U.S. Lawmakers Need to Consider Overarching Data Privacy Law

For much of the past decade, data privacy has been a big issue. Ever since information was unveiled on how major tech companies (and other companies) use the information gleaned from their users, there has been a cross-section of people who have started to fight back against it. Unfortunately for Americans, this hasn’t resulted in an overarching data privacy law that protects people and their personal data. This month, we’ll look at the data privacy environment and discuss why there haven’t been any moves by U.S. lawmakers to protect data privacy.

What Is Data Privacy?
If you are an American, you could be forgiven if you didn’t know what data privacy is. Up until recently, it hasn’t really been a consideration. We jest, but in all seriousness, data privacy hasn’t really been a peak consideration when it comes to the internet-using consumer. Effectively, data privacy is the act of respecting the privacy of information that is given to a company or outside organization in confidence. If this seems like it should be something that warrants overarching legislation to protect the data privacy of individuals, you aren’t wrong, but the U.S. congress has been reticent to do anything about it.

While there are more conversations by lawmakers and business owners today about protecting people’s privacy, there is still an overwhelming amount of major too-big-to-fail businesses that make a lot of money by trading consumer data. Unfortunately, these revenue streams do more to win elections than they do sponsoring consumer protection, and that’s where we are today.

Now, you should know that there are U.S. laws that protect data. One could argue that we have too many of them; so many that the average American might know a few of them but have no idea what the federal government is doing to protect their data. With today’s practices, a person’s whole identity is just a series of data points. You have a name, a social security number, an address, a driver’s license number, a bank account number, etc. and they identify you as you.

Without that information, who are you?

And that is precisely why data privacy is so important. If the businesses you encounter, including your doctor and your bank, can actively trade your personal information for profit, how are you in control over your identity?

Data Privacy Laws
As mentioned above there are a lot of laws on the books that protect a consumer’s privacy in America. The problem is that they have no idea that they are being protected and therefore don’t have the knowledge or the resources to challenge businesses that overstep the boundaries of ethical behavior. With so many companies not playing by the rules, and with no real oversight, and few consumers doing anything to stop them, there have been calls for larger-scale federal regulation over the way that businesses can interact with consumer data.

For decades now, the line coming from Washington was that it is impossible to create a data protection regulation that has teeth enough to stop businesses from taking advantage of consumers; and, frankly, most people believed them until the European Union, a political entity larger than the United States, enacted the General Data Protection Regulation (GDPR) that effectively changed the way that businesses operating in EU countries handled consumer data.

The establishment of the GDPR showed that business use of consumer data any which way they please could be reined in, especially as it levied over $1 billion in fines of American businesses that operate in the EU and refused to change the way they handle consumer data. Amazon’s $877 million fine in 2020 is still the largest ever paid for the five-year-old regulation. In fact, the GDPR regulators hadn’t imposed fines the first two years of the regulation, giving businesses a chance to change their processes. Companies like Amazon, Google, and Meta didn’t, and are now on the hook for tens and hundreds of millions of dollars in regulatory fines every year.

If they are operating like that in a regulatory environment where they know fines are coming, imagine what they are doing in a commerce-driven society where there is little consumers can do to protect their personal and financial information. If you look at it like that, it’s scary.

Where Do We Go From Here?
The first blow to this corporate monopoly on consumer data was struck by the State of California with their California Consumer Privacy Act (CCPA) that follows the directive set forth in the EU GDPR and sets up a consumer-friendly framework that defines personal information and gives the consumer an avenue to pursue statutory damages should their data be used improperly.

California’s law was followed by Virginia passing a comprehensive data privacy law followed by many other states, some of which were able to ratify a data privacy law, some of which only made incremental changes to current laws. Either way, it seems that the people of the country are starting to realize that keeping all their personal data from being exposed is their responsibility, but unfortunately that hasn’t made a lot of headway on Capitol Hill.

Arguments Against Data Privacy
In today’s day and age, it seems curious that there are so many arguments against enacting a consumer-protection law that pops up from lawmakers, let’s look at a couple.

One argument against data privacy is that if a person has nothing to hide, then you shouldn’t have any concern for your privacy.

This seems to be the line from the lawmakers who can barely use a computer. It’s just an antiquated argument used to disparage people with a motive to protect their personal information. With the threat landscape the way it is, not one person could be blamed for wanting to take full control over their data privacy. Suggesting that the only people who need privacy are the people doing something unethical, seems laughable. If you take everything into account, the money that lawmakers get from businesses who profit off a lack of data privacy could be viewed as more unethical than the person just wanting to take control over their personal data.

Another major argument is that privacy prevents the marketplace from functioning efficiently; and, that the more a company knows about their customers the better they can service them.

First, this is true. The more a business knows about a person, the better they can serve them. Unfortunately, by gaining information through a third party or through means that don’t include the customer willingly giving the information over to them, they are breaching privacy. If a customer wants to willingly give over information—and most people do—that’s all well and good, but there should be protections in place to keep organizations from being able to acquire personal information that isn’t directly provided by the consumer.

Data privacy is a big issue nowadays and you can expect to see more in the way of legislation to counteract the actions of the tech companies with the deepest pockets who make a fortune off the collection and sale of information like this.

If this issue intrigues you, give us a call at 844.671.6071 to talk to one of our IT experts about how to secure your network to avoid the myriad of threats that are out there today, and what you can do to take more control over your data privacy.