Why EFF and CDT May Not Advocate for Individual Private Right of Action

Google is suing to funnel individual user remunerations, awarded by courts, to EFF, CDT. Data owners should speak up for themselves now in small claims court.


By Sheila Dean


For many years, I wondered why Democratic leaning nonprofits like Center for Democracy and Technology (CDT) and EFF, former coalition colleagues in the privacy field, overlooked and entirely ignored the Privacy Act of 1974 in public education efforts against mass surveillance. It represents an important consumer civil right: the individual right to tell the government to stop processing personal data for non-exempt government uses. They kept mum during the entire Obama administration about this law and only filed a mea culpa amicus brief this Summer based on some recent personal rights violations.

This particular right gets down to hairsplitting among judges, like potential Supreme Court nominee, Brett Kavanaugh. Ars Technica reported statements during Kavanaugh’s confirmation indicating he would side with any corporation’s rights to collect mass data on behalf of the government for their unique purposes.  Unfortunately, unless the normative T-mobile or Verizon informs the customer that they may refuse exchanges of personal data to government agencies (such as the Department of Education, NASA, DARPA, the Geospatial Intelligence Agency) by expressly denying consent to share data with them, Kavanaugh would allow businesses and nonprofits to launder consumer consent tacitly to government transactions. This bypass would treat government actors as a 3rd party data processors.  No warrant necessary. That is why the Privacy Act of 1974 and filing a small claims suit is more important than ever.

According to Media Post, data owners were represented in a class action lawsuit involving Google. Google is suing to send remunerations to nonprofits rather than the data owners or users impacted in the case. We never hear about users who never received an award from their position in the case of privacy, until now. EFF and CDT seem motivated by a win to get Google’s largesse funnel to go to their work. It is likely this is not the first or last time you will see a non-profit, like the ACLU, go in for a civil suit win to collect funding for their non-profit work. You will have to wait until Halloween to hear users vouch toward whether they were actually offered their court award or if feral feudal administrators between these non-profits and Google made decisions for their digital serfs. Google, aware of mass scale of privacy violations, changed its corporate classification in 2017 from an Incorporated public company to a Limited Liability Company incorporation (LLC), because of the mounting volume of lawsuits landing on them due to ongoing willful privacy violations.

That is why I am actively advocating and proclaiming that each data owner impacted by a personal privacy violation file a small claims suit against company or nonprofit data license violators. This means, 501c3’s (like the EFF, CDT or the ‘Church of Google’) or 501c4s (like a political party, partisan political campaign, or a Political Action Committee) also can be taken to small claims courts. You can even take your local government to small claims court for privacy violations. You may even file privacy violations claims against the federal government in your local District Court.

This process is given overview in my current work Privacy Is A Spider; A Guide to Rebalance Private Living, Chapter 2: Droping in From Above, currently available for download at Gumroad.com. Companies with history of serial privacy violations won’t stop violating your rights. You have to stop them and make them pay. Small claims has the power to order anyone who has processed against your consent cease and desist. The courts need to see you self advocate with the legal means you have; which is possibly $15 and a court appearance with your local version of Judge Judy.

Each data owner has a private right of action to make each of these companies or entities pay for their violations of your consent rights and to collect any profits made from involuntary exchange your data, whether it is only $74 or $.74.  If you want to win your privacy case, you will have a higher likelihood in small claims court. The political class won’t reign them in quickly.  You have to do it. There is no real privacy movement if you are not making the legal decisions that matter about your privacy.



  • Build case law history against violators; which mounts against their lobbying efficacy with agencies like the FTC and the SEC.

  • Win the unique knowledge and access to the transactional trade path of your personal information without the mass invasive process of a Superior Court legal case with your name on it.

  • Be awarded profits from the unapproved licensing of your personal information and private data. (This keeps self-involved lawyers at non-profits from collecting awards made on small bill privacy violations.) 

Privacy Is A Spider, Chapter 2 is on the way

The latest downloadable chapter of Privacy Is A Spider will be made available for sale here on SheilaMDean.com by the end of June. The chapter titled, “Dropping in From Above: Evaluating Environmental Privacy Threats” will feature a couple of model letters and sound advice for those who want to rebalance the online ecosystem for your personal privacy.

Read More

Feeding the Beast: Facebook and Its Government Trade Partners should conform transparently to common US consent law

By Sheila Dean

Consumer facing consent UI/UX and transparent third party data inventory could remedy the social network’s global fall from grace.  Far more work is ahead to produce a legitimate privacy enforcement environment.

Facebook’s neglect of third party vendor Cambridge Analytica crossed the line for its users. Unfortunately, social networks with poor third party operations security are everywhere. It was Facebook today, but it could be any number of poorly secured vendors tomorrow. Prior to this event, users and developers alike refused to face the nature of beast they are feeding.

Some form of regulatory intervention is in the offing. The US government is already deep in the core of Facebook’s operations for regulatory enforcement of an FTC consent decree. Facebook, like Palantir and others, also worked for the US government as big data analytics contractors in 2013’s PRISM scandal. Facebook has licensed deep profile information to the US government and any foreign government who would pay, including Russian social media operations. Special counsel Robert Mueller could easily ask FBI staffers embedded at Facebook’s HQ, if this was the collusion they were looking for. If the US government and its regulators are already so involved, regulation may be the lighter hand of justice. Users may need a criminal investigation into US government abuses of power, conflicts of interest, embezzlement or related crimes involving foreign entities. The more likely crime is one of banal disinterest in privacy law enforcement.

Facebook is the beast US corporatism built. The US government, afterall, is still an investor in Facebook. How do we get shareholders, like the CIA, to conform to American privacy law provisions and boundaries? As partial owner, the US government may have access to any of its information assets. What does it mean if a US agency profited from data services rendered to Russia for psychological operations? The potential for abuse is now material fact, if it is not the scene of a crime of opportunity.

Facebook’s policy problem lies in a one-size-fits-all EULA contract allowing complete opacity of its vendors. The blanket consent from one Terms of Service contract hardly covers the third party range where personal data was processed by Cambridge for resale to political operatives. The average consumer does not know who has their data once it goes into a social network. If Facebook showed consumers the edge advertising market for their data as notification, they would be legally required to provide means of express consent to license their personal data.

Facebook, like many online services, needs to get out of partisan and government information business lines or the elections intrigues will continue. It’s time to ask US government agencies, like the DoD and CIA, to surrender their shares in public ISP companies back to the free market. Their co-ownership in private data conflicts with public interest.  Public trade transfer deals featuring government licensed technologies should not be opaque to the US consumer when their personal information is involved in a trade.

Third party risk and liability will still be a problem for society online. Legal enforcement is needed to limit the scope of exchange and sale of personal data based on legitimately sourced and applied US consumer consent. Facebook, and those emulating its brazen business model, should now comply to better defined, transparent data inventory mapping for users to knowingly permit, or more likely deny, unwanted third party exchanges.

We can forgive Facebook as an institution for being led down the wrong path, endorsed and coddled by government insiders. Some later revealed themselves in full view of the public as disgraceful sycophants, soliciting Mark Zuckerberg's permissions and favors, during Congressional disciplinary hearings. Government beneficiaries managed to evade legal consent notice requirements which do, in fact, apply to any information they collect on US Citizens. Board members from the most celebrated privacy non-profits, think tanks, and policy advisors with doctorates from the best universities in the United States have consulted Facebook. Who can help Facebook if their elite battery of advisors endorsed the fantasy they can break US common consent law with no consequences? 


It does seem everyone around Facebook is telling them they are so useful and exceptional they don’t have to conform to the law. That line of doctrine misled Facebook to be used as a powerful social tool to connect the world with corruption. They broke laws. Unfortunately, they didn’t do it by themselves. They had lots of enablers and government partners urging them on.

Information security and integrity audits will send any phony fixer lawyers and their marketing apologist firms packing.  One could speculate Facebook's cyber-insurance rates are expected to skyrocket. As we wait on the results of Facebook’s audit, they will confront fines, more civil suits, possible company insolvency and criminal due process for its lack of restraint. Regulatory law enforcement should work to close privacy law enforcement gaps. Their current presence inside Facebook failed to enforce fair, lawful security of private data. 

Even if the government reforms the enforcement conventions for impacted privacy, will fair trade practices emerge from the ashes to cover global data brokerage exchanges? Non-profit interest groups and companies cannot just scuttle away a people's inherent data ownership rights because these rights didn't originate with their nation state or they seem inconvenient to consider. Identity sovereignty is natural and inherent to our humanity. Administrators are talking over each other instead of to each other across the globe and then stony radio silence follows. This conflict is based on differences over the origin of rights in personal data governance. There is very little real debate or statesmanship on this idea.

So here is a working 5 point public policy fix to confront international data exchange stakeholders, as well as US agencies, not playing fair with data owners.

  • Close enforcement gaps and actively enforce existing privacy law concerning notice & consent.
  • Require government partners and non-profits (partisans, research firms) to self-identify to consumers in UX/UI transactions; which legally require notice and consent (like trade transfer deals).
  • Adopt or enact Right To Be Forgotten policy in the US.
  • Recognize the rights of the individual Data Owner in business reporting with monthly exchange statements as an audit requirement as a matter of human rights and fair trade.  If you can’t manage to bring in the data owner as part of your business, consulting them on how much to sell their data for, who to authorize as a  seller and reseller to and how to sell it, you’re in the wrong business.
  • Recognize essential individual data ownership is paramount to rights of government transfer entitlement and/or embargo thereof. For the US, that is conformance to Privacy Act of 1974 provisions to actively procure and heed individual consent preferences in most cases. For other governments, that means they need to get express consent to profit from personal data of a US citizen using public platform services.

Individual data ownership rights are not in conflict with other rights and can stand with other recognized rights. Particularly, that of self-defense, protection from theft of labor and the diverse perils of slavery, human trafficking and unfair trade practices. We are not the middle man to be cut from the exchanges. Data owners are in fact used and spent as the monetary currency itself. Current exchanges brokering personal data are in an adverse power differential contrary to Principle One of Fair Trade Practices. They are more on par with serfdom. Facebook’s serfs are Exhibit A of a raw deal. Now the world needs a fair trade upgrade.

When Facebook-Cambridge Analytica was not alone

Facebook has a long road ahead. However, for every Facebook, there are thousands of smaller businesses on the freemium model looking toward them as examples of successful business behaviour. While Facebook is a successful company, their CEO appeared before Congress when everyone saw how they failed the public. Help yourself to a better example. If Facebook wants to BE that better example, their actions need to exceed our privacy expectations of baseline evasive legal compliance. Examine how competition can serve Internet users better through right choices and fair exchanges.

Read More

Serial Release, Privacy is a Spider, Shows How-To Recreate Privacy


Author says DLC business model fits crisis signs-of-the-time

KIRKLAND, WA - Author and modern privacy advocate, Sheila Dean releases her first chapter in the downloadable How-To title series, Privacy is a Spider February 15, 2018.

Dean decided to publish the book as an independent serial release of downloadable content based on 3 criteria.

1.     To make content available, fitting a necessary personal relevance to readers, without buying the whole book.

2.     The ability to iterate prescriptive changes due to fast evolving legal and technical impacts to privacy and data protection.

3.     To self-fund the production of her fully authored work.

“One of the unique challenges of producing any book with currency in technology is to release a title that isn’t obsolete before it hits the shelves.  Consumer and civil privacy are experiencing chronic, war-like levels of hostility. In order to produce something relevant, [the process] required me to adopt prioritizing skills of a combat medic. You produce content so consumers can access the guidance they need to triage their own privacy,” said Dean, who spent years rewriting iterations of privacy mansuscript features.

 Privacy Is A Spider provides a holistic direction in its full form.  The complete guide aspires to help US readers prevent losses, create and recreate their privacy during and after a privacy incursion.  

“It’s very tough for consumers to watch privacy protections chronically invalidated and not know what to do. The public needs a program based on resilience, personal priorities and an ability to make a place for privacy in their lives. Hopefully that is what Privacy is a Spider delivers,” said Dean. 

Privacy, The Creative Act, the first featured chapter in the Privacy is a Spider serial will be available for purchase at, SheilaMDean.com for $2.00.  Dean’s aim is to sell enough relevant content for the book to pay for itself.  


ABOUT THE AUTHOR -  Sheila is an active voice for more technical privacy provisions to improve the digital user experience. She hopes to optimize a new modern social discipline "to be more private". What started as a dedicated practice tour of the human rights and digital policy landscape, has landed on the edge of a technical self-leadership approach to reclaiming ownership of personal data.



DBA Sheila Dean

(310) 857-8257

month2private [at] protonmail.ch

December News Digest: Chapter Release this Winter at Patreon


“When you’re going through hell, keep going…”

– Winston Churchill


Privacy is a battered area across many forays in our society. I managed to catch the Congressional hearings on the Equifax breach. I heard the head of Equifax (US) say to Congress, “I wonder what are we trying to protect anymore?”

I think that became the most challenging moment for me in 2017, both as consumer and personal data protection advocate.   I realized demoralizing the privacy interests of every individual was someone’s goal. If your opponent couldn’t lawfully achieve that, as if you had no legal recourse or protection from their infringements, they still seek to bombard you, networks and infrastructures with smaller privacy breaches, to desensitize you to the negative effects. Why? To break down your resistance with frustration and demotivation, so you fail to fight back over your personal data property and your privacy.  

Americans are in a double bind, of sorts. We are held underneath a public-private mass surveillance aperture; which won’t relinquish much power back to the individual.  Part of the infrastructure capitalizes on voter information brokerage.  Another part forces or incentivizes private social media to do government surveillance work on the people who feel compelled to use it.  You have an opportunity to use your voice, to direct Congressional leaders to Sunset Section 702 of the warrantless surveillance act, FISA. A bill to renew it has been filed.  There is a lot of fight for you and US privacy rights in that fight.

Every day you wake up you are the Data Owner, not merely the Data Subject, a victim of theft or a serf in someone’s digital fiefdom. 

Grasp this and you have a future to self determine your privacy.



IEEE is releasing 2nd edition of Ethically Aligned Design, Ethics in Action  12/12/2017I contributed to the Consent section.  I also have joined other IEEE data ethics subgroup P7003 –(Addressing)Bias producing content, curating research and being helpful to ethical data standards development.  You can read the ethics production from end-t0-end here. [Updated 2/22/2018] 


Yes. So slow.  Good solutions take time.

I have finally found my self-publishing house to produce chapters; which include privacy-accountability hacks, letters and templates to stay organized and to fight back.  The plan is to produce the initiate select chapter around February.  You can purchase directly from this website or my Patreon page.  There is a placeholder live under the 'Authoring' tab for the 2018 release.

Please tell all of your friends. (If your friends have great publishers market skills, send them my way!)

Do you have news or a personal story of how you overcame a privacy infringement?  Please write to me.  I would like to do a feature on you and demonstrate your talent.

Happy Holidays and warm wishes of confidentiality in 2018.