AXEL Network Products:

AXEL GO - share and store files securely.

LetMeSee - photo sharing app.

  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

AXEL.org

  • Network
  • Technology
  • Applications
  • Blog
  • About
    • Team
    • Press
    • Careers
    • Patents
  • Contact Us
  • Login
    • AXEL Go
    • AXEL Cloud

legislation

September 10, 2021

The State of Privacy Laws in the United States

In recent decades, privacy has become one of the most important issues on the minds of lawmakers. With the rise of digital devices that can track our every move, the desire for privacy is growing in an increasingly public society. And while many Americans have a general desire for “privacy,” the amount you receive is heavily dependent on where you live. While there are some federal privacy laws, most consumer privacy comes from state-level bills. And while some states have thorough, fair privacy laws on the books, the vast majority simply do not.

America’s focus on state-led privacy laws is in contrast to Europe’s lawmaking; the European Union’s main privacy law is the General Data Protection Regulation. Because of this, privacy in the E.U. is governed by this one law, and 92% of companies believe they can comply with every aspect of the law [1]. Because Europe has one overarching privacy law, it is much simpler to understand your privacy rights, whether as an individual or a business. Unfortunately, in the United States though, it is quite the opposite. Privacy laws in the country are currently a mishmash of federal and state laws that confuse and harm individuals simply trying to protect themselves.

A Barrage of State Bills

Simply put, U.S. privacy laws are so unorganized because there are so many of them. Even at the federal level, there isn’t an all-encompassing privacy law, but a collection of specialized laws. For example, the Health Insurance Portability and Accountability Act (HIPAA) protects medical privacy, and the Family Educational Rights and Privacy Act (FERPA) protects students, educators, and schools. When it comes to privacy rights, at least at the federal level, it really depends on your specific situation. Although laws such as HIPAA and FERPA do an adequate job of protecting privacy, they are far too specific to offer comprehensive privacy rights that extend to every facet of life.

While federal-level laws are specific to industries, some state-level laws provide all-encompassing privacy protections. Unfortunately, those state laws are few and far between. Only California, Colorado and Virginia have comprehensive data privacy laws [2]. These laws give consumers notice and choice regarding their data. For example, under these laws, a company must tell consumers if it is selling their data, and must allow consumers to access, move, or entirely delete that data. However, while these laws are certainly a good starting point for true consumer privacy, even these three bills are quite limited in effect.

Why are Privacy Protections so Poor?

While those three states have “all-encompassing” privacy laws, they still have glaring holes in protection. In every state except California, privacy laws specifically exclude a “private right of action,” or the ability to sue a business for privacy violations as an individual. Additionally, Virginia’s law has no civil rights protections and allows businesses to continue the status quo of collecting and selling consumer data [2]. It’s no wonder that Amazon lobbyists wrote the first draft of Virginia’s privacy bill [3].

For other states, the situation is even grimmer. States like Florida, Georgia, and others don’t allow consumers to opt out of data sharing. These two states also don’t even require government entities to ever dispose of your data [4]. Ultimately, most states have few genuine protections for consumers. For the most part, businesses can do whatever they please once they have your data. 

And due to strong lobbying by tech companies, it will likely remain this way in many states [2]. Big Tech companies pay millions each year to lobby lawmakers to write and support laws favorable to them. For example, Facebook spent nearly USD $20 million in lobbying in 2020, while Amazon spent USD $18 million [5]. And while this lobbying doesn’t come cheap, it’s a lot cheaper than allowing consumers to opt out of data sales. Ultimately, the reason why so many states don’t offer comprehensive privacy laws is because Big Tech doesn’t want them. Put simply, Big Tech is willing to pay big money to keep strong privacy laws off the books. 

So, What Can We Do?

In most states, it’s now up to individual businesses and firms to protect consumer data. And while Big Tech is unlikely to change any time soon, other businesses can still fight for consumer privacy. Taking simple steps like encrypting documents and backing up your data offline can substantially better protect your clients’ data. After all, Americans want privacy. By taking steps to protect customers and their data, businesses and firms can offer what Big Tech can’t: True privacy protections for their customers.

At an individual level, supporting businesses and firms that prioritize privacy is the best way to show support for strong privacy laws. Additionally, simply supporting federal or state laws that give genuine privacy rights to consumers is another great way to stand up for privacy rights. Since Big Tech wants to continue the status quo of endless data collection and sales, it’s up to individuals to support businesses and firms that offer what Big Tech can’t.

