With modern technology and new data algorithms being created, many data privacy concerns have also been raised. Consumers are the biggest stakeholders when it comes to sharing data in exchange for a service. Currently, for consumers, the largest barrier in this transaction is that there is no absolute standard regulation, nor federal law to guarantee the protection or privacy of consumer data.
This barrier raises the question of “what role should the U.S government play in protecting the data privacy of consumers?” Using Joel Reidenberg’s idea of imposing a more “targeted” and “comprehensive” legislation, Giovannit Buttarelli’s idea of balancing the obligation between consumers and company using the accountability principle, and Jonas Lerman’s “anti-data subordination” principle as a framework to construct a solid legislation based on the first 2 authors, it is clear that the United States needs a single, all-inclusive federal law which regulates the collection and use of personal information.
Thus, the government needs to step in with stricter legislation to promote accountability, including good business practice incentives, informed by constitutional structural framework so companies will recognize their responsibility to protect consumers and balance their obligation among consumers and companies. The legislation will be effective only if all three ideas are combined together as one, it will not work if any one of these ideas is absent.
While most Western countries within the European Union have already adopted comprehensive legal protection for personal data; the U.S., the home to some of the most advanced and elite technology companies in the world, is still failing to move forward with a more specific law to adequately protect consumer data. If the U.S. doesn’t take immediate action in this situation, the U.S. will consequently eventually lose out on revenue and competence among the multinational corporations. Consumer data privacy is crucial because consumers are the one who build up trust and loyalty toward a company. Without them, not only will companies lose out on consumers’ satisfaction, but also companies will jeopardize themselves in legal risks. Therefore, it is time for congress to pursue comprehensive data privacy legislation to protect consumers from company’s misuse of their data.
The first step in pursuing comprehensive data privacy legislation is the need for accountability to promote effectiveness of this legislation. This accountability principle should be included in U.S.’s consumers privacy protections law, as including this principle would require companies to designate specific stakeholders to be accountable for the company’s compliance with new legislation. Giovanni Buttarelli, a European data protection advisor, proposed that relevant data protection laws with the principle of accountability should be imposed by the government. Buttarelli explains the accountability principle as a tool which helps to “rebalance the obligation” among companies or consumers and aims to guarantee compliance with consumer data privacy protection (Buttarelli, 163).
The accountability principle implies a cultural change which advocates transparent data protection and higher clarity for a higher level of demonstrable responsibility to different stakeholders, including consumers and companies. However, the accountability principle without imposing punishment on bad business practice is not going to work. This idea is supported Buttareli’s proposition that “Failure to comply with these rules is in itself liable to sanctions, regardless of whether someone has suffered demonstrable pecuniary harm or emotional stress.” (162, Buttareli). Basically, Butarreli explains that when a person fails to adhere to this principle, they should be punished. However, I think punishment can only buy temporary compliance, whereas permanent compliance can be found by developing a culture of accountable business practices.
However, an accountability culture alone is not going to be fully effective; there must also be incentives for businesses to practice better consumer data protection. Unlike Buttareli, Joel Reidenberg proposed more detailed and extensive guidelines for every single step of secure data processing. From “collection”, “use”, “disclosure” to “storage” of personal information, Reidenberg provides a guideline for American legislators to follow.
Adding on Buttareli’s point of imposing punishment to companies which misbehavior or misuses consumers data, Reidenberg creates a path with comprehensive details of stricter legislation but with the goal of “Good business practice is incentivized ” (Reidenberg, 167). Reidenberg argues that EU data privacy law is better than current U.S. law, saying that “This European model has significant merits compared with the US piecemeal oversight” (Reidenberg, 167). What US has right now is not effective and we have to be as detailed as the EU, something that can be accomplished through consumers incentivizing good business practices.
Clearer federal regulations of how companies must handle consumer’s data privacy will incentivize better business practices, as companies will strive to be more transparent with the way they handle consumer data to avoid accusations from their consumer base. Author Timothy Morey also agrees increased incentives will push businesses to have better practices for handling consumer data. He uses the example of Facebook, who is working on developing “principles and practices that would give consumers a clear view of their data and control over its use, reducing firms’ risks in the process.” after they have been accused of mishandling consumers data. (Morey, 185) While, sometimes punishment is necessary, only establishing the rules and punishments don’t change the tendency of companies to engage in the behavior that was punished, there also needs to be these incentives.
Punishment may not necessarily prevent companies from this failure to comply, as they can make calculated risks and determine that they can just pay fines imposed and get rid of their responsibilities. As a business, these companies will only comply when there is something to be gained for their business, which can be offered to these companies through consumer trust incentives. Instead of achieving the goal of having a safe and secure data system temporarily, the U.S. government should make a change in laws that will promote consumer trust incentives for companies to create a permanent system. Companies and consumers should both acknowledge their responsibilities through a set of strict, comprehensive legislation that will allow them to emerge from social interactions.
In addition to the stricter accountabilities and legislation with good business practice incentives, having a detailed, concrete plan for legislation plays an important role in guiding the entire process of the proposed new legislation. Without this solid beginning framework, everything we discuss will only stay as a vague patchwork of legislation which will never be moved forward by the U.S. congress. This is when “data anti subordination” principle comes into place for a more structural and effective legislation (Lerman, 144). Jonah Lerman explains that “to be most effective, however, a data anti subordination principle would need to extend beyond state action” (Lerman, 144). By “extend beyond state action” Lerman suggests that legislation should be made at a federal level, rather than just state.
Federal law is more effective than state law and desired by individuals globally, as Buttareli explains, “in the area of privacy and data protection, there is a striking convergence towards common standard as a by product of globalisation” (Buttareli, 162). Federal laws will ensure accountability in the way that consumer data is handled throughout the U.S, leaving no room for inconsistency in behavior across state lines. Having federal data privacy laws can set up a strict form of rules that all companies have to obey, forcing consistency and stability in law over the long term.
In this case, the U.S. government will provide a more complex and comprehensive legislation by emulating the EU’s system of privacy legislation, with the assistance of the implementation of the accountability principle to help modify and data antisubordination principle to help with more structural framework to execute privacy law. However, Thomas H Davenport thinks it’s stricter privacy rules will crush innovations within the technology industry. Davenport insists that “those in congress – can’t be trusted to do a good job of crafting privacy legislation”` (Davenport, 168). Davenport does not trust those in congress to craft efficient data privacy legislation due to their history of failure to pass simple bills and accomplish simple tasks such as a “budget or debt ceiling increase”, and therefore the complexity of online privacy issues may be too hard (Davenport, 169).
In opposition of imposing legislation, Davenport thinks companies should be controlled by the incentives of consumer’s desire for transparent information during data exchanges, which is similar to the point of having good business incentives that Reidenberg brought up. However, the legislation is something desired by Americans and accomplished by many other European countries. Congress is meant to address the needs and concerns of American citizens, and Reidenberg found that “privacy tends to have bipartisan support and polls show that most american want more legal protection” (Reidenberg, 167). While congress may have difficulty accomplishing the passing of certain legislation, it is important to consider that legislation involving budgets is much more controversial than data privacy laws. Congress is capable of passing legislation governing an issue that many American citizens are concerned about and agreeing upon.
Since we have not yet reached the global standard of data protection for U.S. citizen’s data privacy, we need to develop a data privacy framework which includes conducting good business incentives, addressing the harm that result from a violation of privacy and a law which could cover every state in the U.S. Overall, the U.S. government needs to reform its approach to consumer data privacy in order to strengthen the U.S. and bring the U.S. in line with the data protection norms of other countries with similarly advanced technology industries.