The New York Times recently did a deep dive into the United States’ lack of a national data privacy law and why it matters, and we want to drill down on some key points here.
The article describes the four basic areas of a user’s data privacy that should be protected as a minimum, and calls these areas the “floor” of any future national privacy law onto which other protections could be built over time. It’s a nifty metaphor.
Four basic areas make up the privacy law “floor”:
- Data collection and sharing rights – This is your fundamental right to clearly see what personal data companies collect, share and sell about you; your right to ask a company to delete any personal data you don’t want them to have; and your right to demand a company stop sharing your personal data.
- Opt-in consent – This is where a company, not you, does the heavy lifting with your privacy, by asking you whether they may collect, share or sell your data to third parties. Opting out takes the user a lot of time and effort and is about as effective as a game of ‘whack a mole’; opting in on the other hand puts the onus on the company. But opt-in isn’t easy to implement, which is why global opt-out functions like the Global Privacy Control are a popular stopgap, even seeming acceptable under the California Consumer Privacy Act. The GPC and other tools like it allow you to opt out at the browser or device level, not the site level.
- Data minimization – Many companies collect, share and sell swathes of information about their users. This protection would pare back the data a company can collect about you to only the basics required for them to deliver their product or service to you.
- Non-discrimination and no data-use discrimination – The final plank in the basic data privacy “floor” would protect you from being discriminated against for exercising your right to privacy. This means you couldn’t be charged more for opting out (or not opting in) and you couldn’t be offered incentives such as discounts and coupons for opting in, for example. This requirement would also prevent companies from discriminating against users based on personal characteristics, such as religion, race or gender.
In addition to this four-plank “floor”, the experts interviewed for the NYT article would like to see:
- a more comprehensive data breach notification law, to standardize who gets notified and some common standards for doing so
- a private right of action or the right of a person to sue a company that violates their privacy
- strong, well-funded enforcement agencies and resources
- privacy by default so apps come with the strictest built-in privacy without the user having to do anything, unless they want to opt-in to certain settings.
Anonyome Labs agrees with the four-plank data privacy law “floor” and the regulatory extras proposed by the privacy community in this article. We also recognize that a national privacy law and a uniform approach to these requirements may still be a long way off, which is one reason why we created MySudo – to give you the power to determine with whom you share your personal information.
Photo By: Zerbor