Fight For Your Right to Data Privacy

In 1973, the U.S. Supreme Court struck down a Texas statute banning abortion, effectively legalizing the procedure across the United States. In the landmark Roe v. Wade case, the court held that a woman’s right to an abortion was implicit in the right to privacy protected by the 14th Amendment to the Constitution.

In the midst of a global pandemic, the mask mandates have sparked another 14th Amendment and right-to-choose controversy. Americans who are vehemently opposing the requirement to wear masks at work, in government and public places, and on any type of public transportation are citing the 5th and 14th Amendments. “The government cannot deprive us of our life, liberty, or property without due process of law.”  The right to liberty includes the right to make choices about one’s health and body.

“Freedom” and “Right to Choose” are among the buzzwords of 2021.  More than ever before (or maybe just more evident given the availability of the online soapboxes at our disposal) individuals and groups are taking a stand and championing for their rights.

Data Privacy is a Right!

Data privacy is a fundamental right.  When you engage in online activity or share your data with a company who has requested it to provide products or services, you have the right to trust that your personal data will be handled with care and safeguarded against misuse.  At the very least, you should have the right to be informed when your personal data will be, is being, or has been, collected and shared.

But in many cases, that’s not happening.  Your data is collected, bought, and sold by hundreds of companies – from big tech to advertisers to data brokers – without your knowledge or consent.  Everywhere you go and everything you do online leaves digital breadcrumbs that form an entire digital profile (exposing more personal data than you can even imagine) that is for sale without your knowledge or consent. That data is used to influence the information you see, how you spend your time and money, the prices you pay for products and services, and even how you vote!

Data Privacy vs Data Security

You may think you are taking the necessary precautions to secure your data – using complex passwords, installing a VPN (Virtual Private Network), deploying biometric authentication on your mobile devices. But data security and data privacy are two different sides of the coin. Security refers to the ways we protect ourselves, our property and personal information. It’s the first level of defense against unwanted intruders. Data Privacy is our ability to control access to our personal information.

The global pandemic has shifted how we work, shop, and interact, heightening data security risks and exposing your personal data more than ever before.  Results of a recent poll released by the Associated Press-NORC Center for Public Affairs Research and MeriTalk revealed that most Americans don’t believe their personal data is secure online. Half of Americans believe their private text conversations aren’t secure, and 64 percent say their social media activity is not very or not at all secure. About the same number of respondents have similar security concerns over online information sharing their physical location.

Consumers aren’t just concerned about companies collecting their data; they are worried about how their data may be compromised or sold to other parties. And they should be! Just this year alone, there have been multiple incidents that have compromised Americans’ personal data.

Most recently, the Federal Trade Commission (FTC) issued a warning that health apps and devices that collect or use personal health information must comply with rules requiring them to notify consumers if their health data is leaked. “Digital apps are routinely caught playing fast and loose with user data, leaving users’ sensitive health information susceptible to hacks and breaches,” said FTC chair Lina Khan.

On August 17, mobile data provider T-Mobile disclosed that their systems were breached and that data of millions of their current and former customers was compromised. The hackers obtained users names, SSNs, addresses, dates of birth, and driver’s license/ID information.

According to security firm Risk Based Security, there were 1,767 publicly reported breaches in the first six months of 2021, which exposed a total of 18.8 billion records.

In the U.S., the data collected by the vast majority of products people use every day isn’t currently federally regulated and many companies are pretty much free to do what they want with the data, unless a state has its own data privacy law. But in most states, companies can use, share, or sell any data they collect about you without notifying you that they’re doing so. Furthermore, if a company shares your data (even sensitive data, such as your health or location) with third parties, those third parties can further sell it or share it without notifying you.

And don’t even get me started on privacy policies! The entire U.S. Constitution is only 4,543 words. Most privacy policies contain never ending paragraphs of legalese that people don’t understand and takes a lot of time to read through. It’s even more challenging when using a mobile device! If you are like the majority of us mere mortals, you’re not taking the time to read these lengthy and complex disclosures.

Data Privacy Champions

“With great power comes great responsibility.” This often-repeated adage popularized by Stan Lee’s writing in Spider-Man applies to anyone who collects and manages sensitive information, identity, and personal data.  Spider-Man, like many comic book superheroes, is diligent about protecting the identity of his alter-ego, Peter Parker. He represents you, the consumer, who has the power to safeguard their your own privacy and identity in new ways. New laws and policies are being proposed and enacted by federal and state legislatures to help you fight for your right to protect your personal data.

In November 2020, the California Legislature passed the Consumer Privacy Rights Act (CPRA), which goes into effect on January 1, 2023. The CPRA amends and expands the existing California Consumer Privacy Act (CCPA) that was effective January 1, 2020. The CPRA clarifies that people can opt out of both the sale and sharing of their personal information to third parties. Some disparate states are following in California’s footsteps.

New York is taking steps to enact its own consumer privacy legislation. The state’s Data Economy Labor Compensation and Accountability Act would establish the Office of Consumer Data Protection to create and enforce data protection rules. The New York law would tax Google, Facebook, and other companies for using and monetizing consumer data. Another bill that just became law on August 29 in New York regulates data collected by food delivery apps. That law goes into effect in December.

Colorado recently enacted a new comprehensive data privacy law, the Colorado Privacy Act (CPA), which goes into effect on July 1, 2023. The CPA extends consumer data protections and business compliance obligations in a manner similar to California’s Consumer Privacy Act.

Ohio also recently introduced a comprehensive consumer privacy bill, the Ohio Personal Privacy Act (OPPA). The OPPA outlines multiple consumer rights, including rights for access and deletion, as well as an opt-out right for the sale of personal data.

The federal government is taking steps toward passing an overarching bill to legislate consumer data. The Social Media Privacy Protection and Consumer Rights Act is designed to protect and empower consumers by allowing them to make choices about how companies use their data and inform them of how they can protect personal information. It would also require social media platforms to provide service agreements written in simple terms users can understand when agreeing to using the platforms. In addition, if passed, the bill will require websites to notify users within 72 hours if their website suffers a data breach.

Europe is way ahead of the U.S. with their single piece of legislation, the General Data Protection Regulation (GDPR), which provides the strongest protections established for consumer data. The GDPR requires companies to ask for some permissions to share data and gives individuals rights to access, delete, or control the use of that data.  Privacy activists have been championing for a U.S. GDPR-style federal privacy law to replace the multifarious federal and state laws in place at present.

The mix of laws the U.S. does have are designed to target only specific types of data in special circumstances and go by acronyms like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, VPPA.  How many of you did (or will) drop those terms in a Google search, because not only does the average American not  know what all those acronyms mean, they have no idea what rights they do and don’t have under them.

Even as laws governing data remain ever evolving, what I’m championing for is that consumers will be the superheroes in this story when they take back control over their own data. 

You can start defending your data today by practicing the following data privacy tips from the National Cyber Security Alliance (NCSA):

Share with care. Think before posting about yourself and others online. Consider what it reveals, who might see it and how it could be perceived now and in the future.

Own your online presence. Set the privacy and security settings on websites and apps to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information.

Think before you act. Information about you, such as the games you like to play, your contacts list, where you shop and your geographic location, has tremendous value. Be thoughtful about who gets that information, and understand how it’s collected through websites and apps.