Why it’s important to protect the privacy and security of American consumers
Giugno 2, 2023
With more products being connected to the internet, Wirecutter, a product review website, is now including detailed sections on privacy and security features in their reviews. The data collected by these devices can be sold, shared, and even hacked, which emphasizes the importance of understanding the risks associated with using such products. Unfortunately, there is currently no comprehensive federal law in the United States that regulates how most companies collect, store, or share customer data.
The majority of the data economy surrounding common products and services is invisible to consumers. As data is passed between various third parties, there is an increased risk of data leaks and breaches that can cause harm. Recent incidents have demonstrated the potential dangers, such as the use of app data to expose individuals or the US government purchasing location data from a prayer app. Moreover, data breaches, like the one experienced by T-Mobile, can affect millions of people, even those who don’t have an account with the company.
Companies today gather massive amounts of data about individuals, often without their knowledge, and this data can be used in ways that are harmful. Data privacy laws can provide individuals with rights to control their data, but poorly implemented laws can maintain the status quo. There is an opportunity to create a better internet and a more privacy-protective world.
Currently, privacy laws in the US are fragmented and cover specific sectors or populations. Laws like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA address specific types of data or certain populations, leaving the data collected by many products unregulated. In most states, companies can use, share, or sell collected data without notifying the individuals affected. National laws lack standardization regarding breach notifications and limitations on data sharing by third parties.
Only three states in the US have comprehensive consumer privacy laws: California (CCPA and CPRA), Virginia (VCDPA), and Colorado (ColoPA). These laws provide individuals with certain rights, such as the ability to know if their data is being sold, the option to opt out, and the right to access, delete, correct, or move their data. California’s privacy protections are considered the strongest in the US, while Virginia’s law has been criticized for its opt-out consent approach that benefits big data-gathering companies.
Other states, such as Massachusetts, New York, North Carolina, and Pennsylvania, have privacy proposals under consideration. However, the existence of various state laws can generate confusion for both companies and consumers. Privacy experts emphasize the need for a federal law that establishes consistent standards and ensures individuals understand their privacy rights.
Experts suggest that consumer data privacy laws should provide basic protections such as rights to control data collection and sharing, opt-in consent, data minimization, and nondiscrimination. Additionally, a comprehensive data breach notification law is needed. Enforcement mechanisms, including private rights of action, are essential to hold companies accountable for privacy violations, especially for marginalized communities that historically have not been able to rely on public institutions for protection.
Overall, the goal is to establish a baseline of privacy protections that can be built upon as new technologies emerge. With adequate enforcement, regulatory resources, and legal protections, a comprehensive approach to privacy can be achieved.
Cristian Nardi Founder of the Guaranteed Privacy with over 15 years of experience in the Online Reputation Manager