The Facebook scandal involving personal data mishandled by Cambridge Analytica has raised concerns over the privacy of the information we share on our social media accounts.
Some countries have gone as far as to legislate Internet data privacy with laws granting the “right to be forgotten.”
Yet Facebook CEO Mark Zuckerberg says we don’t need such regulations here in the states. Is he right?
This is a Reality Check you won’t get anywhere else.
It’s an unsettling thought: your personal data, being manipulated on a global scale. Where you live, what kind of car you drive, how many children you have, what food you eat, how much you money you earn, what clothes you wear, how you exercise, the list goes on and on.
While other countries are tightening laws on Internet privacy and how corporations can use your data, such as the UK’s data protection law with its “right to be forgotten,” the United States seems to be stuck in the 1980s on the issue.
In California, privacy is a right in the state constitution. “Privacy” was added to the state’s “inalienable rights” by the legislature in 1972.
And though California has been a leader in privacy, the last meaningful update to the state’s privacy laws was in the 1980s, long before today’s technology.
For context, Census data shows that in 1989, 15 percent of American households owned a computer.
Today, according to Pew Research, 77 percent of Americans have a smartphone—a computer in their pocket or purse.
And in 2015, those smartphone owners used about 27 smartphone apps per month, according to Statista.
You know you don’t. And yet, a California-based group called the Californians for Consumer Privacy has raised concern about how our information is collected and sold.
From that group came the California Consumer Privacy Act. The act is intended to not only hold major corporations making $50 million per year or more responsible for their consumers’ data, but also giving Californians the right to know where and to whom their data is being disclosed or sold, and if their data is being properly protected.
There’s nothing in California today that allows users see what data has been collected on them. And data is being collected everywhere you go.
From the checkout at Target, to your Facebook account, browsing the Internet or even just walking on a city street—credit cards are being swiped, messages are being shared, and cameras are recording.
So are the rules of how businesses use your data fair and respectful of your privacy?
One of the key aspects of the California Consumer Privacy Act is a right of action against companies that store data but have not taken reasonable steps to secure that data. That means consumers can sue companies that didn’t protect their data.
What exactly “reasonable steps” means needs to be fleshed out in the courts, but there are plenty of examples of companies that didn’t take “reasonable steps” until after data was compromised.
From December 19, 2013, “Target says hackers breached its system and stole 40 million credit card numbers.”
From September 18, 2014, “Almost immediately after word broke that Home Depot had been hacked, security experts were noting that the breach was likely even worse than the massive Target that had preceded it.”
From October 2, 2014, “JP Morgan just revealing that an August data breach could affect 76 million households.”
From February 5, 2015, “One of America’s largest health insurers, Anthem, this morning confirmed a massive data breach. Reports say hackers may have stolen up to 80 million records. No credit card or medical information is in danger, but Social Security numbers, birthdays and addresses may have been compromised.”
What you need to know is that when we provide information to a corporation, we establish a relationship.
We believe the corporation will use our information for the purpose of their service. Once your information is outside of the intended use, it’s nearly impossible to control it.
And third party sharing of your data allows it is be used, shared and disseminated without any control on your part. Big data is powerful force in the United States. But should big data be allowed to do whatever it wants with your information. If not, how do we, as the public, get some control back?