{"id":11823,"date":"2018-04-10T04:37:45","date_gmt":"2018-04-10T04:37:45","guid":{"rendered":"http:\/\/www.lifeandnews.com\/articles\/?p=11823"},"modified":"2018-04-11T04:44:42","modified_gmt":"2018-04-11T04:44:42","slug":"fragmented-us-privacy-rules-leave-large-data-loopholes-for-facebook-and-others","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/fragmented-us-privacy-rules-leave-large-data-loopholes-for-facebook-and-others\/","title":{"rendered":"Fragmented US privacy rules leave large data loopholes for Facebook and others"},"content":{"rendered":"<p><span><a href=\"https:\/\/theconversation.com\/profiles\/florian-schaub-368699\">Florian Schaub<\/a>, <em><a href=\"http:\/\/theconversation.com\/institutions\/university-of-michigan-1290\">University of Michigan<\/a><\/em><\/span><\/p>\n<p>Facebook CEO Mark Zuckerberg\u2019s <a href=\"https:\/\/www.judiciary.senate.gov\/press\/rep\/releases\/senate-judiciary-and-commerce-committees-announce-joint-hearing-with-facebook-ceo\">Congressional testimony<\/a> <a href=\"https:\/\/www.axios.com\/read-mark-zuckerberg-testimony-for-congress-1523288674-4ec25015-b37c-4c9e-b367-fd55f9e227f4.html\">will discuss<\/a> ways to keep people\u2019s <a href=\"https:\/\/theconversation.com\/is-there-such-a-thing-as-online-privacy-7-essential-reads-88849\">online data private<\/a>, which I\u2019m interested in as a privacy scholar. Facebook and other U.S. companies already follow more comprehensive privacy laws in other countries. But without comparable requirements at home, there\u2019s little reason for them to protect U.S. consumers the same way.<\/p>\n<h2>Inform customers and secure data<\/h2>\n<p>U.S. privacy laws are mostly based on the <a href=\"https:\/\/www.ftc.gov\/\">Federal Trade Commission\u2019s<\/a> <a href=\"https:\/\/en.wikipedia.org\/wiki\/FTC_fair_information_practice\">Fair Information Practice Principles<\/a>, which recommend companies:<\/p>\n<ul>\n<li>tell customers their data practices,<\/li>\n<li>give people some choice about additional uses,<\/li>\n<li>provide people with access to information about them, and <\/li>\n<li>ensure the security of the data collected. <\/li>\n<\/ul>\n<p>In some industries, there are regulations for handling what\u2019s called \u201c<a href=\"https:\/\/www.gsa.gov\/reference\/gsa-privacy-program\/rules-and-policies-protecting-pii-privacy-act\">personally identifiable information<\/a>.\u201d Federal laws protect <a href=\"https:\/\/www.hhs.gov\/hipaa\/index.html\">medical information<\/a>, <a href=\"https:\/\/www.ftc.gov\/enforcement\/rules\/rulemaking-regulatory-reform-proceedings\/fair-credit-reporting-act\">financial<\/a> <a href=\"https:\/\/www.ftc.gov\/tips-advice\/business-center\/privacy-and-security\/gramm-leach-bliley-act\">data<\/a> and <a href=\"https:\/\/www2.ed.gov\/policy\/gen\/guid\/fpco\/ferpa\/index.html\">education-related<\/a> records.<\/p>\n<p>Online services and apps are barely regulated, though they must <a href=\"https:\/\/www.ftc.gov\/tips-advice\/business-center\/privacy-and-security\/children%27s-privacy\">protect children<\/a>, limit <a href=\"https:\/\/www.ftc.gov\/enforcement\/rules\/rulemaking-regulatory-reform-proceedings\/can-spam-rule\">unsolicited email marketing<\/a> and <a href=\"https:\/\/oag.ca.gov\/privacy\">tell the public<\/a> what they do with data they collect.<\/p>\n<p>Online tracking and advertising is self-regulated: <a href=\"https:\/\/digitaladvertisingalliance.org\/\">Industry associations<\/a> set rules for their members. Data collection by emerging technologies, such as smart speakers or self-driving cars, is mostly unregulated. The FTC does investigate if companies are \u201c<a href=\"https:\/\/www.ftc.gov\/about-ftc\/what-we-do\/enforcement-authority\">unfair or deceptive<\/a>,\u201d but firms that prominently disclose what they do may avoid trouble.<\/p>\n<h2>Strong limits on data collection<\/h2>\n<p>Europe, by contrast, generally prohibits collecting and using personal data. Its <a href=\"http:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&amp;toc=OJ:L:2016:119:TOC\">General Data Protection Regulation<\/a>, which takes effect on May 25, applies to all businesses and government agencies in European Union member countries \u2013 including U.S. companies offering services in Europe.