By Alan McQuinn
With Europe passing the General Data Protection Regulation (GDPR) — a pregnant slice of information protection legislation amongst global implications — too at i time California implementing a novel privacy law, coupled amongst several high-profile incidents involving companies exposing consumer data, at that topographic point is a growing force for federal information privacy legislation inward the United States.
What Is Data Privacy?
Data privacy laws define who is legally authorized to collect, store, too usage one’s personal information. These laws are intended to protect individuals from iii types of injuries that tin number from the violation of their privacy. First, impairment to one’s autonomy tin number when information a consumer considers sensitive too would prefer to continue private becomes populace through involuntary means. Second, discrimination occurs when personal information is used to unfairly deny a mortal access to something, such every bit housing, credit, or employment. Finally, economical impairment occurs when a consumer suffers a fiscal loss because of the misuse of his or her personal information, every bit happens inward cases of identity theft or fraud.
The Digital Economy Runs on Data
Creating stronger privacy laws is simple. But creating stronger privacy laws that do non undermine the digital economic scheme is much harder.
One argue it is hard is that a pregnant part of U.S. tech companies — both large too small-scale — receive got concern models that usage personal data. Contrary to what is oftentimes claimed, most companies do non genuinely sell personal data. Instead, they sell advertisers access to users without revealing their personal information. For example, Facebook sells advertisers access to users’ newsfeeds. Advertisers pay to gain an audience, such every bit middle-age women inward Nevada who similar dogs too running. In most cases, advertisers do non know who has seen their ads, alone that their ads receive got been placed inward front end of a specific grouping of people.
Consumers instruct many benefits from this arrangement. Most importantly, these online ads subsidize the costs of most of the complimentary too low-cost online services most consumers enjoy, such every bit email, news, social networks, games, music, too video. And consumers run across relevant ads that they are to a greater extent than probable to hold upwardly interested in.
The U.S. Approach to Data Privacy inward the Private Sector
The US does non receive got a unmarried federal information privacy constabulary for the private sector. Instead, the US has multiple privacy laws too regulators. Some laws do privacy rules for a specific sector, similar wellness attention or fiscal services, whereas others focus on providing specific safeguards, such every bit protecting children’s privacy.
The Federal Trade Commission (FTC) is the master copy regulator for consumer privacy. It has authorization to receive got activity against companies who engage inward “unfair or deceptive practices.” When companies do non continue their promises to protect consumer data, the FTC tin pursue enforcement actions against them.
In improver to federal information protection laws, states receive got created their ain privacy laws. For example, Illinois has created a privacy constabulary for biometric data, such every bit fingerprints or facial scans. The constabulary was too thus strict that some companies receive got had to boundary users inward Illinois from using their mobile apps because they included facial recognition technology. Other states receive got created laws that receive got national implications. For example, California requires websites to post a privacy policyif they procedure information most Californians — a requirement which has led most U.S. websites to issue a privacy notice.
Policy Implications
Many stakeholders desire to update federal information privacy laws to give consumers novel rights too to address problems amongst the novel laws inward the European Union too California. There are 5 of import policy goals that Congress should consider.
First, Congress should amend transparency. Unfortunately, privacy policies are written for lawyers — non consumers — because doing otherwise oftentimes exposes companies to penalties for non-compliance. Federal privacy rules should require clearer privacy notices.
Second, Congress should address concrete privacy harms, rather than hypothetical ones. Recent regime surveys demo phasing out the usage of Social Security numbers too replacing them amongst a secure alternative.
Third, Congress should amend enforcement. While the FTC has shown leadership on information protection, bringing over 500 cases since 1998, it needs to a greater extent than resources. In 2015, the FTC had alone 57 full-time staff working on these issues. Moreover, the FTC needs to a greater extent than authorization to penalize actions that impairment consumers to deter bad actors.
Fourth, Congress should consider the comport upon on innovation. If badly designed, every bit both the GDPR too California’s constabulary are, sure enough provisions inward privacy laws tin genuinely reduce the furnish of innovative technologies too services. For example, requiring companies to minimize the information they collect too alone collect it for predefined purposes tin severely trammel them from discovering innovative secondary uses of data. And high compliance costs coupled amongst lower promotion revenue tin undermine the concern model for complimentary online services.
Finally, Congress should preempt states from passing their ain conflicting information privacy laws. Consumers should receive got the same protections regardless of which the world they alive in, too companies should non hold upwardly faced amongst fifty dissimilar the world laws.
Alan McQuinn is Senior Policy Analyst at the Information Technology too Innovation Foundation.
Buat lebih berguna, kongsi:
