Where Ethics Meets Data Protection: An Open Letter to EDPS and CPDP

There is currently a serious conversation happening in Europe and other parts of the world about a “new digital ethics.” But unfortunately, the conversation recently took a tone-deaf turn. Giovanni Buttarelli, the European Data Protection Supervisor (EDPS)—the EU’s independent data protection authority—gave brief remarks at the conclusion of the recent Computers, Privacy & Data Protection (CPDP) conference in Brussels in which he stated the following:

“On this day, 1 February 1865, President Abraham Lincoln signed the Thirteenth Amendment to the United States Constitution. This amendment declared unconstitutional all slavery and involuntary servitude…We now face the challenge of abolishing digital servitude—where people are mined for their data, and served back information selected by the algorithm, in order to induce to behave in a way that benefits a few powerful players.”

To be clear, Mr. Buttarelli was equating slavery—a system of institutionalized racism and worldwide human suffering—with targeted online advertising. He was comparing the abduction, torture, and murder of millions of innocent men, women, and children with the algorithms that sort news feeds and display ads on social networks

Slavery ranks as one of the most horrific wrongs from America’s troubled past, a wretched history during which generations of families suffered from a level of brutality and terror that the country still must reckon with today. Mr. Buttarelli may dislike millions of consumers sharing their personal data with companies in order to access free apps and services, and he may even believe that targeted online advertising itself is harmful, but he is smart enough to know that these practices are not equivalent, comparable, or in any way similar to slavery. To suggest otherwise is to either trivialize slavery or slander those working in tech, advertising, and digital media.

Reasonable people can disagree about digital privacy issues. They can debate important questions, such as how to find the optimal balance between the costs of data protection regulation and their benefits, or whether a right to be forgotten should trump a public’s right to know. They can argue about which data types are more sensitive than others, or whether consumer consent mechanisms should be opt-in or opt-out. And they can work together to answer thorny questions, such as how to better communicate privacy choices to consumers or how to properly de-identify data. These are all healthy ways to advance privacy debates.

But what reasonable people should not do is embrace moral absolutism, casting those with dissenting views as vile and morally repugnant cretins, because doing so stops debate, reduces trust, and undermines collaboration.

If it is indeed Mr. Buttarelli’s position that current online data collection practices are on par with slavery—that it is one of the most abhorrent practices in human history—then what is the point of serving as Europe’s top data protection official? Why regulate an industry if it should be outlawed? Why support Europe’s data protection laws if they are feckless in confronting this problem?

It is hard to argue that his comments were a mere slip of the tongue, as they appear to have been delivered from prepared remarks. And, unfortunately, it does not appear that anyone at CPDP had the courage to call out this offense in the moment or the days that followed. But I am hopeful that, given some time for reflection, both EDPS and CPDP will take the opportunity to reject this comparison and encourage a return to more civil and productive discourse.

Both EDPS and CPDP have paid a lot of lip service to the importance of ethics. It is time to turn those words into actions and be clear about where it stands on this inappropriate and offensive statement.