Data Rights as Law? Meet the Montana Legislator Turning Theory into Policy

From politicians to tech evangelists to just your everyday citizen who is paying attention to all the data news out there, everyone has an opinion when it comes to data rights, ethics and what businesses or governments should be doing to enforce proper collection and use. The only problem is that few truly agree on what these entities should be doing. 

From politicians to tech evangelists to just your everyday citizen who is paying attention to all the data news out there, everyone has an opinion when it comes to data rights, ethics and what businesses or governments should be doing to enforce proper collection and use. The only problem is that few truly agree on what these entities should be doing. 

Are Terms of Service agreements enough? Is it OK for tech giants like Google and Facebook to collect and then sell user data to third-parties, setting themselves up as the leading data brokers of the day? Who regulates this? What happens when there is a breach? Who is at fault? And, ultimately, who owns the data – the people or the corporations? 

In this interview series, we’ll explore these topics with thought leaders in industries across the board, from politics to big data, social media to social good. The goal: to get to the bottom of who owns what and figure out how to build out a data bill of rights for the people, by the people.

Here we talk to Daniel Zolnikov, a Republican member of the Montana Legislature, who has made a name for himself throughout the country as a pro-privacy advocate. 

As a state legislator, how did the issue of data rights and privacy first come to your attention? 

Data rights were always a concern, but a friend of mine, who is also a white hat hacker, suggested I look at enacting policy that would ensure an individual’s data belonged to the individual, and would limit the ability of groups to obtain data without consent. There was also a focus based on ensuring data was secure, and could be changed, or deleted. 

I’m in my 20s and graduated with a degree in Information Systems from the University of Montana in 2010, so I have an understanding of both the benefits and threats of big data, and how data collection could occur while also empowering individuals to have control over their data. 

What is the current hold up on getting legislation passed in favor of data rights, privacy and security?  

Data collection is part of a multi-billion dollar industry. I believe that laws protecting our rights are looked upon as a threat to the industry. Last session, data privacy bills were labeled as anti-business and growing government, which didn’t help create support of such a new concept of privacy rights. With privacy rights being a newer concept, seasoned legislators didn’t know the industry well enough to make a firm stand. I believe this has changed in Montana in the last two years, especially since Montana’s Department of Health and Human Services, Target, Albertsons (twice), Home Depot and other large stores have lost personal information belonging to Montanans. 

How do you define big data, and how do you believe your constituents define or think of big data?

There is some confusion with the concept of big data. Some of my constituents believe big data is sharing Facebook information and that it is up to the individual. My perception of big data is that of our day to day lifestyle being captured without our knowledge or consent. This includes purchase history being saved, browser history being saved, personal cell phone information, including location, text and contact information being saved, and email data being mined.  

What is your stance on data rights as far as data collection and use transparency go?

My stance is firm. Data belongs to the individual, and each individual must give consent for data to be collected. I compare this to owning a house. An individual has the right to allow anyone in at any time, but also has the right to tell anyone to leave at any time. This type of control must be given to the consumer. The amazing thing is, most consumers will grant consent immediately, so it isn’t like this will end all data collection. What it will end, or bring light to, is the less ethical area of data collection where consumers don’t fully realize their personal and private information is collected, saved and sold due to complex and always changing terms and conditions.  

Regulation, policies or best practices: how do you think the future of data-driven organizations or policies will be managed from a privacy and protection angle?

I believe the industry needs to start self-regulating itself on what can be collected, for what purposes and what fines and punishments will occur if an individual’s information is lost or stolen. If self-regulation doesn’t occur, I believe one of the best solutions is giving ownership of the data to the person. I believe that this is the ultimate concept that will bring back our privacy rights immediately. 

How do you or an organization determine what data to is OK to collect, use, etc?

A specific guideline that can be included is if the data is needed for the business to fulfill it’s purpose, it may be collected without consent. This would have to be written in a very specific way to ensure other privacy legislation isn’t sidestepped. A cell phone company could not say saving text and contact information is necessary for its purpose to be executed, while it could claim, maintaining name, contact information and credit card information is a necessary function for the business to function. Again, defining “necessary functions” in a plausible way is the challenge. 

What do you see as the lowest hanging fruit as far as the potential uses for big data across any industry?

Requiring search warrants for data (emails, cell phone information, social media) is a great first step. This measure shows that data belongs to the individual in some shape or form. 

What are some of the big data myths that you wish you could bust so people are less confused and overwhelmed?

  1. I wish Facebook wasn’t the first concept people thought of when thinking about data and privacy. What you put on Facebook is public, that was your right and you gave consent to share that information. 
  2. I keep hearing that people have nothing to hide. Bad laws are passed all the time. At some point, you may want to hide something. Just because you are an innocent, law abiding, ideal citizen doesn’t mean you should ever give up the right to privacy. 
  3. I’ve also spoken to people who think Congress should be addressing this issue, not the states. I’m not sure if anyone has seen Congress lately, but my faith in their ability to do something positive for people is very low.
  4. Last, I’m tired of the rhetoric stating privacy bills are anti-business. That is like saying that your rights and personal property is getting in the way of my profits. 

What was your “aha” moment when you realized the power of big data?

When I was getting into politics, I realized that data collection, if unlimited, could be the ultimate threat to our country. It’s very simple. I am nowhere near perfect. We all have pasts, have made mistakes and most of us have grown from our experiences. No one is perfect. The data trails we leave behind are extremely clear and can now go back for years. Think of the ability to dig up anybody’s past and in a day, use it to silence them, swing a vote or control them. These methods were actually used on Martin Luther King and U.S. politicians by J. Edgar Hoover. The difference is, the tools they had and used decades ago were nothing like what we have today. I fear the concept of people fearing their own pasts so much, they refuse to take a stand or get involved when the opportunity presents itself. This is self-censorship and once we are censoring ourselves due to fear, we no longer live in a free country. This happened in countries like Eastern Germany, and entire populations were silenced.