California State Assemblymember Bonnie Lowenthal (D-Long Beach) has introduced the “Right to Know Act 2013,” which would force businesses to tell consumers what personal data they have and with whom they’re sharing. The bill follows lobbying efforts from privacy groups the Electronic Frontier Foundation and the American Civil Liberties Union of Northern California.
“This bill would instead require any business that has a customer’s personal information, as defined, to provide at no charge, within 30 days of the customer’s specified request, a copy of that information to the customer as well as the names and contact information for all third parties with which the business has shared the information during the previous 12 months, regardless of any business relationship with the customer,” reads a portion of the act.
Privacy and data ownership is a hot-button issue within the tech community. Companies ranging from giants like Facebook and Google to small e-commerce startups gather information about user activity and sell them to data brokers or advertising networks to create better-targeted advertising. Many consumers are be uncertain of privacy policies, unaware that their behavior is being tracked, and/or are unsure how to prevent it.
In a blog post supporting the Right to Know Act, the EFF wrote: “Let’s face it: Most of us have no idea how companies are gathering and sharing our personal data. Colossal data brokers are sucking up personal facts about Americans from sources they refuse to disclose. Digital giants like Facebook are teaming up with data brokers in unsettling new ways. Privacy policies for companies are difficult to read at best and can change in a heartbeat. And even savvy users are unlikely to fend off the snooping eyes of online trackers working to build profiles of our interests and web histories. … The new proposal brings California’s outdated transparency law into the digital age, making it possible for California consumers to request an accounting of all the ways their personal information is being trafficked.”
But “big data” means big money these days. Tech companies can use data to optimize their business strategies, create revenue streams, and attract advertisers (not to mention the lucrative companies that act as data brokers). Chances are the tech community won’t react kindly to this proposal. However, the EFF said that this bill is about transparency and access rather than restrictions, and it does not limit or restrict data sales. Google and Facebook have not yet responded to requests for comment.
The European Union has supported its citizens rights to submit a request to acquire data with its Data Protection Directive. In January 2012, the European Commission met with strong resistance after drafting the General Data Protection Regulation, which said all foreign companies processing data of EU residents had to comply with their regulations. Yesterday, data-protection authorities from Britan, Germany, France, Italy, Spain, and the Netherlands launched a joint action against Google after a five-month investigation which found that Google failed to give users information about how their personal data was being used across multiple platforms.
California has a long history of consumer protection laws, but the tech industry is an important part of state’s economy and has sway over legislative decisions. Do people have the right to “habeus data?” Or do businesses have the right to do what they want with the information users give them? Read A.B. 1291.