Tech Companies and Privacy Law
By Matt Brennan
When we write a message to another party and send it, we traditionally expect that message to remain private. Likewise, we expect to maintain control over personal data and where it is collected, stored, or used by another party. We do not expect third-party involvement when we hand our data over online.
Every day, these expectations are increasingly challenged. Laptops, smart phones, tablets, watches, and IoT devices add to the complexity of digital privacy as they grow their platforms and offer users more convenience and service. The number of smart devices will more than double from 2017 to 2020, according to Forbes.
It’s already increasingly difficult to opt out of this web of digital transparency, where data breaches and hacking are increasingly prevalent. Trust in companies like Facebook, Google, and Amazon is increasingly down. While there are tremendous social benefits to all this technology, all you have to do is flip on the news to understand that there is a cost.
What’s Being Done to Protect Consumers?
Europe introduced General Data Protection Regulation (GDPR) in May of 2018, as a way to provide consistent protection of consumer and personal data across all European Union nations. It takes steps like requiring subject consent for data processing and anonymizing the collection of data to protect privacy. It also requires data breach notifications, and safety in handling the transfer of data.
GDPR was designed to safeguard the handling of EU citizens’ data to better protect its residents. Any company that handles EU data is subject to regulation of this law, regardless of their location.
The California Consumer Privacy Act (CCPA) is set to come into law in January of 2020. It gives consumers the right to tell businesses that they cannot collect information about you, your children, or the devices that you use. The law will hold businesses responsible for protecting data and personal information.
Could a US Federal Privacy Law Happen?
While it’s sometimes tough to imagine much being done, there are signs of agreement between Democrats and Republicans that something needs to happen in the wake of Facebook’s role in the 2016 election.
An FTC task force is studying anti-competitiveness within the tech industry. State lawmakers have been looking into Facebook data collection methods. There are also drafts of various data protection bills that have floated their way through congress.
The climate has clearly changed following multiple data breaches from large American corporations, that expose consumers’ personal data. The role that Facebook played in the 2016 elections has also caught legislators’ attention. In the past when this subject has come up, the focus has been on putting the burden on consumers to take initial steps to protect their data. That focus is shifting to put more responsibility on the corporations that handle consumer data. It may be hard to keep consensus within Congress on this issue, after the California law comes into effect. It can also be hard to maintain any level of agreement through a split congress.
But there is always a chance that something could happen in a small window.