Gabriel Weinberg, CEO of DuckDuckGo, in an op-ed for the New York Times:
I am reminded of the arguments made in the 1960s and ’70s about laws to reduce toxic emissions from cars. Companies profiting from less regulation lobbied against those laws, and yet, once they were enacted, Americans’ health improved, innovations such as the modern catalytic converter entered the market, and big companies met the new emissions targets without catastrophic expense. If we enact strong privacy regulation, I believe we can be similarly hopeful about the future of privacy.
Every time I suggest or state that laws and policies are needed to strengthen protections around data privacy, I inevitably get a host of emails and Twitter mentions from people who truly believe that non-regulatory measures are possible. I understand the hesitation, but I firmly disagree: self-regulatory measures simply aren’t working, and users are becoming nihilistic about privacy. Recent surveys have indicated that most people do not trust tech companies — particularly with their most sensitive data — but they also buy and use products that they distrust.
Instead of laws and rules, think of regulations like these as setting expectations. We should expect our data to remain private and only ours by default; any exceptions to that should be clearly explained, and we should be able to opt into our out of sharing any of our data at any time. We should expect that we are not being monitored or surveilled, whether by law enforcement or companies. We absolutely should expect not to have to hire a lawyer to review the terms of service for every food delivery app or ad-supported website we visit.