Institute of Internet Economics

The Intersection of Privacy and Politics: Who Controls Your Data?

In an era where personal information is a valuable commodity, the question of who controls your data has become a focal point of political discourse. Recent developments across the globe highlight the intricate balance between privacy rights and governmental authority, underscoring the need for robust data protection measures.

The European Union’s Decryption Initiative

In June 2025, the European Union unveiled “ProtectEU,” a strategic initiative aimed at enabling law enforcement agencies to decrypt citizens’ private data by 2030. This roadmap seeks “lawful and effective” access to encrypted data in digital investigations, identifying end-to-end encryption, VPNs, and secure messaging services as significant obstacles. Despite assurances about safeguarding cybersecurity and privacy rights, privacy experts express deep concern. Critics warn that developing decryption methods may introduce new vulnerabilities, challenging established cybersecurity practices. Robin Wilton from the Internet Society highlighted the risks of undermining encryption, noting that strong encryption is essential, not antagonistic to security. (techradar.com)

State-Level Privacy Legislation in the United States

In the United States, state governments are taking proactive steps to protect citizens’ privacy. Utah’s Digital Choice Act, effective July 1, 2026, empowers individuals to control their personal data by allowing them to move their data across platforms via open-source protocols. This law addresses the power imbalance created by social media companies that profit from user data through advertising and behavior-manipulating algorithms. Advocates argue that this model jeopardizes privacy, security, and mental health, as seen in examples like TikTok outages and the 23andMe data breach. (time.com)

Illinois Governor JB Pritzker has also signed an executive order blocking the federal government from accessing personal autism-related health data without informed consent. This move, the first of its kind in the U.S., responds to a federal initiative seeking to use data from the National Institutes of Health and Medicare/Medicaid claims to explore the causes of autism. Pritzker stated that the order aims to uphold personal dignity, privacy, and protection against surveillance and discrimination. (apnews.com)

Challenges in Data Privacy Consent Standards

The U.S. is experiencing a surge in state-level data privacy laws, with 20 states adopting laws that impose varying consent requirements based on the type of data and specific processing activities. These laws generally fall into two models: opt-in consent, requiring explicit consumer permission before data collection or processing, and opt-out consent, where data collection is default unless consumers opt out. Variations among state laws create challenges for businesses operating across states, increasing their compliance burdens. Consumers also face difficulties understanding the varying consent models, leading to potential trust issues and consent fatigue. (reuters.com)

International Enforcement Actions

South Korea’s Personal Information Protection Commission fined Meta $15 million for illegally collecting sensitive information from approximately 980,000 Facebook users, including data on political beliefs and sexual orientation, and sharing it with around 4,000 advertisers. The investigation revealed that Meta used this information for personalized services without obtaining explicit user consent. Additionally, the security of accounts was compromised due to inadequate security measures, allowing hackers to falsify identities and request password changes. (apnews.com)

The U.S. Federal Trade Commission (FTC) settled with data brokers Mobilewalla and Gravy Analytics for selling data tracking individuals’ religious and political beliefs and pregnancy status without consent. These companies agreed to stop using data on visits to sensitive locations and implement opt-out mechanisms for individuals. This settlement marks the first instance of the FTC prohibiting the gathering of location data through online ad auctions, as part of the Biden administration’s effort to protect consumer privacy and limit data brokers’ activities. (reuters.com)

Industry Self-Regulation Efforts

In response to growing concerns over data privacy, political data firms are collaborating to prevent future scandals akin to the Facebook–Cambridge Analytica incident. Firms from both major political parties are engaging in discussions to understand the importance of the data they use and to self-regulate, aiming to achieve a dramatic improvement on behalf of voters. This initiative reflects a recognition of the need for ethical data use in political campaigns. (wired.com)

Public Perception and Legislative Proposals

A Pew Research Center survey conducted in May 2023 revealed that a significant majority of Americans are concerned about how companies and the government use their personal data. The survey found that 67% of respondents understand little to nothing about what companies are doing with their personal data, and 73% feel they have little to no control over what companies do with their data. These findings underscore the public’s unease and uncertainty regarding personal data usage. (pewresearch.org)

In response to these concerns, the American Privacy Rights Act (APRA) was proposed in April 2024. This comprehensive data privacy law aims to place limitations on the kinds of data companies can collect about their users, create processes for users to access or remove data about them, and allow users to opt out of having data sold by data brokers. The bipartisan proposal seeks to supersede some state-based laws and establish a unified federal standard for data privacy. (en.wikipedia.org)

The intersection of privacy and politics is a complex and evolving landscape. Recent legislative actions, enforcement measures, and industry self-regulation efforts reflect a global recognition of the need to balance privacy rights with governmental and corporate interests. As technology continues to advance, ongoing dialogue and thoughtful policy-making will be essential in ensuring that individuals’ personal data remains protected in the digital age.

Sources: