If you were wondering when the United States would have legislation like Europe’s GDPR (General Data Protection Regulation) on protecting data privacy, you may not have to wait for long.
There is a suggestion that at least a draft data protection policy may be presented in the U.S. Congress as early as the first quarter of the next year.
It is too early to say how strict it would be and what penalties the policy will propose, but having a law to curb the kind of misuse of personal information by such reputed companies like Facebook and Google is in the minds of citizens and politicians alike.
A Bipartisan Policy Could Be Drafted
There’s a Consumer Protection, Product Safety, Insurance and Data Security subcommittee within the US Senate which had a preliminary discussion on this subject, and Jerry Moran, the chairman of this subcommittee who represents the Republican Party and Richard Blumenthal, a Democratic senator, are expected to be working together on drafting the policy which, once debated, may take the form of a bill and then law.
There may be some sticking points in the proposed law, particularly on aspects like which wing or department of the federal government must be entrusted with the task of overseeing the implementation of the legislation and, more importantly, on the type and scale of penalties to be imposed for those in violation.
Enough Concerns Already Raised in All Quarters
While there was a practical outrage when the Facebook-Cambridge Analytica scandal broke out and a campaign was launched online to delete the Facebook app itself, U.S. lawmakers reacted quickly and summoned Facebook CEO Mark Zuckerberg to depose before the Senate subcommittee.
Google CEO Sundar Pichai, too, is expected to appear before the U.S. House Judiciary Committee later this month on matters relating to how the company goes about collecting personal details of its customers and how it is used or misused.
There have been reports of Facebook’s involvement in certain actions described as political bias, and that too could be based on the way the company deals with the personal data stored on its servers and supposed to be protected by it.
The way it may pan out could be that the law will categorize data theft as one type of failure to protect the information in the possession of the organizations that collect them and the misuse of the data, where such details are shared with third parties for commercial purposes, without the consent of the individuals whose data is being shared.
Then, the question of civil penalties and other punitive actions may follow.
The State of California Already Has a Law
The U.S. state of California has recently passed a bill signed by Governor Jerry Brown on management of personal information.
This policy allows Californian citizens to exercise control over the way any organization collects information on them and how this is used/managed by them.
Moreover, the legislation permits the individual to ask the company to delete their data from the company’s servers when required and the companies have to oblige.
Now it is not clear what the fate of this California policy will be once there is a federal law in place.
Any Law Has to Dig Deeper
The fine line is where the companies claim they have obtained the permission of the individual for use of their personal information.
Any data privacy law may have to delve a little deeper into the nature of the consent to ensure that each customer is fully aware of what they are walking into.
The consent cannot be obtained under duress, like not sharing some information with the customer unless the customer divulges their personal details and secondly explicitly stating that the personal details will be shared by them with third parties.
One suggestion could be where the companies send communication to the customer each time it plans to pass on their details to a third party.
They can receive a “Yes” or “No” reply before doing so.
Today’s advancement in technologies definitely allows for such processes to be set. The provision to give the right to have one’s data removed from the possession of the companies as included in the law introduced in California is a start to this effort.