The Evolving Face of Privacy Policy: How California Changed the Game


The Importance of Privacy Policies

The legal system often has difficulty keeping up with the rapid pace of technological development. As a result, the rules that protect a person’s privacy in the real world don’t always carry over into digital realms like the internet.

This is especially true when it comes to internet marketing. Data collection is loosely regulated on the internet. Companies like Facebook and Google have the ability to collect (and sell) incredibly private and sensitive information with no fear of repercussion.

For years, the only thing that has provided consumers with any amount of protection are the privacy policies (or “terms of service”) that companies provide to consumers. Privacy policies let consumers know what information the company has access to and how the company intends to use that information, which gives consumers the option of opting out of any internet transaction that threatens their privacy.

Unfortunately, since there is no existing federal mandate requiring online companies to provide a privacy policy, many businesses don’t feel compelled to offer one. In fact, some companies even see it as a risk, since the Federal Trade Commission (FTC) cracks down on companies that violate (accidently or intentionally) the privacy policy that they offer to consumers.
Fortunately, for consumers, all of this could be about to change.

The Shifting Legal Landscape

In 2004, California passed the Online Privacy Protection Act (CalOPPA). The legislation requires all websites and online services (including mobile apps) to publish a “reasonably accessible” privacy policy that tells consumers exactly what the company in question intends to do with the personal information it collects.

California didn’t start enforcing the policy until December of 2012, when California’s Attorney General Kamala D. Harris filed a lawsuit against Delta Air Lines for violating CalOPPA with their mobile app “Fly Delta”.

According to Harris, the app violated CalOPPA by collecting consumer information, including the user’s telephone number, e-mail, PIN code, billing address and passport number, without publishing a privacy policy.

After filing a lawsuit against Delta, the California Office of the Attorney General sent out approximately one-hundred letters to mobile app developers to notify them that they had thirty days to comply with CalOPPA or face a fine of $2,500 per download.


The recent enforcement of CalOPPA seems to have set the stage for the passage of the “Right to Know Act,” which would require companies to reveal to consumers what personal information they’ve collected and how it is being used. Together, CalOPPA and the “Right to Know Act” mark the beginning of a radical shift in the way that issues of privacy and internet transparency are being interpreted.

When it comes to consumer privacy laws, California might be ahead of the curve—but it won’t be long before other states start to follow suit. Attorneys general from 36 states have already expressed concern about Google’s new privacy policy in a joint letter to Google CEO Larry Page. The attorneys say that the new privacy policy threatens to “invade consumer privacy” and claim it might force legal and law enforcement agencies to abandon their GMail addresses and Google apps for other digital platforms.
The implications of this are clear: for better or for worse, internet privacy laws are changing. The ever-increasing omniscience of internet giants like Facebook and Google has put many watchdog groups and civil rights lobbyists on red-alert. As a result, privacy laws are A) becoming more consumer-oriented and B) increasingly likely to be enforced.

The companies that thrive over the course of the next ten years will be the ones that adapt to the coming consumer-oriented shift in internet privacy law. Companies that don’t offer a privacy policy (or make the mistake of offering the wrong kind of privacy policy) could soon find themselves bogged down by messy lawsuits or facing heavy fines. While corporate Goliath’s like Google will almost certainly survive the coming storm, the increasing emphasis on privacy protection could spell disaster for young start-up companies that ignore which way the winds are blowing.

A Stitch in Time Saves Nine

The simple solution is to get with the program. Websites and internet companies that don’t currently provide a privacy policy to their consumers should think about doing so. Companies that do provide consumers with a privacy policy should take a closer look at the one they have to ensure that it accurately reflects the process by which the company collects and distributes information about consumers. Sure—it might mean spending a little bit of extra money to consult a lawyer but, if Delta’s legal department has taught us anything, it’s that it is always better to solve a problem before it morphs into a lawsuit.

Janelle Pierce enjoys writing about internet marketing issues, including crowd-funding, online storefronts, sales, shipping, merchant accounts, etc. In her free time she likes camping, kayaking and listening to music.

Image courtesy Alan Cleaver

If you enjoyed this, get email updates (it’s free!)

1 Comment

  1. Attorneys who safeguard privacy issues for citizens should look into how California’s Department of Developmental Services is violating individual service provider’s rights by demanding unnannounced visits to their homes. What the public doesn’t know is there are individuals who are independent contractors , such as psychologists, therapists, independent nurses, etc..who are vendorized by California Regional Centers. Does that mean RC employees can just waltz into their private homes? Independent contractors that work for California’s 21 Regional Centers aren’t brick and mortar businesses! Look into this intrusive regulation in DDS. Under Title 17 it says, “Regional Center staff shall have access to the provider’s grounds, buildings and service program, and to all related records, including books, computerized data, accounting records and related documentation.”. Sounds like this is violating people’s right to privacy when they are individuals as independent contractors.

Leave a Reply

Your email address will not be published.


*


CommentLuv badge