Social Media and Your Privacy Rights

Facebook's Cambridge Analytica scandal highlights the need for additional privacy laws.

Facebook and other social media websites collect data that you voluntarily supply, like your age, employer, relationship status, and where you live. These sites also often track what other places you visit online and what apps you use. The sites then use that information to sell advertisements. This practice sounds relatively harmless, but after revelations in March 2018 that a political data firm, Cambridge Analytica, improperly harvested and used 87 million users’ personal data, the way Facebook and other websites treat personal information has been under increasing scrutiny.

In response to the scandal, Facebook said it was simplifying and centralizing its privacy settings to make it easier for users to change how much personal information they share. But can users rely on Internet companies to self-regulate when it comes to privacy? Most experts think not.

So, a regulatory crackdown both at the federal and state levels when it comes to online privacy is looking more likely, and necessary.

Contract Law Typically Determines Your Privacy Rights

Currently, posted privacy policies—rather than specific federal or state laws—typically determine your privacy rights concerning the personal data that Internet-based companies collect on you. Facebook, for instance, has a privacy policy stating what it can and can’t do with your information. To use the site, you have to agree to the terms of the privacy policy.

Following the Cambridge Analytica debacle, Facebook CEO Mark Zuckerberg admitted to House and Senate lawmakers in April 2018 that Facebook hadn’t done enough to protect the privacy of its 2.2 billion users’ data. He also promised that the company is now committed to safeguarding people’s data. But rather than relying on Internet companies to police themselves, the public is starting to demand that lawmakers introduce—and pass—laws that address Internet privacy.

No National Privacy Law—Yet

On April 10, 2018, around the time that Zuckerberg talked to House and Senate lawmakers about data privacy issues, two Democratic senators, Ed Markey (Massachusetts) and Richard Blumenthal (Connecticut), introduced a bill that would protect Americans' personal information from such privacy breaches. The proposed law is called the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act.

The CONSENT Act

The CONSENT Act (S. 2639) is designed to be a privacy bill of rights. It requires the Federal Trade Commission to establish basic protections for the customers of online providers like Facebook and Google.

If passed, the legislation would require providers to:

  • notify users about the collection, use, and sharing of their personal information
  • obtain opt-in consent from users before the company could use, share, or sell users’ personal information
  • develop reasonable data security practices, and
  • notify users when breaches of their data happen.

To keep tabs on the progress of this bill, go to Congress.gov, the official website for U.S. federal legislative information.

Other Possible Federal Legislation

On April 12, 2018, Senators Amy Klobuchar (D-Minnesota) and John Kennedy (R-Louisiana) announced a plan to introduce a similar bill designed to protect the privacy of consumers’ online data.

Also, two other bills that address online privacy are currently pending before the Subcommittee on Digital Commerce and Consumer Protection in the House Committee on Energy and Commerce:

State Privacy Laws

A few states have laws addressing online privacy, while in others privacy laws are being proposed.

Biometric Privacy Law in Illinois

Social media websites often collect biometric facial data, usually for photo tagging. In 2008, Illinois enacted the Biometric Information Privacy Act (BIPA). This law requires companies to:

  • ask permission before collecting biometric data
  • list the reason and length of time a person's data will be stored, and
  • include those details in a written biometric privacy policy.

The law also allows consumers to sue companies that don’t comply with these requirements, which has led to numerous lawsuits, including suits against Facebook.

States with similar laws. A few other states, like Texas and Washington, have passed comparable laws and some states are currently considering laws based on BIPA. (To learn about state laws related to Internet privacy, see the National Conference of State Legislature’s website.)

A proposed amendment, though, could gut the Illinois law. A proposed amendment (SB 3053) to BIPA would create several exceptions to the laws, including an exception for:

  • companies that collect biometric data exclusively use for employment, human resources, fraud prevention, or security purposes
  • companies that don't directly sell, lease, trade, or similarly profit from selling biometric information, and
  • companies that store and transmit biometric data in the same way that they store and transmit other sensitive information.

These exceptions, if allowed, would severely water down the law and permit many companies to bypass the law's requirements. Digital privacy advocates, including the Electronic Frontier Foundation, have opposed SB 3053, calling it a serious attack on personal privacy. Though, because the amendment was proposed before the Cambridge Analytical scandal broke, it now seems unlikely to pass.

To follow the progress of the amendment, go to the Illinois General Assembly website.

Proposed Measure in California

In California, a proposed ballot measure for November 2018—the California Consumer Privacy Act—would give Californians the right to learn:

  • what personal information a business collects about them
  • to whom the company sells or discloses that data, and
  • the right to opt out of the sale of their personal information without affecting the services they receive.

The initiative would also impose strict penalties on companies that don’t implement reasonable security practices.

What You Can Do

If you’re concerned about privacy laws and your online data, advocate that Congress and your state legislature pass laws to protect you. Also, be sure to read the privacy settings for each social networking and other websites you use, and make all of your pages as private as possible.

Keep in mind that you don’t have to give all of your personal information in your social media profiles—so don’t—and don’t blindly accept privacy policies without reading them. If you don’t agree with a policy, don’t accept it.

April 25, 2018

Talk to a Lawyer

Need a lawyer? Start here.

How it Works

  1. Briefly tell us about your case
  2. Provide your contact information
  3. Choose attorneys to contact you
NEED PROFESSIONAL HELP ?

Talk to a Consumer Protection attorney.

How It Works

  1. Briefly tell us about your case
  2. Provide your contact information
  3. Choose attorneys to contact you