Section 01

Executive Summary

The United States is the only major democracy without a comprehensive federal data privacy law. A patchwork of 20+ state laws with different standards has left Americans effectively without enforceable digital rights — while tech monopolies have built a $323 billion global data broker industry on the unconsented harvest of personal information.

The Common Good Party position is clear: technology must serve people, not extract from them. This platform addresses the full architecture of digital power through nine enforceable pillars — from a federal privacy law and children's digital safety to AI accountability, digital Fourth Amendment protections, tech antitrust, right to repair, net neutrality, digital public infrastructure, and platform worker protections. Each pillar has specific enforcement through private rights of action and penalties calibrated to 4% of global revenue. This is not anti-technology. This is about making technology serve people.

The EU has levied €5.65 billion in GDPR fines across 2,245 enforcement actions. The largest U.S. privacy fine under state law: $2.75 million — less than what Meta earns in four minutes. Algorithms deny loans, deny care, and issue wrongful arrests with no legal accountability. Federal agencies buy location data to bypass the Fourth Amendment for $9,000 a year. The status quo is a system designed to extract value from Americans while insulating the extractors from any consequence.

This platform reclaims the internet — built with public money, on open protocols, by researchers at public universities — for the people it was always meant to serve.

Section 02

The Problem

The failures of the current digital landscape are not the result of technology itself — they are the result of a regulatory vacuum that allowed a handful of corporations to capture nearly every layer of the digital economy. The failures cluster into four structural categories.

No Federal Privacy Law
The U.S. is the only major democracy without a comprehensive federal data privacy law. A 20+ state patchwork creates confusion for consumers and compliance arbitrage for corporations. The EU has levied €5.65B in GDPR fines; the largest U.S. state fine is $2.75M — less than what Meta earns every four minutes.
Algorithmic Harm Without Accountability
Amazon's hiring AI penalized résumés containing the word "women's." The COMPAS recidivism algorithm has a 45% false positive rate for Black defendants vs. 23% for white defendants. Facial recognition error rates run 0.8% for light-skinned men but 34.7% for dark-skinned women — a 43-to-1 disparity. At least three Black men have been wrongfully arrested on facial recognition misidentifications.
Government Surveillance Bypass
Federal agencies buy personal data from brokers to bypass the Fourth Amendment entirely. Fog Data Science sold police access to billions of data points on 250+ million devices for $9,000 per year — no warrant required. The FBI confirmed purchasing Americans' location data without warrants. Planned Parenthood visitor location data was purchasable for $160.
Tech Monopoly
Google controls 89.9% of global search. Apple and Google together control 99%+ of mobile operating systems. Amazon controls ~40% of U.S. e-commerce. A federal judge declared Google a monopolist in August 2024; a second ruling found it illegally monopolized ad tech. The pattern: litigation takes a decade, companies appeal endlessly, and monopolies metastasize before remedies arrive.

The surveillance business model: The real-time bidding ad-tech ecosystem broadcasts Americans' personal data — location, browsing history, health conditions — to thousands of companies in milliseconds, every time a web page loads. This is the engine of Big Tech's hundreds of billions in revenue. It was never consented to. It was imposed.

Section 03

How We Got Here

The American digital rights crisis was not inevitable. It was the result of deliberate legislative failure, sustained industry lobbying, and a Congress that defunded its own technical expertise three decades ago.

1995

Congress Defunds Its Own Technical Knowledge

Congress eliminated the Office of Technology Assessment — its independent source of technical expertise. For thirty years, legislators analyzing AI, cybersecurity, gene editing, and social media have relied on industry lobbyists for technical knowledge. The companies Congress must regulate supply the briefings Congress uses to understand those industries.

1998

COPPA — Written Before the Modern Internet

The Children's Online Privacy Protection Act was written in 1998 — before smartphones, before social media, before algorithmic feeds. It remains the primary federal law governing children's digital lives, hopelessly inadequate for a world its authors could not have imagined.

2015–2017

Net Neutrality: Enacted, Repealed

The FCC established net neutrality in 2015, protecting the open internet from ISP throttling and paid prioritization. It was repealed in 2017. The Sixth Circuit ruled in January 2025 that the FCC lacks Title II authority entirely, leaving ISPs free to throttle at will. Verizon had already throttled the Santa Clara County Fire Department's data during an active wildfire, demanding a plan upgrade.

2022–2024

The Failed Legislative History

The American Data Privacy and Protection Act passed committee 53-2 on a bipartisan basis in 2022, then died — killed by a preemption dispute and an industry lobbying blitz from Apple, Microsoft, Facebook, and Amazon combined at $15M per quarter. The Kids Online Safety Act passed the Senate 91-3 in 2024 but never received a House vote. The pattern repeats: broad bipartisan support, industry money, and legislative death.

Section 04

What Other Countries Do

The United States is not without models. Every other major democracy has enacted meaningful digital rights protections. The innovation argument — that regulation stifles technology — has been tested internationally. The evidence does not support it.

Country Law / Framework Key Achievement
EUGDPR (2018) General Data Protection Regulation €5.65B in cumulative fines; extraterritorial scope; dedicated Data Protection Authorities in every member state
EUAI Act (2024) Artificial Intelligence Act Risk-based tiers (banned / high-risk / limited / minimal); mandatory audits; first comprehensive AI law in the world
EUDMA (2022) Digital Markets Act Ex ante rules for gatekeepers; interoperability mandates; €8B+ in fines; structural requirements for dominant platforms
UKAge Appropriate Design Code Children's data protection 91 documented product changes across 6 major platforms — including default privacy settings and disabling autoplay for minors
BrazilLGPD (2020) Lei Geral de Proteção de Dados Blocked Meta AI training on user data; stopped Worldcoin biometric collection; enforced data subject rights
EstoniaeID System National digital identity infrastructure 99% of government services available online; 800M+ digital signatures; privacy-preserving by design
GermanyCodetermination Law Worker board representation Workers on corporate boards, mandatory non-compete compensation — model for platform worker governance

The argument that the U.S. must avoid regulation to stay ahead of China ignores the fact that China has already regulated AI — with 190+ models registered under its Algorithm Registration system. The EU has the AI Act. The U.S. is the global outlier in having done nothing. A national framework provides legal certainty that accelerates responsible development.

Section 05

Our Policy — The 9 Pillars

The Common Good Party's digital platform addresses the full architecture of digital power. Each pillar is enforceable, specific, and calibrated to the scale of the problem. This is a framework, not a wish list.

Pillar 01

Federal Digital Privacy Act

Americans own their data. Companies are custodians, not owners. This establishes the foundational legal framework for all digital rights.

  • Affirmative opt-in consent required for all data collection — no more buried terms of service
  • Universal rights: know, access, correct, delete, port data, and refuse automated decisions
  • Ban on pay-for-privacy schemes and data minimization mandate
  • Data broker licensing with FTC registration, annual audits, and universal opt-out mechanism
  • Ban on sale of sensitive data: location, health, biometric, financial, sexual orientation, religion, and all data on minors
  • Private right of action: $1,000–$5,000 per violation per person
  • Federal floor with extraterritorial scope — applies to any company serving American users
  • New FTC Division of Data Protection with dedicated enforcement capacity
Enforcement: FTC Division of Data Protection · Up to 4% of global annual revenue · Private right of action
Pillar 02

Children's Digital Safety Act

Teens spending 3+ hours per day on social media face a 2x risk of depression. The design choices driving that outcome are not accidents — they are features. This pillar bans those features for minors.

  • No targeted advertising to anyone under 18 — contextual ads only
  • Strongest-default privacy settings for all minor accounts
  • Algorithmic recommendations OFF by default for minors (chronological feed only)
  • Age-appropriate design mandate modeled on the UK Age Appropriate Design Code
  • Ban on addictive design for minors: infinite scroll, autoplay, streaks, and notification bombardment
  • Platform liability for algorithmically promoted harmful content to minors
Enforcement: FTC + State AGs + Private Right of Action · $50,000 per violation per child
Pillar 03

American AI Accountability Act

A four-tier risk-based framework — modeled on the EU AI Act but tailored to American constitutional and legal context.

  • Tier 1 — Banned: Government social credit scoring, real-time mass facial recognition by law enforcement, lethal autonomous weapons without human control, subliminal AI targeting vulnerable populations, predictive policing individual threat scores
  • Tier 2 — High-Risk: Mandatory independent bias audits for AI in hiring, lending, insurance, housing, healthcare, education, and criminal justice; right to human review of all automated decisions; disparate impact standard applies
  • Tier 3 — General AI: Content labeling and watermarking; ban on non-consensual intimate deepfakes; ban on unlabeled political deepfakes within 90 days of elections
  • Tier 4 — Open Research: Protect open-source AI; expand National AI Research Resource (NAIRR) to $500M+/year
Enforcement: New FTC Bureau of AI Accountability · Up to 4% of global annual revenue
Pillar 04

Digital Fourth Amendment Act

The Fourth Amendment's protection against unreasonable search and seizure cannot be rendered void by a commercial transaction. This pillar closes the data broker loophole permanently.

