The Roundtable
Welcome to the Roundtable, a forum for incisive commentary and analysis
on cases and developments in law and the legal system.
on cases and developments in law and the legal system.
Image Source: Towfiqu barbhuiya on Unsplash By Aaron Tsui Aaron Tsui is a sophomore studying computer engineering in the School of Engineering and Applied Science interested in technology law and intellectual property. While many may be familiar with their fundamental constitutional rights and basic laws that protect them, in an age where the world is becoming increasingly digitized, it is not only imperative that legislation stays on pace with developing technology, but also critical that individuals themselves remain aware of the extent to which current laws and regulations protect their online presence. Think about the last time you explicitly searched for a product on a search engine like Google or a social media platform like Instagram. Chances are, you eventually began seeing advertisements on that exact product or niche on other websites. Did you explicitly agree to allow your search data to be shared? Did you have any control over who shared your data? Was your specific search the only data collected, or were other details such as your name, age, gender, address, etc., collected as well? It may seem that on an individual scale, such questions seem rather meaningless and hold little to no weight in the grand scheme of things, but it is exactly when the grand scheme of things is considered, do the implications and consequences become exacerbated.
Looking beyond data collection for advertisement purposes, there are far more detrimental consequences when considering malicious attacks such as identity theft and fraud. With this in mind it is important to understand the complexities and nuances of data collection consent, and the protective laws and policies that apply to digital data collection. When compared to global legislation, the United States is far behind in protecting individuals and their data privacy online. Particularly, the European Union’s (EU) General Data Protection Regulation (GDPR) is considered the most comprehensive legislation that protects consumer data. According to the EU, the GDPR defines seven principles: Lawfulness, fairness, and transparency, Purpose limitation, Data minimization, Accuracy, Storage limitation, Integrity and confidentiality, and Accountability. [1] These seven principles set limits on how much data can be collected and also enforce much stronger levels of accountability, ensuring that peoples’ data are being lawfully collected and processed. More specifically, the GDPR explicitly defines permission to process data in several instances, one of which includes “unambiguous consent to process the data” such as opting into a marketing email list. From here, the GDPR also more explicitly defines the term “consent” when it comes to processing data, highlighting that consent must be “freely given, specific, informed and unambiguous” as well as “clearly distinguishable from other matters.” [1] In comparison, the United States lacks comprehensive data regulation, with only 14 states having their own data privacy laws. The movement towards state-specific legislation was initiated and led by California, signing into law the California Consumer Privacy Act (CCPA) on June 8th, 2018. [2] This act specifically targeted the use of businesses collecting and selling Californian’s personal data and information. The CCPA gives Californian consumers the right to know when and how businesses are using their data, the right to delete collected information, the right to opt-out of data collection, and the right to non-discrimination. [3] Further amendments to the act include the right to correct inaccurate information and the right to limit the collection of sensitive information. 13 other states have followed in California’s footsteps, enforcing their own set of data privacy and protection laws. Within individual states we are seeing momentous steps forwards in both recognizing the importance of protecting users’ personal and sensitive information. In order to make even further strides the U.S. would likely need to follow in the footsteps of the EU, enforcing federal data privacy laws. With the rise of artificial intelligence (AI) and machine learning (ML), fields where data collection is imperative to creating and training better models, it is crucial that the U.S. legislative system as a whole, not just state-wide, makes strides in the right direction. Whether it be for AI/ML training, marketing, profit maximization, or simply selling data to other companies, there exists a noticeable lack of enforcement and accountability, specifically when it comes to large corporations and the federal government collecting people’s personal data. Implementing similar principles to the GDPR such as data minimization, opt-in rather than opt-out policies, and rigorous accountability, would allow for individuals' rights and privacy to be respected, creating a safer digital landscape for all. [1] “What Is GDPR, the EU’s New Data Protection Law?” GDPR.eu, September 14, 2023. https://gdpr.eu/what-is-gdpr/. [2] “Consumer Data Privacy Laws.” Bloomberg Law, March 18, 2024. https://pro.bloomberglaw.com/insights/privacy/consumer-data-privacy-laws/#us-privacy-laws. [3] “California Consumer Privacy Act (CCPA).” State of California - Department of Justice - Office of the Attorney General, March 13, 2024. https://oag.ca.gov/privacy/ccpa. The opinions and views expressed in this publication are the opinions of the designated authors and do not reflect the opinions or views of the Penn Undergraduate Law Journal, our staff, or our clients.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
Archives
September 2024
|