But in a new whitepaper, my @eff colleagues #CorynneMcSherry, #MarioTrujillo, #CindyCohn and @Thorin advance an exciting proposal that slices cleanly through this Gordian knot, which they call "#PrivacyFirst":

https://www.eff.org/wp/privacy-first-better-way-address-online-harms

Here's the "Privacy First" pitch: whatever is going on with all of the problems of the internet, all of these problems are made worse by commercial surveillance.

2/

* Worried your kid is being made miserable through targeted ads? No surveillance, no targeting.

* Worried your uncle was turned into a Qanon by targeted disinformation? No surveillance, no targeting. Worried that racialized people are being targeted for discriminatory hiring or lending by algorithms? No surveillance, no targeting.

3/

* Worried that nation-state actors are exploiting surveillance data to attack elections, politicians, or civil servants? No surveillance, no surveillance data.

* Worried that AI is being trained on your personal data? No surveillance, no training data.

* Worried that the news is being killed by monopolists who exploit the advantage conferred by surveillance ads to cream 51% off every ad-dollar? No surveillance, no surveillance ads.

4/

* Worried that social media giants maintain their monopolies by filling up commercial moats with surveillance data? No surveillance, no surveillance moat.

The fact that commercial surveillance hurts so many groups of people in so many ways is terrible, of course, but it's also an amazing opportunity. Thus far, the individual constituencies for, say, saving the news or protecting kids have not been sufficient to change the way these big platforms work.

5/

But when you add up *all* the groups whose most urgent cause would be significantly improved by comprehensive federal privacy law, vigorously enforced, you get an unstoppable coalition.

6/

America is decades behind on privacy. The last really big, broadly applicable privacy law we passed was a law banning video-store clerks from leaking your porn-rental habits to the press (Congress was worried about their own rental histories after a Supreme Court nominee's movie habits were published in the *Washington City Paper*):

https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act

7/

In the decades since, we've gotten laws that poke at the edges of privacy, like #HIPAA (for health) and #COPPA (data on under-13s). Both laws are riddled with loopholes and neither is vigorously enforced:

https://pluralistic.net/2023/04/09/how-to-make-a-child-safe-tiktok/

Privacy First starts with the idea of passing a fit-for-purpose, 21st century privacy law with real enforcement teeth (a private right of action, which lets contingency lawyers sue on your behalf for a share of the winnings):

https://www.eff.org/deeplinks/2022/07/americans-deserve-more-current-american-data-privacy-protection-act

8/

Here's what should be in that law:

* A ban on surveillance advertising:

https://www.eff.org/deeplinks/2022/03/ban-online-behavioral-advertising

* #DataMinimization: a prohibition on collecting or processing your data beyond what is strictly necessary to deliver the service you're seeking.

9/

* Strong opt-in: None of the consent theater click-throughs we suffer through today. If you don't give informed, voluntary, specific opt-in consent, the service can't collect your data. Ignoring a cookie click-through is not consent, so you can just bypass popups and know you won't be spied on.

10/

* No preemption. The commercial surveillance industry hates strong state privacy laws like the Ohio biometrics law, and they are hoping that a federal law will pre-empt all those state laws. Federal privacy law should be the floor on privacy nationwide - not the ceiling:

https://www.eff.org/deeplinks/2022/07/federal-preemption-state-privacy-law-hurts-everyone

* No arbitration. Your right to sue for violations of your privacy shouldn't be waivable in a clickthrough agreement:

https://www.eff.org/deeplinks/2022/04/stop-forced-arbitration-data-privacy-legislation

11/

* No #PayForPrivacy. Privacy is not a luxury good. Everyone deserves privacy, and the people who can least afford to buy private alternatives are most vulnerable to privacy abuses:

https://www.eff.org/deeplinks/2020/10/why-getting-paid-your-data-bad-deal

* No tricks. Getting "consent" with confusing UIs and tiny fine print doesn't count:

https://www.eff.org/deeplinks/2019/02/designing-welcome-mats-invite-user-privacy-0

12/

A Privacy First approach doesn't merely help all the people harmed by surveillance, it also prevents the collateral damage that today's leading proposals create. For example, laws requiring services to force their users to prove their age ("to protect the kids") are a privacy nightmare. They're also unconstitutional and keep getting struck down.

13/

A better way to improve the kid safety of the internet is to ban surveillance. A surveillance ban doesn't have the foreseeable abuses of a law like #KOSA (the #KidsOnlineSafetyAct), like bans on information about trans healthcare, medication abortions, or banned books:

https://www.eff.org/deeplinks/2023/05/kids-online-safety-act-still-huge-danger-our-rights-online

When it comes to the news, banning surveillance advertising would pave the way for a shift to contextual ads (ads based on what you're looking at, not who you are).

14/

That switch would change the balance of power between news organizations and tech platforms - no media company will ever know as much about their readers as Google or Facebook do, but no tech company will ever know as much about a news outlet's content as the publisher does:

https://www.eff.org/deeplinks/2023/05/save-news-we-must-ban-surveillance-advertising

15/

This is a *much* better approach than the profit-sharing arrangements that are being trialed in Australia, Canada and France (these are sometimes called #NewsBargainingCodes or #LinkTaxes). Funding the news by guaranteeing it a share of Big Tech's profits makes the news into partisans for that profit - not the Big Tech watchdogs we need them to be.

16/