<\/p>\n<p>The GDPR gives <a href=\"https:\/\/ico.org.uk\/for-organisations\/guide-to-the-general-data-protection-regulation-gdpr\/lawful-basis-for-processing\/\">six reasons<\/a> for collecting personal data. But even then, any analysis must be closely related to the purpose for which the data was collected. For example, a fitness-tracking company couldn\u2019t <a href=\"http:\/\/theconversation.com\/could-your-fitbit-data-be-used-to-deny-you-health-insurance-72565\">sell users\u2019 exercise data to a health insurance company<\/a> without additional consent. Companies that violate the GDPR may be fined <a href=\"https:\/\/iapp.org\/news\/a\/top-10-operational-impacts-of-the-gdpr-part-4-cross-border-data-transfers\/\">up to 20 million euros<\/a>, or 4 percent of the firm\u2019s worldwide annual revenue.<\/p>\n<p>Building on the GDPR, Europe\u2019s forthcoming <a href=\"https:\/\/ec.europa.eu\/digital-single-market\/en\/proposal-eprivacy-regulation\">ePrivacy Regulation<\/a> will likely <a href=\"https:\/\/www.marketingweek.com\/2018\/02\/08\/eprivacy-cookies-data-laws\/\">require explicit individual consent<\/a> before a company can track a person\u2019s online activity.<\/p>\n<p>Many other countries, including <a href=\"https:\/\/iapp.org\/news\/a\/gdpr-matchup-mexicos-federal-data-protection-law-held-by-private-parties-and-its-regulations\/\">Mexico<\/a>, Switzerland and Russia, have adopted <a href=\"https:\/\/iapp.org\/resources\/article\/the-general-data-protection-regulation-matchup-series\/\">comprehensive privacy regulations<\/a> like the EU\u2019s. Canada also broadly regulates how <a href=\"https:\/\/www.priv.gc.ca\/en\/privacy-topics\/privacy-laws-in-canada\/the-privacy-act\/\">government agencies<\/a> and <a href=\"https:\/\/www.priv.gc.ca\/en\/privacy-topics\/privacy-laws-in-canada\/the-personal-information-protection-and-electronic-documents-act-pipeda\/\">private companies<\/a> use data.<\/p>\n<p><img loading=\"lazy\" src=\"https:\/\/counter.theconversation.com\/content\/94606\/count.gif?distributor=republish-lightbox-basic\" alt=\"The Conversation\" width=\"1\" height=\"1\" \/>The advantage of comprehensive privacy protections is that they\u2019re consistent across services and industries, even as new technologies emerge.<\/p>\n<p><span><a href=\"https:\/\/theconversation.com\/profiles\/florian-schaub-368699\">Florian Schaub<\/a>, Assistant Professor of Information; Assistant Professor of Electrical Engineering and Computer Science, <em><a href=\"http:\/\/theconversation.com\/institutions\/university-of-michigan-1290\">University of Michigan<\/a><\/em><\/span><\/p>\n<p>This article was originally published on <a href=\"http:\/\/theconversation.com\">The Conversation<\/a>. Read the <a href=\"https:\/\/theconversation.com\/fragmented-us-privacy-rules-leave-large-data-loopholes-for-facebook-and-others-94606\">original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Florian Schaub, University of Michigan Facebook CEO Mark Zuckerberg\u2019s Congressional testimony will discuss ways to keep people\u2019s online data private, which I\u2019m interested in as a privacy scholar. Facebook and other U.S. companies already follow more comprehensive privacy laws in other countries. But without comparable requirements at home, there\u2019s little reason for them to protect [&hellip;]<\/p>\n","protected":false},"author":44,"featured_media":11824,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3410],"tags":[4317,527,1211,901,4316,549,2560,4314,881,525,4312,3779,4315,4313,2197],"_links":{"self":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/11823"}],"collection":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/comments?post=11823"}],"version-history":[{"count":1,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/11823\/revisions"}],"predecessor-version":[{"id":11825,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/11823\/revisions\/11825"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media\/11824"}],"wp:attachment":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media?parent=11823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/categories?post=11823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/tags?post=11823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}