Facebook and other social media websites collect data that you voluntarily supply, like your age, employer, relationship status, and where you live. These sites also often track what other places you visit online and what apps you use. The sites then use that information to sell advertisements. This practice sounds relatively harmless, but after revelations in March 2018 that a political data firm, Cambridge Analytica, improperly harvested and used 87 million users’ personal data, the way Facebook and other websites treat personal information has been under increasing scrutiny.
In response to the scandal, Facebook said it was simplifying and centralizing its privacy settings to make it easier for users to change how much personal information they share. But can users rely on Internet companies to self-regulate when it comes to privacy? Most experts think not.
So, a regulatory crackdown both at the federal and state levels when it comes to online privacy is looking more likely, and necessary.
Following the Cambridge Analytica debacle, Facebook CEO Mark Zuckerberg admitted to House and Senate lawmakers in April 2018 that Facebook hadn’t done enough to protect the privacy of its 2.2 billion users’ data. He also promised that the company is now committed to safeguarding people’s data. But rather than relying on Internet companies to police themselves, the public is starting to demand that lawmakers introduce—and pass—laws that address Internet privacy.
On April 10, 2018, around the time that Zuckerberg talked to House and Senate lawmakers about data privacy issues, two Democratic senators, Ed Markey (Massachusetts) and Richard Blumenthal (Connecticut), introduced a bill that would protect Americans' personal information from such privacy breaches. The proposed law is called the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act.
The CONSENT Act (S. 2639) is designed to be a privacy bill of rights. It would require the Federal Trade Commission to establish basic protections for the customers of online providers like Facebook and Google.
If passed, the legislation would require providers to:
On April 10, 2018, the bill was referred to the Committee on Commerce, Science, and Transportation. To keep tabs on the progress of this bill, go to Congress.gov, the official website for U.S. federal legislative information.
On April 12, 2018, Senators Amy Klobuchar (D-Minnesota) and John Kennedy (R-Louisiana) announced a plan to introduce a similar bill designed to protect the privacy of consumers’ online data. And on January 17, 2019, they introduced the Social Media Privacy and Consumer Rights Act (SB 189), bipartisan legislation that would protect the privacy of consumers’ online data.
Also, two other bills that address online privacy are pending before the Subcommittee on Digital Commerce and Consumer Protection in the House Committee on Energy and Commerce:
Unfortunately, none of the proposed laws discussed here have passed and are hung up in committee. If you’re concerned about privacy laws and your online data, advocate that Congress pass laws to protect you.
A few states, like Illinois and California for example, have laws addressing privacy, while in others privacy laws are being proposed.
Social media websites often collect biometric facial data, usually for photo tagging. In 2008, Illinois enacted the Biometric Information Privacy Act (BIPA). This law requires companies to:
The law also allows consumers to sue companies that don’t comply with these requirements, which has led to numerous lawsuits, including suits against Facebook.
States with similar laws. A few other states, like Texas and Washington, have passed comparable laws and some states are currently considering laws based on BIPA. (To learn about state laws related to Internet privacy, see the National Conference of State Legislature’s website.)
A proposed amendment, though, could gut the Illinois law. A proposed amendment (SB 3053) to BIPA would create several exceptions to the laws, including an exception for:
These exceptions, if allowed, would severely water down the law and permit many companies to bypass the law's requirements. Digital privacy advocates, including the Electronic Frontier Foundation, have opposed SB 3053, calling it a serious attack on personal privacy. Though, because the amendment was proposed before the Cambridge Analytical scandal broke, it now seems unlikely to pass.
To follow the progress of the amendment, go to the Illinois General Assembly website.
As of January 1, 2020, the California Consumer Privacy Act gives Californians the right:
The law will also impose penalties on companies that don’t comply with the law.
Again, if you’re concerned about privacy laws and your online data, advocate that Congress—and your state legislature—pass laws to protect you. Also, be sure to read the privacy settings for each social networking and other websites you use, and make all of your pages as private as possible.
Keep in mind that you don’t have to give all of your personal information in your social media profiles—so don’t—and don’t blindly accept privacy policies without reading them. If you don’t agree with a policy, don’t accept it.
February 28, 2019