Privacy and security issues reached high visibility in 2018, with many major publicized incidents. Carl Landwehr starts with the Facebook–Cambridge Analytica scandal, and then describes regulatory efforts such as the European Union (EU) General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the NIST privacy framework, the Supreme Court decision that protects cell-site location information, and preliminary efforts in Congress toward more general privacy protection.

Unfortunately, none of the relevant agencies--not the US Federal Trade Commission (FTC), nor the Securities and Exchange Commission (SEC), nor the United Kingdom (UK)--have yet done anything to seriously change Facebook’s behavior. My personal favorite incident from 2018 happened during Mark Zuckerberg’s testimony: Orrin Hatch (a sitting US Senator) was unaware that Facebook sells ads. We need regulators who are both more aware and more vigilant. The author suggests financial penalties as well, perhaps payable to those whose privacy was invaded, or used to fund investigative journalism. He also suggests more individual accountability. We don’t yet know the best strategies to protect users from the abuse of personal information.

Landwehr’s article is an excellent short discussion of many privacy issues as they arose in 2018. Anyone wanting an introduction to current concerns should read it. However, it is distressing that the author’s name is spelled wrong in Communications of the ACM.