Every time you hit "accept" or "send" or "order," you're basically a sweepstakes guy with a giant check rushing up to a stranger. Except this time, the big giant check is your personal data being dropped in the hands of Big Tech. Our digital habits amount to a bonanza for these companies, which then store, analyze, share or sell the info.
Most of us don't even think about the process, which is all permitted in those mile-long user agreements. IBM estimates we collectively generate quintillions of bytes of data every day. It's not surprising that privacy gets lost in the digital dust.
There have been numerous warnings.
Edward Snowden's disclosure in 2013 about NSA surveillance was an example of how data can be gathered without you knowing and used in ways you've never thought about. A breach at Target affected 41 million customers. Equifax lost control of 140 million Americans’ data.
But then there's the more everyday situations when we hand it over willingly: social media, search engines. What happens after that is often a black box, like Cambridge Analytica's research that involved millions of Facebook users' data.
Still, there is no comprehensive federal law in the United States regulating the use of personal data. Instead, there's a cross-stitch of federal and state laws and regulations.
That's not the case in Europe.
As of May 2018, the General Data Protection Regulation, or GDPR, sets standards for safeguarding European citizens' data. It includes:
— A right to know within 72 hours when data has been hacked.
— Easier access to personal data that's been collected.
— A requirement that organizations clearly detail how they use it.
— A provision for consumers to opt out of their data being used.
— The right for consumers to have data erased under certain circumstances.
The closest thing in the U.S. is the California Consumer Privacy Act, but it won’t take effect until 2020.
The law allows internet users to ask for the data a company has collected on them and to know where it's been sold. California does not set a deadline for notifying consumers of a breach and does not include the huge fines of the GDPR.
We hear frequent proposals in Congress for national standards to protect personal digital privacy. The question is: Can any law be written that keeps up with technology?