fbpx

Data and Consumer Privacy

DATA AND
CONSUMER PRIVACY

Policy Note

The new digital economy presents a myriad of opportunities for individual consumers and companies to achieve better products, services, and information.

As the economics of personal data and access to personal data grow, there is a need to better understand and communicate the importance of how data is collected, shared, and used to provide consumers with products and services that improve their lives.

In this policy note, the Consumer Choice Center presents several recommendations to lawmakers and regulators in key jurisdictions, hoping to better inform the next generation of legislation related to data and consumer privacy. This builds on our previous primer on consumer privacy and data security, released in 2019.

EXECUTIVE SUMMARY

Several legislative efforts on data brokers, privacy, and data collection have been implemented in states such as California and Vermont, as well as the General Data Protection Regulation in the European Union, but they take the position of taking it more complex and convoluted to handle consumer data for firms and consumers alike.

These existing data laws limit the opportunities for consumers and entrepreneurs to benefit from the exchange of data that have proven integral to providing value in all of our lives, especially in the midst of a pandemic. What’s more, these rules often target entrepreneurs and legal businesses while downsizing the significant impact of piracy, hackers, and criminal activity.

What consumers need and want from the data economy are high levels of assurance when it comes to privacy, stewardship, accessibility, encryption, and portability. Many private-sector solutions exist, and we should champion the best to provide the best options for consumers. We should also try to avoid laws that would encourage frivolous lawsuits, create a patchwork of rules across jurisdictions, and facilitate identity and intellectual property theft.

In this policy note, the Consumer Choice Center presents several recommendations to lawmakers and regulators in key jurisdictions, hoping to better inform the next generation of legislation related to data and consumer privacy. This builds on our previous primer on consumer privacy and data security, released in 2019.

RECOMMENDATIONS

  • Champion Innovation

  • Defend Portability

  • Allow Interoperability

  • Embrace Technological Neutrality

  • Avoid patchwork legislation

  • Promote and allow strong encryption

WHAT TO AVOID

In California, the Consumer Privacy Act of 2018 requires that companies calculate the value of individual data, provide opt-outs, require companies to inform consumers if their data is being sold, allow consumers to request data be deleted (right to be forgotten), and allow consumers access to the data collected by said firms in readable formats.

Vermont’s privacy law requires companies to inform consumers of data breaches directly, and also prohibits some forms of targeted advertising specifically when it comes to students.

Both of these laws contain elements of the EU’s GDPR, which has now been in effect for close to 3 years. As has been noted by several analysts, the enormous compliance costs and efforts have meant a significant reduction in both investment and market activity from small and medium-sized firms that relate to data. What’s more, European users have since been cut-off or blocked from using many services outside EU jurisdiction as firms are avoiding running afoul of the strict regulation. That has resulted in fewer products and services able to European citizens.

These previous attempts at privacy laws are flawed for the following reasons:

First, many parts of these laws stymie and prevent innovation. By making it more difficult and costly for firms to handle consumer data, companies are less incentivized to invest resources in innovative consumer services and offerings, resulting in less consumer choice and a higher barrier of entry for new competitors.

Second, at least in the cases of Vermont and California, these laws create a patchwork of regulation that makes compliance difficult or nearly impossible for firms operating in both the national and global marketplace, thereby driving up costs and depriving consumers of these firms’ services irrespective of which state they reside in. A national law or widely adopted (and ideally global) industry self-regulation, which protects consumer privacy and also champions innovation, would be preferred.

Third, calculating data value for each and every firm’s customer and detailing every aspect of how that data is used is nearly impossible, vastly increasing costs for services that will inevitably be passed on to consumers.

Fourth,  these laws do not take into consideration existing business practices that already provide adequate consumer and data protection, and have thus been used as industry standards. They also thwart innovation practices such as targeted advertising, geo-targeting, and personalization, which consumers prefer.

Last, each of these privacy laws further emboldens litigiousness, sparking new lawsuits and trials that would serve to vastly increase the cost of normal consumer products and services.

CHAMPION INNOVATION

Considering that thousands of firms have both safeguarded and used consumer data responsibly, lawmakers should seek to create clear and uniform rules that respect current standards, allow innovation, and provide clarity to both firms and consumers. Privacy rules that place an undue burden on companies following the law, rather than target the most blatant examples of data breaches and impropriety, will end up raising the cost of doing business and thus raise prices for consumers.

