Why America Needs a Thoughtful Federal Privacy Law

You want Congress to write a national "privacy policy"? I can see it now. Corporations, henceforth, may only use your data "as permitted by law."

Here is a simple solution to much of this: for an EULA or privacy policy to be enforceable, the company must be able to demonstrate that the user 1) had REALLY read the policy, 2) UNDERSTOOD the policy, and 3) AGREED to the policy. This is the standard used for informed consent in research and healthcare. This would mean things like presenting the policy one screen at a time forcing each page to display long enough for average reading speed. It also implies that the user must pass a quiz on the material. Any question the get wrong means that provision is not enforceable. This, of course, would destroy e-commerce if companies stick with their current policies. It would force them to come up with simple and uniform wording and policies.

Any effective US privacy law must also include meaningful protections for privacy professionals. It is not uncommon for some organizations to marginalize or drive out their privacy professionals in response to the legal advice that they provide. Unfortunately, regulators do not have the skills nor the resources to address this type of compliance challenge. Additionally, enforcement mechanisms are not robust enough to force compliance. As with other compliance regimes, transparency will increase compliance. We need to democratize enforcement through transparency (like breach notification) and create an enforcement mechanism in the private marketplace. Rewarding a whistleblower an award should s/he prove retaliation is one way to protect privacy professionals. If privacy professionals are not protected, then data is not protected.

Oh, for heaven’s sake! The laws of the nation must place man above machine. All tracking, correlating, collecting of data about citizens must stop. Advertising and marketing that is personalized in any way and especially via collected data is amoral per se.

Protecting our privacy from a company that just wants to profit off it is necessary. One enormous fine should be to share those profits with the owners of the information they sell.

America needs thoughtful legislation and regulation like a fish needs water but that won't be happening until some time in an imagined future where legislators aren't politicians.

The author is conflating at least two different issues in this article, which should be regulated differently. One component is the aggregation of de-identified information (eg looking at the frequency of search terms by location) and the other is aggregation of personally identifiable information (eg targeted ads). I suspect that there is a lot that can be done with the former eg AI algorithms for cancer detection, risk for diabetes, traffic, etc., whereas for the latter, not so much. The only reason that a company needs personally identifiable information is to sell you stuff. I’m pretty sure that most people would be happy to provide their data if it was completely and reliably de-identified. Facebook and many other companies have made a fortune selling other peoples data; the healthcare industry has figured out how to do this without the need for anyone’s name, email address, or social security number because they are focusing on patient outcomes rather than ad dollars...

We don’t need a thing. I’ve used google and all their various search, email, mapping and other free services for twenty years now and have never read their privacy policy or cared about it. They provide free (to me) and valuable services. If you don’t like them, don’t use them. The only thing privacy laws will do is strengthen the power of Google Facebook Amazon and others like GDPR has done because only they have the resources to comply.

During the 1980s, cocaine sales was growing faster than the stock market. So based on that, by your logic, cocaine should be legal? Whether an industry grows or not should not be the primary basis for such a critical national policy.

This op-ed is very obviously written by a corporate shill. Stifling innovation? Please- selling doctors prescribing practices so drug companies can target the pushers is not "innovation." And yet the supreme Court held in IMS v sorrell that the first amendment somehow protects that "speech" (except of course, it's not speech as speech conveys a message; raw data isn't speech). The real issue with meaningful data legislation is the same issue in all of American politics - all three branches of government are completely in the pocket of corporate America, and meaningful data privacy regulation would cut off the biggest emerging market they have. This op-ed is yet another example of their massive influence.

Good article on an important topic. Privacy protection for personal data must become the default. People who wish to opt out should be able to by taking explicit actions to do so. Tech management will always try to claim that it is a choice between privacy and innovation and/or consumer features. But we are not stupid, we know what it's really about for them: profits. Unfortunately, I don't see any meaningful privacy protection legislation enacted while the GOP is in control of either chamber of congress or the WH. After all, their true constituency is the rich and powerful. Data leeches included.

Mr. Lefkowitz does a fair job of presenting the corporate-centric view of privacy. As for users, not so much. Indeed, not much of anything. Be "thoughtful" he says. I can see it now in the updated privacy statement: "The corporation is always very thoughtful about your privacy." (...every time we are taking all your data.) Frankly, that doesn't seem very....helpful.

Good luck! Now that the a average driver thinks signaling turns is an invasion of privacy, common sense is out the window in this post truth world that’s knocking on our door. Signal your intentions, but don’t answer the door.

Perhaps what is needed is a clear acknowledgment that any data generated by or about a person is the absolute property of that person - like a copyright. Those profiting from the use of our data must then share the profits with us.

The notion of consumer privacy “agreements” that users click on to accept is fundamentally flawed. Users are in no position to understand the terms of those agreements, and are therefore not competent to decide. Instead, all such agreements should be reviewed and approved by the Consumer Protection Board, based on criteria established by law, through a transparent process. Now that would privacy legislation that we can believe in.

“....Finally, the law must not be so burdensome that it cuts off innovation and economic opportunity.“ Innovation in what—ripping me off? Controlling what information I see? Data is unfathomable, unprecedented power; gathering it is itself an abuse, whether by a research hospital or by Facebook. We should demand technology that’s designed for us to use, not technology that’s designed to use us.