Several states are considering online privacy legislation with attractive optics for consumers. Using catchphrases like “right to be forgotten,” these bills garner public support easily.
But the harsh reality is: Legislation like CCPA & GDPR passes the privacy buck downstream to individual businesses instead of addressing the real privacy concessions most consumers are making in signing their cell phone and ISP contracts before they ever reach an app or a web browser.
How CCPA and GDPR Create Inconsistencies in Online Privacy
These laws may seem airtight on paper. But in practice, they present significant holes and inconsistencies in privacy protection.
1. Consumers Get Little to No Privacy Benefit, Even When Companies Comply
Individual businesses, even larger enterprises, don’t have the resources to comply with these privacy laws in a timely manner, let alone with consistency for the end-users. As a result, consumers don’t always know what they’re automatically opted-in to or how to opt-out and be sure they’re truly opted-out.
2. Compliance Can Be Challenged… If You Can Afford It
Some companies don’t comply and dare the authorities to crack down on them and drag things out in court; others comply and are punished with lost data.
In the wake of GDPR, huge enterprises like British Airways and Sky News weren’t complying with the letter of the law, almost daring the EU to slap their wrist and take the lawsuit hit rather than potentially lose any data.
On the other hand, smaller businesses that can’t afford to fight the compliance issues in court are complying in full and losing large amounts of customer data as a result.
3. Compliance is Expensive, and Resources are Hard to Come By
Since the language of these laws is vague and wide-sweeping, complying can be a chore for smaller organizations without dedicated compliance officers and legal teams.
What can your brand do about it? Well, you have no choice but to comply, but we’ve created some resources for that!
We’ve written some blog posts for companies seeking to comply that provide cookie banner solutions and compare the key differences between GDPR and CCPA.
Why the Legislation Doesn’t Matter
Consumers have already signed away their rights. While companies don’t have much choice but to comply with the misguided laws, consumers should be wise to the holes in it and seek true online privacy protections.
The fine print in cell phone and ISP contracts gives large telecom companies carte blanche to sell or share customer data as they want with little or no consequences.
Last year, the Washington Post did an exposé on “forced arbitration” and how it renders a lot of privacy laws impotent in court. In it, they mentioned how companies like Verizon are able to avoid class-action lawsuits by nesting arbitration clauses in their terms and conditions. You know, the ones you sign when you buy a new device or agree to a new service contract.
In Other Words
Federal and state governments like the warm, fuzzy feelings that internet privacy legislation gives to their voting constituents. It appears that they’re doing something helpful to protect the public. But these laws are intentionally misguided, and they protect a handful of telecom companies from any culpability they have in violating their customers’ privacy.
Unless and until internet service contracts are at the center of the online privacy law discussion, there won’t be any true privacy protections for internet users.