  • Federal agencies may not purchase data that would otherwise require a warrant
  • Warrant requirement for all government access to personal digital data
  • Ban on real-time facial recognition in public spaces by law enforcement
  • Moratorium on predictive policing individual threat scoring
  • Section 702 reform: require individualized court orders for surveillance of U.S. persons
  • Encryption protected by statute: prohibit backdoor mandates, client-side scanning, and key escrow
  • Suppression remedy for evidence obtained in violation of these protections
Enforcement: DOJ Civil Rights Division · Suppression remedy · Private right of action
Pillar 05

Digital Competition & Fair Markets Act

Tech monopoly is not the result of superior innovation. It is the result of strategic acquisition, self-preferencing, and the use of monopoly power in one market to foreclose competition in others.

  • Structural separation for dominant platforms ($100B+ market cap operating in multiple digital markets) — cannot own the marketplace AND compete in it
  • Interoperability mandates for messaging, social media, and marketplaces
  • Data portability as a right — your data follows you
  • App store reform: 15% commission cap on first $1M, 10% thereafter; sideloading required
  • Ban on self-preferencing as a per se antitrust offense
  • Merger moratorium for dominant digital platforms
  • Section 230 reform: retain core protection for user content; algorithmic amplification carveout for platforms above 10M monthly active users; quarterly transparency reports
Enforcement: DOJ Antitrust Division + FTC · Structural separation orders · Antitrust fines
Pillar 06

Federal Right to Repair Act

Americans should be able to fix what they own. Manufacturer software locks and warranty voiding for independent repair transfers wealth from consumers to corporations and creates needless waste.

  • Manufacturers must provide repair parts, tools, diagnostics, and manuals at fair and reasonable prices
  • Ban on parts pairing — software locks that prevent the use of functional replacement parts
  • Ban on warranty voiding for independent repair
  • Agricultural equipment: absolute right to repair with no software locks during planting or harvest seasons
  • Medical devices: full access for hospitals and independent biomedical technicians
  • Repairability score required on packaging for devices over $500 (modeled on the French Repairability Index)
Enforcement: FTC + State AGs · $50,000 per violation · FTC sued Deere in 2025 — this builds on that precedent
Pillar 07

Net Neutrality & Universal Broadband

The open internet is infrastructure. Broadband is a utility, not a luxury. After the Sixth Circuit stripped FCC authority in January 2025, only an act of Congress can protect net neutrality. This is that act.

  • Net neutrality codified by statute — no throttling, no fast lanes, no paid prioritization, ever
  • Broadband reclassified as an essential utility with service guarantee of 100/100 Mbps minimum
  • State bans on municipal broadband preempted — communities can build their own networks
  • $50 billion Universal Broadband Fund (priority: tribal lands, rural areas, low-income urban communities)
  • Affordable access mandate: $30/month at 100/100 Mbps for subsidized ISPs with no data caps
Enforcement: FCC with statutory Title II authority · $100,000 per violation per day for throttling
Pillar 08

Digital Public Infrastructure

The internet was built with public money. Public infrastructure should remain in the public interest. This pillar builds the open, democratic digital commons that private platforms have failed to provide.

  • Modern federal digital identity to replace the SSN — voluntary, privacy-preserving, using zero-knowledge proofs (modeled on Estonia's eID)
  • Data Dividend Fund (modeled on Alaska Permanent Fund) funded by data use tax and AI training fees — annual dividend paid to every American adult
  • Federal grants for platform cooperatives and decentralized alternatives
  • Fund open-source protocols: AT Protocol (Bluesky), ActivityPub (Mastodon), and others
  • NAIRR expanded to $500M+/year for public AI research
  • Mandatory 72-hour breach notification with federal cybersecurity minimum standards
Enforcement: CISA cybersecurity standards · FTC breach notification · Data Dividend funded by data use tax
Pillar 09

Platform Worker Protection Act

DoorDash median pay: $11/hour. Post-Prop 22 California drivers: approximately $6.20/hour after expenses. Platform misclassification is not a business model innovation — it is wage theft at scale.

  • Federal ABC Test for platform workers: workers are employees unless the company proves all three prongs — company freedom from worker control, work outside usual course of business, and independent enterprise
  • Portable benefits for genuine independent contractors: health coverage, retirement, and paid leave follow the worker regardless of platform
  • Algorithmic transparency in work assignment, pricing, pay calculation, and deactivation decisions
  • Anti-retaliation protections for workers who challenge classification or report violations
  • Ban on platform-funded ballot measures overriding legislatively enacted worker protections (the Proposition 22 model is explicitly prohibited)
Enforcement: Department of Labor + State Agencies + FTC + Private Right of Action
Section 06

How We Pay For It

Most of this platform is enforcement and regulation — not spending. The major expenditures are offset by enforcement revenue and the economic value of the digital economy they enable.

