Privacy’s a tricky thing, especially these days. From smartphones that reportedly track you to Facebook and Google’s near-constantly changing policies, balancing companies’ need for valuable, usable data against individuals’ right to privacy seems like a never-ending battle.
The latest development in this area comes from The White House, which recently unveiled a sort of consumer privacy “bill of rights.” The document, titled “Consumer Data Privacy In a Networked World,” is more like a set of guidelines rather than laws. The idea is to give consumers and companies an outline of what the reasonable expectations are for the handling of personal data. And if businesses accept them, the FTC could feasibly step in to monitor how well they conform to them.
This doctrine outlines seven basic credos, and reading through them, there’s a mental “Hallelujah!” ringing in my head in response each one.
1. “Consumers have a right to exercise control over what personal data companies collect from them and how they use it.” Some companies would argue that the opt-in when a user signs up is fairly simple and clear. It’s a lot murkier, however, if the user wants to opt out or withdraw permission later on. There’s a tidbit in here stating that this should be just as clearcut and transparent as the initial opt-in. If more companies had an easy-to-find setting with a big, fat red button to delete any user data the company has collected about you, you can bet more people would be using it.
4. “Consumers have a right to secure and responsible handling of personal data.” These days, who doesn’t buy things online or otherwise link accounts to financial services or credit card companies? You want to know that your information is being treated with the highest level of security possible, which is precisely what this is all about — making sure the companies who deal with your data actually take the matter seriously. These days, what with all the hacking, security is not an area to skimp on.
5. “Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.” What’s worse than being tracked or surveilled? When those files include errors that influence your ability to get a job, obtain a mortgage or qualify for other services. What immediately springs to mind are FICO scores, and the mysterious process behind those credit reports, but this could easily include other types of background checks, like criminal and even social media. You don’t want erroneous data out there about you, without the ability to fix that, do you? Consumers should have the ability to make corrections.
6. “Consumers have a right to reasonable limits on the personal data that companies collect and retain.” Why are lengthy sign-up procedures sometimes required for simple-looking services? And why do certain apps or services ask for access to contacts or location information, when there’s no visible reason for it? Companies should collect only as much data as they need to perform services, and with this “Focused Collection” policy, once that data has served its purpose and is no longer required, it should be properly (and securely) removed.
7. “Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.” In other words, a company’s good intentions mean nothing if its staffers aren’t trained to uphold the guidelines. (Consider “Bubba” the employee making off with your bank account number, or even just snagging a hilarious Halloween photo of you in your private photo storage and shooting it over to his pals.) Ultimately, the companies are responsible, so they need to have measures for accountability. This isn’t an “extra,” but something that should exist so users can have confidence in their service providers.
In a way, it’s kind of a shame that a document like this is even necessary. Most of these points seem like common sense, and yet, there’s clearly a need to outline these “rights.” And the document itself isn’t binding — there’s no law stating that companies are required to adopt these policies (though our executive branch is working on it).
I suppose having them solidified like this is at least a start. Savvy businesses may even recognize this as an opportunity to gain an image boost and inspire some good will. As for the rest, they can continue to ignore these principles at their own peril. Personally, I think the days of this “Wild West” free-for-all with our precious data are numbered. There’s no shortage of competing services and products out there now, and the service providers who consistently show little regard for their userbase will eventually be undone by their carelessness. Ideally, though, we won’t have to wait too long to see widespread changes roll in.
What do you think? Are companies taking enough precautions with our data? Or is the abuse or neglect so rampant that nothing will get them to change, short of imposing laws?
[via The White House (PDF)]