AXEL Supports Your Privacy

At AXEL, we believe privacy is a right. And unlike the Big Tech companies, we’ll never sell your data to third parties, ensuring your data is only yours. Our file-sharing and storage application, AXEL Go, uses blockchain technology and AES 256-bit encryption to provide the most secure file-sharing system in the industry. Whether for business or personal use, AXEL Go helps protect your (and your clients’) most important files.

Sign up here to receive a free 14-day trial of AXEL Go Premium. After the trial period, you can choose to continue your Premium account for just $9.99/month or use our Basic service free of charge. After all, our business is protecting your data, not collecting it. Together, we can help prioritize privacy rights across the country.

[1] Gooch, Peter. “A New Era for Privacy GDPR Six Months on.” Deloitte. 2018. https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/risk/deloitte-uk-risk-gdpr-six-months-on.pdf.

[2] Klosowski, Thorin. “The State of Consumer Data Privacy Laws in the US (And Why It Matters).” The New York Times. September 06, 2021. https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/.

[3] Birnbaum, Emily. “From Washington to Florida, Here Are Big Tech’s Biggest Threats from States.” Protocol. February 19, 2021. https://www.protocol.com/policy/virginia-maryland-washington-big-tech.

[4] McNabb, Joanne, and Paul Bischoff. “Internet Privacy Laws by US State: Does Yours Protect Online Privacy?” Comparitech. July 29, 2021.  https://www.comparitech.com/blog/vpn-privacy/which-us-states-best-protect-online-privacy/.

[5] Tracy, Ryan, Chad Day, and Anthony DeBarros. “Facebook and Amazon Boosted Lobbying Spending in 2020.” The Wall Street Journal. January 24, 2021. https://www.wsj.com/articles/facebook-and-amazon-boosted-lobbying-spending-in-2020-11611500400.

Filed Under: Legal, Privacy Tagged With: big tech, government, legislation, Privacy, privacy law

July 3, 2018

California Thinks It’s Fixing Data Privacy. It’s Not.

“Your move,” says the new California Consumer Privacy Act of 2018.

Except, this isn’t a game of chess—picture it more like a million-piece jigsaw puzzle called “Cats Around the World,” and it’s been spread out on your dining room table for the past twenty years and you’re only 40 pieces in.

(Sounds like a party, am I right?)

Here’s the thing: the data privacy law that was signed on Thursday by California’s Gov. Jerry Brown is a new piece of the data privacy jigsaw puzzle that has served as the U.S.’s means to protect its citizens’ privacy. It’s certainly a huge step in terms of improved privacy laws, but it’s not quite clear how it fits into the nation’s “big picture.”

So far, the U.S.’s privacy law game is patchwork and somewhat messy. We have federal laws like The Federal Trade Commission Act (FTC Act), the Health Insurance Portability and Accountability Act (HIPAA), and the Children’s Online Privacy Protection Act (COPPA), which are aimed at specific sectors, and we also have state statutes that are aimed at the rights of individual consumers. However, there is no single principal data protection legislation, which means the currently enacted laws don’t always work together cohesively.

And this adds to one big, confusing jigsaw puzzle with pieces that sometimes overlap and contradict one another.  

Up until now the timeline of such regulations have been slow and piecework. Most of our states are weak in terms of their data protection, with a few states—Florida and Massachusetts, for example—serving as “leaders” in data privacy regulations.

Already this year we’ve seen the EU’s General Data Protection Regulation (GDPR) going into effect, and we’ve also seen (way too many) data breaches in the states. The issue of data privacy is gaining notice throughout our nation and throughout the rest of the world, and now some of us are wondering: what does the future hold in terms of data privacy in the U.S.?

California’s sweeping law seems to be a good step in the right direction, but how does it fit into the rest of the puzzle?

An “Interesting” Piece, To Say The Least

California’s new privacy law will give consumers more control over their data and force data-holding companies to become more accountable and transparent.  The Act establishes the right of California residents to know what personal information about them is being collected and to whom it is being sold, plus the ability to access that information and delete it. Additionally, the Act will establish an opt-in consent for individuals under the age of 16.

It’s coming into effect in the wake of the new EU law that was enforced in May, and although it isn’t as extensive as the GDPR, it’s certainly proving to be a forerunner of U.S. privacy rights. 

However, the Act also had an interesting path—surprisingly, it didn’t face much opposition from major companies despite its fleshed out regulations.

Why not?