There should be recognition that consumers willingly give data to firms in order to receive a final service or good that will be useful to them. As long as proper procedures are followed, and no data is leaked or changes hands without authorization, there should be no additional regulatory requirements that would serve to complicate a consumer’s voluntary relationship with a firm.

DEFEND PORTABILITY

Consumer-friendly data portability should be a reasonable standard applied to most firms that complete data transactions. Most of today’s firms allow personal data to be exported for review, but should also remain confidential and secure to avoid potential exploitation. If portability standards are kept too lax, this would be an invitation to hackers and pirates looking to profit from identity or intellectual property theft. 

Given the fast pace this environment changes, industry standards might be a more agile way of enforcing portability as compared to regulation.

ALLOW INTEROPERABILITY

Where necessary, firms should be incentivized to maintain open data standards that can be used between platforms where necessary. However, considering the fast-moving nature of data structures and standards, lawmakers should avoid favoring a particular method of data collection or export, whether that be JSON, HTML, or otherwise. 

Rather, a broad principle of “technological neutrality” would allow the best standards to naturally evolve rather than be arbitrarily determined by regulatory bodies. Enforcement of interoperability standards would therefore be agreed to by firms handling data, and not necessarily determined by law. Consumers should ultimately decide if they want a service or product that either allows interoperability or not. The wide acceptance of apps and standards such as Apple CarPlay shows that most companies favor such standards that allow consumers to benefit by “plugging in”.

EMBRACE TECHNOLOGICAL NEUTRALITY

Because standards and technologies change so quickly, lawmakers should avoid legislation that favors a particular method or technology in data privacy rules. Applying a uniform rule on the format or process of technology would serve to limit the amount of innovation and natural evolution that currently defines our existing tech sector.

In all cases, legislation should embrace and encourage competition and consumer preference to determine the best technology. Technology changes too quickly and too much regulation might limit new technologies and standards from emerging as fast as they could within a more flexible framework.

AVOID PATCHWORK LEGISLATION

Due to the ever-growing consumer base across both state lines and international borders, state-by-state regulations that would impose different rules on different residents should be avoided. This patchwork of legislation would increase the cost of delivering services in an efficient manner, and would likely stunt the availability of various products or services to consumers in various jurisdictions.

As such, a broad and agile uniform standard should be agreed to at the federal level, rather than individual states or municipalities.

PROMOTE AND ALLOW STRONG ENCRYPTION

The use of encryption by both individuals and firms is essential to our digital rights online. Many legislative proposals since the 1990s have attempted to outlaw cryptographic methods of securing and encrypting data. Most of these proposals have been justified on national security and law enforcement grounds. That said, existing laws on judicial warrants and Fourth Amendment protections apply to firms, and there is no reason to believe that a ban on encryption would make this easier or more productive. 

Lawmakers should recognize citizens’ rights to encrypt and protect information and should extend this to the proprietary encryption methods that firms and companies use that serve their customers. Protecting rights to encryption is a safe and effective method to ensure consumer and data privacy can be upheld, whether that be medical data, personally-identifiable information, or financial data.

CONCLUSION

As we have outlined, there are examples of existing laws on data and consumer privacy that go far beyond the scope of consumer protection. Often, these laws service to thwart innovation and slow down the progress that firms and companies can deliver to their customers. What’s more, a regulatory approach that is far too restrictive or cumbersome will serve large incumbent players that can afford the additional costs while locking out start-ups and new competitors.

If the legislative recommendations of championing innovation, defending portability, allowing interoperability, embracing technological neutrality, and protecting strong encryption are followed, consumers can be assured that their data and information can be protected, kept secure, and can be responsibility utilized by firms and companies to provide all of us with the value that we seek.

READ THE FULL POLICY NOTE HERE

AUTHORS:

<a href="https://consumerchoicecenter.org/team/yael-ossowski/">Yaël Ossowski</a>

Yaël Ossowski

Deputy Director
<a href="https://consumerchoicecenter.org/team/david-clement/">David Clement</a>

David Clement

North American Affairs Manager

MEDIA HITS:

New Privacy Bill Aims to End Government’s Grip on Americans’ Financial Data

The Saving Privacy Act, aimed at curbing federal surveillance of Americans’ financial data, is gaining momentum. Backers argue the government has overreached, violating privacy rights without effectively targeting criminals. Provisions include repealing key financial reporting laws and strengthening Fourth Amendment protections. Supporters highlight the need to protect personal financial...

