Graphic by Nick Griffin (He/Him)
“If you’ve got nothing to hide, you’ve got nothing to fear” is a common argument against privacy rights. However, while many LGBTQ+ people may feel as though they have nothing to hide, they do have something to fear: the unregulated frontier of digital privacy.
Threats to digital privacy affect everyone, but LGBTQ+ people are more at risk as they tend to have more sensitive data online. The internet is a safe haven for many in the LGBTQ+ community– a place where they can be themselves, look up sensitive health information (such as HIV treatment or transition resources), and even meet other LGBTQ+ people. Losing this data to advertisers and data brokers can have significant consequences.
Targeted advertisements can be dangerous as they can inadvertently out users, which is why Facebook removed ad targeting based on sexual orientation in 2018. Data brokers bring their own set of dangers by collecting all manner of information about users, which can then be abused by stalkers, abusive family members, government agencies, banks, or those looking to silence online activists through doxxing. Dating and hookup apps like Grindr can easily reveal users’ location and personal information to more than just their matches. Facing discrimination in all walks of life, LGBTQ+ people often have more to lose from having secrets exposed– employment, housing, benefits, and dignity.
Concrete harm aside, the feeling of constantly being watched by tech companies can be psychologically distressing. Most people find personalized experiences based on collected information “creepy,” but feeling like your identity is being recorded is even creepier, whether you’re out or not.
Californians recently passed Proposition 24, implementing the California Privacy Rights Act (CPRA), a bill aiming to shore up digital privacy rights throughout the state. While the bill is in some ways a step in the right direction, in others it’s a step back, and it currently stands to do little to stem the assault on digital privacy.
The CPRA is, by and large, an amendment to the existing California Consumer Privacy Act (CCPA), which was the first data privacy law in the country. The language of the bill is sprawling and complex, but some of the changes are heartening. It gives consumers the right to ask businesses to limit the use of “sensitive personal information,” which is precisely defined to include data such as precise location, health information, and notably, sexual orientation. It extends the definition of “selling” data to include “sharing” data, hopefully stemming the spread of personal information. Notably, it also establishes an enforcement agency to help make sure the law is followed.
All of this sounds convincing on paper, and could be considered an improvement to the previous law. However, because the CPRA relies upon an opt-in model where people have to specifically request their right to privacy, it’s wholly inadequate. As anyone who has had to click through endless notices about cookies after the EU tightened their privacy laws would know, manually opting out of being tracked on each individual site is a chore. Most people will simply click the box that says yes, even though they don’t actually want to be tracked.
The CPRA also changes the law to allow businesses to offer discounts if you agree to share personal information, similar to loyalty cards in brick-and-mortar stores. Discount programs like this essentially force people to pay higher prices in exchange for their right to privacy, which can be a difficult tradeoff to justify for LGBTQ+ people, who tend to make less money than their straight and cisgender counterparts.
Further legislation surrounding data privacy continues to be put on the back burner in favor of “more urgent” matters. For example, in February 2020, Sen. Kirsten Gillibrand (D-N.Y.) introduced a bill that would establish a federal Data Protection Agency, but the legislation was shelved due to other issues, such as the coronavirus pandemic. Ironically, the pandemic has only increased the importance of digital privacy rights, as more and more communities and their information have been pushed online.
The CPRA is possibly the strongest privacy law in the nation, but it’s only a first step. Giving consumers the option to opt out of being tracked is paltry; what we should be doing is ending tracking and data collection as a whole.
If this talk of constant surveillance has made you nervous, you’re not alone. Although much of it is beyond individual control, there are some basic steps that can be taken to somewhat reduce the amount of information that you’re sharing online. For example, you might want to install an adblocker on your web browser or phone, go through the security settings on any apps you use (or consider using the browser version instead), or switch to a secure search engine like DuckDuckGo or Startpage. NPR has an additional toolkit here. It’s not necessary to become a hacker or go full tinfoil hat, but a couple of small changes can keep you a bit safer.