Policymakers are today far more alert than ever before to the myriad ways in which tech companies collect and distribute consumers’ data with third-party data brokers and advertisers. We can attribute this new awareness to at least two major news stories from the past six or so years. The first came in 2013, when Edward Snowden, the former National Security Agency contractor, leaked highly classified materials that revealed the ways in which United States national security officials, with the indispensable cooperation of U.S. telecommunications companies, systematically monitored telephone conversations and electronic communications of U.S. citizens and foreign nationals. The story triggered a series of rebukes from civil rights groups, consumer advocates, and foreign leaders around the world. It is not clear whether or the extent to which the NSA or other government agencies have terminated those programs since Snowden’s revelation.

The second came in early 2018, when another whistleblower revealed to journalists that researchers to whom Facebook had allowed to collect and study dozens of millions of users’ personal data, in turn, shared those troves of personal data with Cambridge Analytica, a political consultancy firm. Cambridge Analytica had promoted their access to this data to peddle “psychographic targeting” to political campaigns, including that of Donald Trump in 2016. This more recent revelation has exposed Facebook to what will likely be the largest fine imposed by the Federal Trade Commission (“FTC”) in history.