have authored the city’s first-ever comprehensive privacy policy — “Privacy First,” which will be on the ballot this November as Proposition B, positioning San Francisco once again to lead the nation on civil and consumer rights. This is a continuation of a policy I authored in 2002 to catalyze a state and federal conversation around protection of consumer financial data. Few could have imagined the extent to which all categories of personal information would be collected, shared, and used by online apps and the corporations that create them.
The premise of the Privacy First policy is simple: All San Francisco residents and visitors have a fundamental right to privacy. This includes: protecting sensitive personal information, including your race, sexual orientation, national origin, or religious affiliation, from unwarranted collection and disclosure; knowing how information that is collected about you is being shared with law enforcement, third party advertisers, or other private special interests; having an opportunity to deny consent to the collection and use of your personal information; being able to move around the city, meet with friends, and organize groups without being tracked in real time; and ensuring that your personal information is secure from unauthorized access or accidental destruction.
San Francisco is a proud sanctuary city, and in many ways, we’re trying to create a “digital sanctuary” for your private information. This concept of cities as sanctuaries has taken on a new relevance with the need to insulate our city’s residents and visitors from the various threats of President Trump’s incendiary and racist regime.
The Privacy First policy would set a new precedent for cities across the country seeking to protect the privacy rights of their residents. Whether anticipating the potential risks of emerging artificial intelligence or new developments in surveillance technology, local democracies have a vital role to play in the evolving discourse around data privacy regulation.
The Privacy First policy was submitted to the ballot by a unanimous vote of the San Francisco Board of Supervisors and has since received the official endorsement of the San Francisco Democratic Party. It outlines 11 guiding principles that would be enshrined in our city’s charter to be used as a touchstone for policymakers for years (and with hope, decades) to come, and it would require the city to take inventory of new data collection methods at least every three years. It would apply equally to the collection and use of your personal information by government agencies as it would to third-party beneficiaries of city contracts, permits, licenses, and grants.
There is undeniably much to be gained from the lawful and authorized use of data to improve the city’s delivery of public services to those in need. But that potential benefit is accompanied by a duty of policymakers to anticipate harm and regulate accordingly. I hope you’ll join the Democratic Party, the Harvey Milk LGBTQ Democratic Club, the Latino Democratic Club, the Rose Pak Democratic Club, and many others in voting yes on Proposition B. On the cusp of a data revolution, it’s time to put your privacy first.