Read More

Data breach exposes pitfalls of customer identification regulations

One of the most consequential bank hacks of the last few years was just revealed to the public. In a post uploaded to its website two weeks ago, the Arkansas-based Evolve Bank and Trust informed its customers that a “cybersecurity incident” involving Russian ransomware group LockBit resulted in the theft of...

Read More

Peretasan Pusat Data Nasional dan Pentingnya Melindungi Data Pribadi

Beberapa waktu lalu, jutaan warga Indonesia dikejutkan dengan berita diretasnya Pusat Data Nasional (PDN). Adanya kejadian tersebut menyebabkan menjadi terhalangnya berbagai layanan publik dasar dikarenakan pusat data yang tidak bisa diakses, mulai dari pembuatan paspor, proses imigrasi otomatis, hingga layanan beasiswa pendidikan. Peretas PDN tersebut juga meminta uang tebusan...

Read More

CCC Concerns Over MCMC’s Licensing Requirement for Social Media Companies

KUALA LUMPUR, 31st July 2024 — The Malaysian Communications and Multimedia Commission’s (MCMC) recent directive for social media companies to register for a license is concerning, potentially paving the way for censorship and suppression of free speech. This policy could hinder open discourse and stifle dissenting opinions, posing a...

Read More

The latest troubling data hacks underscore the futility – and danger – of excessive KYC/AML rules

Three years ago, I opened a column by running through a number of damning data hacks and leaks that looked terrible at the time: On a Monday, there is a data leak affecting half a billion Facebook accounts, by Tuesday a bot has scraped 500 million LinkedIn accounts. On...

Read More

In Pursuit Of “Corporate Transparency,” A Mass Doxxing Of LLCs Puts Financial Freedom And Privacy At Risk

Beginning this year, any individual with shares in an American domiciled company will be required to submit identifying information to FinCEN. This record collection from the US Treasury Department’s Financial Crimes Enforcement Network is intended to “curb illicit finance” by requiring a national database of every “beneficial owner” of an LLC. As stipulated...

Read More
Forbes

European Threat To End-To-End Encryption Would Invade Phones

European lawmakers have been implementing a way to circumvent end-to-end encryption to address child sexual abuse material (“CSAM”) – what some activists term the “Chat Control” law. End-to-end communication guarantees that if you communicate with someone, only a receiving device will be available, and the sending device can decrypt...

Read More

New Privacy Rights Act Exempts Government and Gives More Power to the FTC

Data privacy talk in Congress seems kind of ironic coming just a week after lawmakers rejected a proposal to make federal authorities get a warrant to search Americans’ electronic communications. But in keeping with that move, the American Privacy Rights Act—a draft data privacy bill that will be getting a...

Read More

Consumer Choice Center’s comment on the US government’s proposed KYC regulations for cloud servers

Earlier this year, the US Department of Commerce proposed a sweeping regulatory rule that would force cloud service providers to collect and retain personal information on their users, particularly those based outside the United States. This regulation, prompted by President Joe Biden’s Executive Orders on the “National Emergency With...

Read More

Experts Agree: ByteDance is Beholden to the CCP and Cannot Be Allowed to Exploit Americans’ Data

H.R. 7521, the Protecting Americans from Foreign Adversary Controlled Applications Act, is bipartisan legislation that will protect Americans by preventing foreign adversaries, such as China, from targeting, surveilling, and manipulating the American people through online applications like TikTok.   Here’s what experts and top voices are saying about the bill:  Speaker of...

Read More

Why does Ted Cruz want to empower Biden’s radical FTC?

Data privacy is an increasing concern for consumers and tech advocates alike. Lawmakers from both the Republican and Democratic parties know this, and it’s why the Informing Consumers about Smart Devices Act, being championed by Sen. Ted Cruz (R-TX), is receiving bipartisan support. Cruz says this bill would “inform” consumers about smart devices with “spying” capabilities, but...

Read More

Technological neutrality is the best mechanism of cyber security and protects consumer data privacy

KUALA LUMPUR, 26 th June 2023 – The Consumer Choice Center (CCC) emphasizes theimportance of governments supporting and maintaining technological neutrality in putting inplace the best mechanisms for cybersecurity systems and consumer data protection. Representative of the Malaysian Consumer Choice Center, Tarmizi Anuwar said: “Technologychanges very quickly and faster...

Read More
Scroll to top
en_USEN

Follow us

Contact Info

712 H St NE PMB 94982
Washington, DC 20002

© COPYRIGHT 2024, CONSUMER CHOICE CENTER