Data privacy is a leading concern today. Cybercrime has reached astronomical heights, and companies can monitor your activity and sell your information. These consumer tracking practices are common but can be concerning, so what do data privacy laws say about them.
Businesses can legally do a lot with their customer’s data, but there are restrictions. As data concerns grow, more regulations may emerge, too. Here’s a closer look at these consumer data privacy laws and what they allow.
Federal Consumer Tracking Laws
The U.S. currently has
no comprehensive federal data privacy law, despite attempts to enact one. However, federal regulations do restrict what some companies can and can’t do with certain types of information.
One of the most familiar but most misunderstood of these data privacy laws is the Health Insurance Portability and Accountability Act (HIPAA). HIPAA aims to protect health information by restricting how medical professionals, hospitals, insurers and similar parties can disclose it. Notably, that doesn’t apply to all businesses or all data.
The Fair Credit Reporting Act (FCRA) includes restrictions on who can access your credit score. Only people with “permissible purpose,” like landlords and insurance companies, can legally see and use it.
The Children’s Online Privacy Protection Act (COPPA), as the name implies, protects children’s data online. Websites and online services aimed at children under 13
must follow specific guidelines, such as getting parents’ consent before collecting data and letting them review and delete it.
The Federal Trade Commission (FTC) also holds companies accountable for any privacy policy they post. If a website says it won’t collect certain information or use it in a specific way, they legally have to abide by those guidelines.
State Consumer Data Privacy Laws
While there isn’t an overarching federal consumer data privacy law, many state laws govern consumer tracking. At least
four states have comprehensive data laws, and others have introduced similar bills.
The California Consumer Privacy Act (CCPA) is the oldest of these and has set a precedent for similar legislation in other states. The CCPA
gives California residents several privacy rights, including:
- The right to know what data companies collect and how they use it
- The right to delete this data
- The right to opt-out of the sale of this data
The Colorado Privacy Act (CPA) and Virginia Consumer Data Protection Act (VCDPA) give consumers similar rights. Businesses must inform users of their data practices and give them the option to opt-out. Companies must also minimize the consumer data they collect. If what they gather doesn’t make much sense for their business to hold, it may be illegal.
Notably, these data privacy laws apply to more than just businesses based in their respective states. If a company somewhere else does business in the state or collects data on its residents, they must also comply.
Other Laws and Regulations
Just as state laws sometimes apply outside of their states, regulations from other countries can apply to U.S. companies. Most notably, businesses with data on European citizens must comply with the European Union’s General Data Protection Regulation (GDPR). These rules are similar to California’s Consumer Privacy Act, requiring transparency, opt-out clauses and deletion if requested.
New laws will likely emerge before long, too. As
malware threats have increased and data breaches have become more common, how companies store and use consumer data has come under scrutiny.
Government data gathering practices, in particular, will likely see increased regulation. People have called out federal agencies for their consumer tracking programs, especially over immigrants, who make up as much as
20% of the population in some states. As discussions over these issues continue, businesses and governments can expect more laws.
How Can Companies and Consumers Protect Their Privacy?
While data privacy laws are becoming more common by the day, many are open to interpretation. Businesses need to determine which regulations they fall under and how they comply with them, and consumers may want to do more to protect their privacy.
Companies should stay up-to-date on emerging consumer data privacy laws. Since some businesses likely fall under multiple, it’s best to aim for the most stringent applicable regulation. It’s better to enact strict privacy measures and not need them than not to have them and receive a hefty fine.
Consumers in some areas can choose to tell companies to delete or not sell their data. No matter where you are, you can
use VPNs to encrypt your data and prevent tracking, even from government agencies. Remember that no security measure is perfect and nothing online is 100% secure, so try to limit the information you enter or post online.
Consumer Data Tracking Can Be Complex
Consumer data privacy laws are relatively new, so they can be difficult to navigate. What constitutes illegal data tracking depends on the area, industry and data in question.
As data privacy issues become more prominent, more comprehensive legislation will appear. Until then, consumers and businesses alike can adopt safer data practices to become as safe as possible, regardless of what the law requires.