The author's suggested fix is "Let’s make a digital Environmental Protection Agency. Call it the Digital Protection Agency. Its job would be to clean up toxic data spills, educate the public, and calibrate and levy fines."
A couple upfront issues with this:
1) "cleaning up toxic data spills" - this doesn't seem well worked out, unless the author suggests going and deleting the stolen data off others' computers
2) "educate the public" - the author suggests explaining how to deal with identify theft. That's great, but doesn't address the secondary issues of advertising/propaganda/other clever unintended uses of data.
> cleaning up toxic data spills" - this doesn't seem well worked out
The EPA’s value in mitigating harm from oil spills probably comes less from the mechanics of the literal clean-up and more from oil companies’ knowledge that they will owe massive fines. Countries with data regulators levy fines. We, in America, do not.
The author suggests fines as the third suggested purpose. The author's take on cleaning is mainly restricted to credit monitoring type deals, which overlaps with the second purpose. (which is part of why I'm saying I don't think it's really thought out all the way)
It also only really works for things that happen domestically - watch as every social media company moved overseas.
Social media companies are in the wonderful position as to where they don't have to take money outright from users to operate, so they can claim they don't operate in any country they'd like to claim they don't, and can move to a foreign country with a lower tax rate without harming themselves at all really. With no users exchanging currency and no (retail) physical presence they're incredibly free as far as mobility goes. Unless I'm missing something about this all, it's surprising that it's not common for them to.
In some cases, it isn't. This would be one of those cases - tax increase because of the spending increase required for a new department, little benefit in practice, anti-free market, etc.
It's a culture issue, not particularly a regulation issue. Fining companies for doing with data exactly what they say will be done with data in their ToS (Granted, ToSs are a terrible concept - they are legal and enforcable depending on how the government is feeling for the day, though) would allow the government to effectively shut down platforms it didn't like by fee. Proposing a department to "Calibrate and Levy Fines" upon media is bizarre.
The proper thing to do would be solely focusing on educating the populus, or alternatively funding the EFF to do it for them.
The poker companies moved overseas, and this made zero difference to them being regulated by the US. It's rather hard to run a technology company if being an employee or director results in you being arrested if you ever the US.
Poker companies participate in direct exchange of currencies, a social media company doesn't. A European social media company can have thousands of American users, make money off of them and not touch a single USD.
A couple upfront issues with this: 1) "cleaning up toxic data spills" - this doesn't seem well worked out, unless the author suggests going and deleting the stolen data off others' computers
2) "educate the public" - the author suggests explaining how to deal with identify theft. That's great, but doesn't address the secondary issues of advertising/propaganda/other clever unintended uses of data.