Federal Privacy Act Enforcement Revenue
4% of global revenue fines; $1,000–$5,000 per violation per person through private right of action. Self-funding through enforcement.
Children's Digital Safety Enforcement Revenue
$50,000 per violation per child; enforced by FTC and state attorneys general. Penalties scale to behavior, not budgets.
AI Accountability Act Enforcement Revenue
4% of global revenue fines for violations; private right of action for individuals harmed by unaudited high-risk AI systems.
Digital Fourth Amendment Net Savings
Eliminates government data broker purchases — currently hundreds of millions annually in warrantless surveillance spending.
Digital Competition Act Enforcement Revenue
Antitrust fines; structural separation reduces consumer overcharges worth tens of billions annually. App store reform redirects fee revenue to developers.
Right to Repair Net Savings
Reduces consumer costs by enabling repair competition. Agricultural savings alone estimated in the billions annually. FTC enforcement self-funds through fines.
Net Neutrality + Broadband $50B one-time investment
Chattanooga's municipal broadband achieved a 4.42:1 return on investment — $2.69B in economic benefits. The $50B fund is self-sustaining within a decade.
Digital Public Infrastructure $500M+/year (NAIRR)
Data Dividend Fund funded by data use tax and AI training fees — the tax is levied on the extraction of value that currently goes uncompensated. Self-sustaining.
Platform Worker Protections Minimal direct cost
DOL and FTC enforcement. Portable benefits funded by platform contributions — not the federal budget. Proper classification eliminates Medicaid subsidization of gig economy labor.
Section 07

Implementation Timeline

Change of this scale requires phased implementation. The sequencing prioritizes executive action first, foundational legislation second, structural reform third, and infrastructure investment fourth.

Phase 1 — Executive Action

Months 1–6

  • Executive order: moratorium on facial recognition by federal agencies
  • Halt all government data purchases from brokers
  • FTC Big Tech enforcement elevated to top priority
  • Net neutrality bill introduced in Congress

Phase 2 — Foundation Legislation

Months 6–18

  • Federal Digital Privacy Act signed into law
  • Children's Digital Safety Act enacted
  • Right to Repair Act passed
  • FTC AI Bureau and Digital Markets Bureau established

Phase 3 — Structural Reform

Years 2–3

  • AI Accountability Act enacted
  • Digital Competition Act and structural separation orders
  • Section 230 reform with algorithmic carveout
  • Net neutrality codified by statute
  • NAIRR expanded to $500M+/year

Phase 4 — Infrastructure & Labor

Years 3–5

  • Platform Worker Protection Act enacted
  • Digital public infrastructure funded
  • Data Dividend Fund operational
  • Structural separation of dominant platforms completed
  • Digital ID pilot launched

Phase 5 — Full Implementation

Year 5+

  • Universal broadband achieved
  • Open protocols mature and widely adopted
  • Data Dividends begin annual distribution
  • Full enforcement regime operational
  • Annual public enforcement reports published
Section 08

Addressing Counterarguments

The arguments against digital regulation are largely recycled from prior industries — tobacco, finance, pharmaceuticals — that resisted oversight with identical claims. Here is the evidence.

"Regulation stifles innovation."

The EU passed GDPR in 2018, the DMA in 2022, and the AI Act in 2024. It has not experienced innovation collapse. What it has experienced: platforms that must compete rather than foreclose, users with actual rights, and enforcement generating billions in fines. California has banned non-competes for 150 years — and produced Silicon Valley. The real innovation killer: research shows that tech giants' market dominance creates "kill zones" that suppress venture capital investment by six times in adjacent markets. Monopoly is the enemy of innovation.

"Privacy regulation hurts small businesses."

GDPR's primary weakness has been the compliance burden on small and medium enterprises, which averaged $1.7M in compliance costs. The Federal Digital Privacy Act directly addresses this with simplified compliance requirements for companies under 500 employees and $50M in revenue. Core rights — consent, deletion, no sale of sensitive data — apply to everyone. The administrative burden is calibrated to business size; the rights are not. The goal is to make compliance simple for small businesses and inescapable for large ones.

"Section 230 reform will censor free speech."

