In the age of the Internet and integrated digital technologies, the pros and cons of provacy laws is sometimes a gray topic. One cannot buy things or sign up for educational, medical, banking, telecommunication, entertainment, social media, or virtually any other services without giving up a lot of personal information. Likewise, one can hardly visit a website on the internet without leaving a trail of cookie crumbs containing all sorts of insight about their consumer tastes and habits.
What happens to all that identifiable consumer information that is now harvested by technology and kept on record in different companies' databases? Without regulation, businesses don't view private consumer data as "borrowed": they buy and sell them as if it were their own property.
As such, data privacy policies have become a modern necessity, because, without them, today's consumers are unable to control what happens to their personal data, leaving them vulnerable to unsolicited marketing, scams, and identity theft.
Get An Instant Free Course Preview
Try our best-in-class, interactive, and engaging courses for free!
Data Privacy Laws Today
Today, when the majority of businesses digitally collect, track, process, store, and redistribute customer data, there remains an ongoing legal challenge to enable consumers to access, edit, and otherwise manage their personal data as well as decide how it's used. Slowly, legislators around the world are making strides:
General Data Protection Regulation (GDPR) And Other Foreign Privacy Law
The toughest data privacy/security law in the world, European Union's GDPR, imposes regulatory measures onto all organizations that target/collect data related to European Union consumers, with harsh financial penalties imposed for non-compliance.
Dozens of other nations have passed a number of information privacy bills of their own to counter the impending implications of the digital age, such as the United Kingdom's Data Protection Act and Canada's Personal Information Protection and Electronic Data Act.
Personal Data Privacy Regulation In The USA
In comparison to the punch packed by the GDPR, the United States of America is yet to offer a modern federal-level comprehensive piece of legislation protecting consumer data from the numerous ways it could be exploited.
Several "vertical" federal regulations do exist:
- Privacy Act of 1974 protects certain federal government records of personal data from misuse
- Children's Online Privacy Protection Act (COPPA) protects children's personal data
- Gramm-Leach-Bliley Act (GLBA) protects personal financial data
- Health Insurance Portability and Accountability Act (HIPAA) offers protections for personal medical information
When it comes to comprehensive regulation, however, things have only happened on the state level, with only several states being able to successfully pass data privacy bills so far such as New York's data privacy laws. California has been in the lead with its California Consumer Protection Act (CCPA) as the law other states model their privacy bills after. Unlike the GDPR, CCPA only regulates large enterprises that make substantial gains from the sale of customer data. California also has California Online Privacy Protection Act (CalOPPA) requiring greater online practices transparency from any company doing business in the state.
The Pros And Cons Of Regulating Data Privacy
Consumer rights advocates tend to be in favor of data privacy laws as they offer protections to individuals whose personal property could be used against them or exploited for financial gain without their knowledge. Others, from the corporate side of the debate, argue that the regulation of data privacy creates more problems than it solves, hindering business and costing money. Here are some data privacy pros and cons from both sides:
Pros
- Protecting / Enforcing Consumer Rights. Consumers deserve to have awareness of and control over how their personal information is collected/shared/tracked, in-person and online. Data privacy laws ensure that there exists legal recourse for consumers to fight back against violations of those privacy rights.
- **Improvement in Security and Protection Of Sensitive Information. **If companies are legally required to be compliant with data privacy and cyber-security rules, the mandatory training/technology upgrades will prevent security breaches and data leaks, leaving the enterprises and their customers safer for it.
- Protecting Crucial Human Rights / Civil Liberties. Privacy legislation can restrict government and law enforcement agencies from easily accessing private citizens' information to use in unwarranted invasions (hence, the necessity for a warrant before collecting personal data).
- Protection Of Vulnerable People From Predatory Online Behaviors. Leaks of identifying information can sabotage the physical and mental well-being of a person spending time online (a child can become a target of inappropriate attention on social media, for example): privacy regulation can minimize such incidents.
Cons
- Potential For Abuse. As with any legally protected rights, the justice system can be exploited. Some worry that introducing/tightening data protection law will create new opportunities for "frivolous" legal action from some unscrupulous consumers that can cost corporations a lot of time and finances.
- A Lose-Lose "Compromise" For All Sides. The lack of bipartisan agreement and cooperation among legislators often means that, by the time a data privacy bill is passed into law, it can be so "gutted" / "watered down" that it fails to adequately protect consumer privacy rights (but still costs corporations time and money and imposes limitations of how they operate).
- Separate State Laws Can Make Things Difficult. Without a streamlined federal law, the multiple personal information privacy regulations passed by individual states can place extra burdens on companies. Additionally, having each state pass its own personal data protection bills precipitates potential incompatibility between separate state rules that can make legal data sharing complicated or impossible.
- The Price Of Being Compliant. In order to become/stay compliant with data protection and privacy legislation, businesses have to invest in compliance training, installing new data management technology, and possibly hiring extra personnel and evaluators, incurring costs they did not have before.
A Point Of Contention: Does Privacy Law Quash The American Freedom Of Enterprise?
Some American critics of privacy law believe that imposing regulations on corporate entities and markets lead to a stifling of innovation, limiting companies' abilities from realizing their full entrepreneurial potential. Others, on the contrary, suggest that when under-regulated, companies have the ability to take advantage of consumers' data, which is unacceptable. The solution lies in striking a balance between the organizations' and consumers' needs and freedoms -- reconciling them fairly, safely, and with minimal costs to those willing to cooperate.
The Relativity Of Pros And Cons Of Data Protection Laws
Upon reviewing the "pros and cons" of data privacy law, it becomes obvious that whether something is perceived as a "pro" or a "con" depends on which side of the consumer vs. corporation divide of interests one is on. What is a "pro" for companies can be a "con" for the consumer, and a "pro" in terms of consumer rights can be viewed as a "con" from the point of view of corporations who put their bottom line above all else?
While it is natural to feel concerned about the potential abuses of consumer rights law, it serves companies well to see the value of data privacy legislation. Businesses should not view their customers as adversaries: on the contrary, customers are a precious ally whose safety and trust should be a priority. Data privacy law does more than place limits on what the companies can do -- it also rewards the ones that take it seriously and comply readily by boosting their credibility with the consumer, the government, and the business community.
Data Privacy Training Puts Companies Ahead Of The Curve
It is only a matter of time before data privacy law becomes ubiquitous in the USA: if your state does not have training requirements yet, it will in the foreseeable future. The longer a company resists getting on board, the more it risks succumbing to data breaches and their costly consequences. EasyLlama's data privacy and cybersecurity compliance training program offers a sophisticated yet easy way to bring the workforce to understand why this topic is so important and to become compliant with existing or anticipated data privacy / cyber-security requirements. Simple to implement and fun for users to engage with, our compliance training solves your company's problems affordably and with no learning curve to stress over.
