How Much Is Your Data Worth to Facebook and Google? A New Senate Bill Aims to Find Out
Facebook and Google are being challenged to put a price on how much each person’s data is worth―and provide a way for people to delete some, or all, of their information.
The Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data (DASHBOARD) Act, which was introduced on Monday, takes aim at companies that have more than 100 million monthly active users. The bill would pull back at least part of the curtain on the data collection practices of technology giants Facebook and Google—and potentially Twitter and Amazon among others—requiring the companies to file an annual report that puts a total value on the data they’ve collected, as well as disclose contracts with third parties regarding data collection.
“For years, social media companies have told consumers that their products are free to the user. But that’s not true—you are paying with your data instead of your wallet,” says Sen. Mark Warner (D-Va.), one of the co-sponsors of the legislation. Warner, a former technology entrepreneur who amassed a fortune in telecommunications, is one of big tech’s loudest critics in Congress.
While there are already ways to manually delete some of your Facebook or Google data, perhaps the most interesting piece of the bill is that the senators are asking tech companies to put a price tag on each person’s information. However, deciding what a person’s interests, likes, or the time they spend online isn’t easy to quantify, since every platform is different.
If the bill passes, that task would fall to the Securities and Exchange Commission. The Dashboard Act wants the SEC “develop methodologies for calculating data value, while encouraging the agency to facilitate flexibility to enable businesses to adopt methodologies that reflect the different uses, sectors, and business models.”
“The importance of this is that historically we have been led to believe that these services are free. The value of our data is somewhat obfuscated,” says Ashkan Soltani, an independent researcher and the former chief technology officer at the Federal Trade Commission.
Soltani says the SEC is the right place to create methodologies for a possible future framework that puts a price tag on each person’s data. In their annual 10-K filings with the SEC, companies are already required to estimate the potential harm to their business, in the event of a data breach.
The introduction of the bill also comes as Facebook CEO Mark Zuckerberg has been vocal in recent months about asking for Facebook to be regulated.
“A common global framework–rather than regulation that varies significantly by country and state–will ensure that the Internet does not get fractured, entrepreneurs can build products that serve everyone, and everyone gets the same protections,” Zuckerberg wrote in an op-ed that was published in March.
When asked about the Dashboard Act, a Facebook spokesperson told Fortune that “we look forward to continuing our conversations with the bill’s sponsors.” A Google spokesperson declined to comment.
Lindsey Barrett, a teaching fellow and staff attorney at Georgetown Law’s Communications and Technology Clinic, says if the bill became a law, it could be valuable in that it will provide “more insight into how tech companies actually work… particularly in terms of how they share people’s data with third parties.”
However, she says the basic premise of the bill is “slightly misguided.”
According to Barrett, the bill doesn’t grapple with the issues of alternatives to the giant social networks. Also, the users are overwhelmed with privacy decisions on a daily basis. “The most significant problem in the tech ecosystem isn’t that people lack information, though that certainly is a problem,” she says. “It’s that companies face few limitations on what they’re allowed to do with people’s data.”
The Dashboard Act has some parallels to the California Consumer Privacy Act (COPA), according to Soltani. That law, which goes into effect in January 2020, will require companies that do business in California, or with Californians, to create complex tools that show data they collect, organize it, and give consumers an easy way to delete it.
However, the thresholds for compliance between Dashboard and COPA are different. While the federal bill targets companies with more than 100 million monthly active users, California’s law focuses on companies with more than $25 million in revenue, those that receive or disclose personal information from more than 50,000 California residents, or make at least half of their revenue from selling Californians’ data.
Even that is proving difficult for companies to comply with: In March, 86% of companies hadn’t completed steps to become compliant, according to a survey published from TrustArc, a security and compliance firm.
But on the federal level, Soltani says the Dashboard Act is laying the groundwork for a future comprehensive privacy package affording consumers more protections, while holding companies to higher standards of disclosure, in a way that could be on par with Europe’s GDPR privacy laws.
“This is one of the many features people are starting to think is important about a larger privacy package,” he says.