Because there was also a ballot measure—the California Consumer Personal Information Disclosure and Sale Initiative—that had been cleared for a vote in California in the fall, which would have proved to be an even greater challenge for companies due to its tighter restrictions and higher fines.

Major companies—like Facebook, Verizon, Uber, and Google, among others—were already lining up against the ballot, and some donated to the Committee to Protect California Jobs in a further effort to oppose it.

Leaders of the Committee to Protect California Jobs said in a statement, “This ballot measure disconnects California. It is unworkable, requiring the Internet and businesses in California to operate differently than the rest of the world…”

In the end, even though enough signatures were collected for the initiative to appear on the ballot, a compromise was reached instead. This resulted in the proponents withdrawing the initiative and the newly approved Consumer Privacy Act entering the world.

So, to sum up the story, the end result basically came about from many of the voters having to choose between “I don’t like this” or “I really don’t like this.”

…Which kind of sounds like the debate you’d have while shopping for the top two hardest bingo games at the store because it’s your great aunt’s birthday and she wants to party.

The “Puzzle” Thus Far: A Quick Data Privacy Timeline

The California Consumer Privacy Act arrives as a new and shiny addition to a slow and dusty timeline of U.S. privacy regulations.

Let’s take a quick peek at a timeline of some of our nation’s data protection laws:

1974 – Family Educational Rights and Privacy Act: restricts disclosure of educational records

1978 – The Right to Financial Privacy Act: restricts disclosure to the government of financial records of banks and financial institutions

1986 – Computer Fraud and Abuse Act: prohibits unauthorized access to obtaining financial information, causing damage, obtaining something of value, or affecting medical records

1986 – Electronic Communications Privacy Act: protects electronic communications during production, transit, and storage, and applies to email, telephone conversations, and data stored electronically

1988 – Video Privacy Protection Act: prohibits videotape sale and rental companies from disclosing data

1994 – Driver’s Privacy Protection Act: restricts states from disclosing state drivers’ license and motor vehicle records

2000 – The Children’s Online Privacy Protection Act: restricts collection of data from children under the age of 13

2003 – Health Insurance Portability and Accountability Act: protects and establishes standards for the electronic exchange and security of health information

Because the U.S. takes a sectoral approach to regulating privacy, many of the current regulations overlap in some areas while providing gaps in other areas.

For example, the Family Educational Rights and Privacy Act (FERPA) generally covers data like student immunization and medical records, but it sometimes conflicts with COPPA, which only protects data for children under the age of 13.

With ever-growing sources of sensitive and valuable data, and the increasing risk of that data being mishandled and exposed, a need for solid privacy regulations is bigger than ever.

But with a sectoral approach to regulations, the result is that maintaining standards of data privacy becomes a confusing and complicated task.

The Big Picture (Hopefully Not Of Cats)

There was a time when the sectoral approach was deemed by many U.S. organizations to be preferable to a more overarching approach like the GDPR: industries could establish a more “individualized” way of regulation that suited their needs, and the hodgepodge of regulations sometimes created gaps that organizations could fall into.

However, now the gaps are smaller and the replacing overlaps make it significantly more difficult and complicated for organizations to appropriately handle their data. The U.S. is still an outlier in its privacy approach, but now it’s starting to get a really bad rap across the globe.

The new California Consumer Privacy Act of 2018 is one more piece to add to the immense jigsaw puzzle that makes up the U.S.’s approach to privacy laws, but it begs important questions: how well will it fit in with already existing regulations, and how much of an influence will it have in future regulations being established?

Ideally, the nation’s future of data privacy laws will be cohesive, clean, and fit together well in a way that thoroughly protects citizens’ data and is adaptable to numerous industries.

California has made a big step towards the future of data privacy—here’s to hoping that only good things will follow.

Filed Under: Cybersecurity Tagged With: act, california, california consumer privacy act, data mining, data privacy, law, legislation, Privacy, Security, statute

Primary Sidebar

Recent Posts

  • AXEL News Update
  • AXEL Events
  • Biggest Hacks of 2022 (Part 2)
  • Biggest Hacks of 2022 (Part 1)
  • The State of Government Cybersecurity 2022

Recent Comments

  • Anonymous on Five Simple Security Tricks

Footer

Sitemap
© Copyright 2024 Axel ®. All Rights Reserved.
Terms & Policies
  • Telegram
  • Facebook
  • Twitter
  • YouTube
  • Reddit
  • LinkedIn
  • Instagram
  • Discord
  • GitHub