On January 21, 2019 The French Data Protection Authority (DPA) found a lack of transparency when it came to how Google has been harvesting and using personal data for ad-targeting purposes resulting in a fine of $57 million levied by France’s National Data Protection Commission. This is only the beginning of such penalties as governments seek to protect their citizens from ever increasing privacy infringements by companies. The European Union is leading the way in privacy law, but the US is not far behind.

On May 25, 2018 the General Data Protection Regulation (GDPR) went into effect providing the EU a national law governing each EU member state and their citizens data. The GDPR set out 7 key principles to be applied to the processing of personal data:

1. Lawfulness, fairness, and transparency
2. Purpose limitation
3. Data minimization
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability

The US has numerous data privacy regulations spanning all 50 states. California recently created the California Consumer Privacy Act (CCPA), which will be effective January 1, 2020. The CCPA applies cross-sector and introduces sweeping definitions and broad individual rights, and imposes substantial requirements and restrictions on the collection, use and disclosure of personal information.

The US Federal Trade Commission (FTC) has jurisdiction over a wide range of commercial entities under its authority to prevent and protect consumers against unfair or deceptive trade practices, including materially unfair privacy and data security practices.[1]

On September 25, 2018 the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a request for comments on a proposed approach to consumer data privacy with the following key principles:

1. Transparency
2. Data subject control
3. Minimization
4. Security
5. Access and accuracy
6. Risk management
7. Accountability

As a data subject, I’m in support of the new laws and protection of my personal information. Ever since my kids were old enough to have their own mobile devices, I would remind them that once they put data out there, it never goes away.

These new laws give me some semblance of security for not only my children, but all of us. After all, isn’t that that what creating new data privacy laws are intended to do; protect the subject person?

This is all part of the consumer driven or individualized experience we desire, and data is what makes this possible. This individualized experience comes at a price; we want this precision, but we also want businesses to protect and treat our data like it’s their own.

Where does this leave us? In my opinion, the businesses using the data are responsible to protect and secure it and to be completely transparent to the data subject. It’s our responsibility, the data subjects, to make well informed decisions of what information we share.

[1] 2019 DLA Piper “Data Protection Laws of the World”

BACK TO BLOGS