The reform is surgical. Core Section 230 protection is retained: platforms are not liable for content users post. The carveout applies only to algorithmic amplification — when a platform's recommendation engine actively promotes content to users. Hosting is protected. Algorithmic promotion is an editorial choice, not passive hosting. The threshold of 10 million monthly active users ensures small platforms and open-source communities are entirely unaffected.

"Encryption backdoors are needed for law enforcement."

72% of cryptography experts confirm there is no such thing as a backdoor only the "good guys" can use. Weakening encryption weakens it for everyone — including the 80% of Americans who received a data breach notification in 2024. The Columbia and MIT "Bugs in Our Pockets" study is definitive: client-side scanning creates mass surveillance infrastructure that cannot be limited to specific targets. Strong encryption protects individuals, businesses, critical infrastructure, and national security. The answer to law enforcement needs is better traditional investigation, not broken cryptography.

"AI regulation will put the U.S. behind China."

China has already regulated AI — 190+ models registered under its Algorithm Registration system. The EU has the AI Act. The U.S. is the outlier in having enacted nothing. A national framework provides legal certainty that actually accelerates responsible development; regulatory ambiguity chills investment. The NAIRR expansion to $500M+/year ensures public research keeps pace with commercial development. Responsible AI development is a competitive advantage, not a handicap.

Section 09

Key Statistics

The following statistics underpin the policy positions in this document. Each is sourced from peer-reviewed research, government data, or established investigative reporting.

0 federal laws The U.S. has no comprehensive federal data privacy law — the only major democracy in this position Source: IAPP
€5.65 billion Cumulative EU GDPR fines across 2,245 enforcement actions since 2018 Source: GDPR Enforcement Tracker
$323 billion Global data broker industry — built primarily on harvesting personal data without meaningful consent Source: Data Bridge Market Research
89.9% Google's share of global search; 94.9% on mobile — declared a monopolist by federal court in August 2024 Source: StatCounter / DOJ ruling
34.7% Facial recognition error rate for dark-skinned women, vs. 0.8% for light-skinned men — a 43-to-1 disparity Source: MIT Gender Shades study
45% vs. 23% COMPAS algorithm false positive rate for Black defendants vs. white defendants in criminal sentencing Source: ProPublica Machine Bias investigation
250M+ devices Fog Reveal: police access to data from 250+ million devices at $9,000/year — no warrant required Source: EFF investigation
2× depression risk Teens spending 3+ hours per day on social media face double the rate of depression symptoms Source: U.S. Surgeon General report
24–45 million Americans still lacking adequate broadband — disproportionately rural, tribal, and low-income communities Source: FCC Broadband Progress Reports
4.42:1 Return on investment from Chattanooga's municipal broadband — $2.69B in economic benefits from the public investment Source: University of Tennessee at Chattanooga study
$6.20/hour Post-Proposition 22 take-home pay for California rideshare and delivery drivers after expenses Source: UC Berkeley Labor Center
91 changes Platform product changes documented as a direct result of the UK's Age Appropriate Design Code — proving regulation works Source: UK Information Commissioner's Office
Section 10

Cross-References

Digital rights and technology policy intersect with nearly every other position in this platform. The following cross-references identify the most significant dependencies and complementary policies.

#2 Taxation The data use tax and financial transaction tax on digital trading fund the Data Dividend Fund and digital infrastructure investments.
#3 Housing Algorithmic price-fixing ban covers rent-setting algorithms like RealPage, which coordinated rent increases across landlords nationwide.
#12 Criminal Justice Predictive policing ban, facial recognition restrictions, and regulation of COMPAS-style risk assessment algorithms address racial bias in automated criminal justice tools.
#13 Labor & Minimum Wage Gig worker protections, AI in employment decisions, algorithmic wage-setting, and non-compete agreements are addressed across both issues.
#14 Trade Policy Data localization requirements and cross-border data transfer rules in trade agreements affect both privacy protections and digital market access.
#16 Reproductive Rights The sensitive data sale ban explicitly protects reproductive healthcare access. Location data from abortion clinic visits has already been commercially available and used to target patients and providers.
#18 Voting Rights Deepfake election integrity rules, political ad transparency requirements, and campaign finance digital regulations directly connect to voting rights protections.
#20 Corporate Power & Antitrust Tech antitrust provisions build on the general corporate power framework. CINA (Corporate Independent National Authority) provides independent research capacity for both issues.
"The internet was built with public money, on open protocols, by researchers at public universities. A handful of corporations captured it. This platform reclaims it — for the people it was always meant to serve."
— The Common Good Party
Paid for by The Common Good Party (thecommongoodparty.com) and not authorized by any candidate or candidate's committee.