Privacy, Big Data, And The Argument For U.S. Federal Privacy Legislation
If anything, Congress should take the lead from states like California and New York that have been influenced by the GDPR.
Most of us have heard the phrase “someone watching over you,” and some take solace in it and view it as a good thing. Unfortunately, it seems that may not be the case when it comes to your privacy. The fact is that there are more and more “eyes” on you and your personal data everyday. Just recently, it was uncovered that the U.S. military plans to test a 24-hour mass surveillance system using high altitude balloons equipped with special radar systems that can track multiple vehicles simultaneously over a period of time. Further satellite imagery has progressed a great deal over the last 10 years, arguably enough to identify certain vehicle characteristics (but not license plate numbers… yet). What does this all mean? A great deal, and for reasons other than you might think.
Let’s face it — the advent of the internet has created a mechanism whereby companies (from your internet service provider to your browser, mobile devices… even the “internet of things” or IoT) can (and do) collect, store, use, and share personal information. We’ve become accustomed to such data collection online, arguably to the point where such collection and use is viewed as the “toll” for the information superhighway and price to be paid for getting to the information we seek for “free.” Unfortunately, the level of collection and use of such data from interactions on the internet has reached epic proportions, as has the hacking of such information and its unauthorized use.
The Global Legal News You Need, When You Need It
Thankfully, many jurisdictions have “woken up” to this issue. For example, the European Union passed the GDPR a few years ago (effective May 2018) in an effort to update its original Data Privacy Directive from the 1990s (i.e., before Google even registered its domain name). Non-EU jurisdictions (such as Australia, New Zealand, and Canada have also implemented regulations designed to provide greater rights to individuals regarding their data. The United States is seeing its fair share of state laws either passed (such as California’s CCPA) or in process (such as Senate Bill 5376 in the State of Washington or New York State’s far reaching Senate Bill 224 which provides, inter alia, a private right of action for individuals who are injured to sue companies for a violation). That said, the U.S. has struggled to follow suit federally, and such continued delay can no longer continue.
Why? For starters, state laws create a patchwork of regulation that are difficult to harmonize. I applaud states such as California, Washington, and New York for taking a lead from the GDPR and attempting to wrestle more individual rights to such data, but not every state that has (or is addressing) data privacy laws approaches it the same way. As a result, this disparity creates incredible challenges (and liabilities) to companies doing business throughout the U.S. For example, should New York’s proposed bill become legislation, companies will need to address not only the quick turnaround times for customer data inquiries, but will need to be prepared for potential lawsuits for purported violations. Worse, it may serve as a reason for companies collecting personal data from NY residents a reason to offset increased costs by passing such costs (or more) to such NY customers.
The biggest concern from my perspective, however, is that federal regulation may be the best way to address what I perceive as inevitable “next level” use, namely, the merging of satellite and related imaging data to private data already collected. According to MIT Technology Review, there are currently almost 770 imaging satellites in orbit above the Earth, but it’s not the images that are the issue, but how those images can be mapped to other individual identifying characteristics that is causing the problem. You can turn off location tracking on your mobile device or implement a VPN or other technological safeguards when internet surfing, but you won’t have that option with satellites. What’s worse, what about companies whose competitors seek to gain a competitive advantage by seeking a combination of imagery of their competitor’s locations with other information (such as form supply chain sources or logistics)? Don’t think it can happen? The point is that it may already be happening.
I realize the difficulties involved with seeking a federal legislative solution to this impending problem, but (sadly) it is the one solution that provides a harmonious resolution for a thorny problem. Absent a federal solution, there appears to be little to prevent this “next-level” data mapping from further eroding data privacy rights. If anything, Congress should take the lead from those states (like California and New York) that have been influenced by the GDPR — it would be a good start. That said, whether the eventual legislation would actually reflect what is necessary to protect such rights is another issue altogether (and one fraught with political issues far beyond the scope of this article). Let’s just hope that somehow Congress and business can resolve this dilemma in a way that is a win for personal data privacy (I know, I know — hope springs eternal). Until then, the view from above is not going to get any clearer.
Sponsored
Stuck Drafting A Tough Brief? This Tool Can Help.
Legal Knowledge Management To Drive Dealmaking
The Global Legal News You Need, When You Need It
What Do Millennials Think Of Law Firm Life?
Tom Kulik is an Intellectual Property & Information Technology Partner at the Dallas-based law firm of Scheef & Stone, LLP. In private practice for over 20 years, Tom is a sought-after technology lawyer who uses his industry experience as a former computer systems engineer to creatively counsel and help his clients navigate the complexities of law and technology in their business. News outlets reach out to Tom for his insight, and he has been quoted by national media organizations. Get in touch with Tom on Twitter (@LegalIntangibls) or Facebook (www.facebook.com/technologylawyer), or contact him directly at tom.kulik@solidcounsel.com.