The Electronic Privacy Information Center (EPIC) recently released a report on the current state of privacy, outlining how current state laws fail to protect citizens.
What happened
EPIC recently evaluated 14 states that have passed consumer privacy laws. None of those 14 states earned an A, and nearly half failed.
Many companies select and store consumer data. While this isn’t necessarily nefarious, companies can be at risk of a cyberattack or data leak, which can result in mass amounts of data being sold or exposed.
Currently, most states have industry-friendly laws that allow companies to collect data without much limitation. Furthermore, lobbyists from Amazon, Meta, Microsoft, Google, and other tech giants impact many privacy laws, resulting in weaker regulations.
Going deeper
The state doing the best, California, earned a B+ rating. EPIC granted this high score because California does the following: has a privacy agency, a one-button push deletion mechanism, and allows consumers to hold companies accountable in court for data breaches.
Some states earned an F rating, including Texas, Indiana, Virginia, Utah, Tennessee, and Iowa. EPIC cited the low ratings were because of the following reasons:
- Companies aren’t held accountable for breaking the law.
- Companies can collect any data they want and use it how they want.
- It is difficult and tedious for consumers to opt out of data collection
While the data likely doesn’t spark confidence in consumers, EPIC believes states can change course. The organization believes a strong consumer privacy law would:
- Impose data minimization obligation on companies. Entities would have to limit their data collection to better match consumer expectations.
- Strictly regulate all uses of sensitive data, including health data, biometrics, and location information.
- Establish civil rights safeguards and prevent harmful profiling of consumers.
- Provide enforcement and regulatory powers to ensure rules are followed.
- Ensure consumers can hold companies accountable for violations in court.
Why it matters
Americans are becoming more privacy-aware, especially as cyber-attacks and data leaks become more prevalent. Companies now face more class-action suits and public criticism for failing to keep data safe.
If states can enact stronger privacy laws, it can hopefully end some of the ambiguity consumers face and create clearer standards and accountability for companies.
What was said
In the executive summary, report writers Caitriona Fitzgerald, Kara Williams, and R.J. Cross, wrote, “Despite data collection and sales being a multi-billion-dollar industry propagated by some of the most powerful companies in the world, the U.S. has no federal privacy law.” While many states are passing laws that aim to protect privacy, most are falling short. “These laws largely fail to adequately protect consumers.”
EPIC remains hopeful that progress can be made, “A better future is possible.” The organization stated that some states, including Illinois, Maine, Massachusetts, and Maryland are in the process of creating strong legislation. “We can have a strong technology sector while also protecting personal privacy. And states can lead the way.”
The big picture
Our growing online environment has spawned increased privacy concerns that aren’t easily resolved. It will take time for legislation to catch up to the needs of consumers. Even so, it’s important for legislators to create privacy laws independently without the pressure of tech giants. As more states begin to create legislation, some states will likely develop stronger laws to better protect consumers.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
