The fight for users’ right to know what companies do with their data
CISPA‘s progress through the two houses of the U.S. Congress is and will be the major topic for discussion for privacy-minded individuals in the U.S. and around the world. Still, prospective bills focusing on user privacy are currently in the process of being introduced and voted on.
Bonnie Lowenthal, a Democrat assemblywoman representing Long Beach constituents, is trying to pass the Right to Know Act (AB 1291) bill that would give California consumers the right to know how companies use the data the users – consciously or inadvertently – share with them.
A considerable number of associations are opposed to the bill: the California Chamber of Commerce, the California Bankers Association, the Internet Alliance, the California Cable and Telecommunications Association, TechNet, and others.
They expressed their opposition to the proposed bill in an open letter they sent to the members of the Assembly Committee on Judiciary.
“While we understand that the bill is sponsored by several consumer organizations, it is unworkable, rests on mistaken assumptions about how the Internet works, and would impose costly and unrealistic mandates on California’s technology sector with minimal benefit to state residents,” they claim, adding that the bill is “over-broad.”
The American Civil Liberties Union (ACLU) replied to the letter with one of its own that addresses – point by point – all the objections by the aforementioned associations.
“The way the Internet ‘works’ today is that companies are collecting and disclosing vast amounts of Californians’ sensitive personal information to third parties – including online advertisers, data brokers, and third party apps – in ways that Californians do not realize and could cause them harm,” they wrote, and listed the ways websites, apps, mobile apps, companies and data broker companies track users, collect their data, buy, sell, trade it or use it “in ways people do not expect or want.”
“Unlike many other privacy laws, AB 1291 does not require costly affirmative notice to Californians about personal information that is retained or disclosed, but only requires companies to respond to Californians who make requests. Requests are limited to one per 12-month period,” they also pointed out.
“The bill takes advantage of the past decade’s technological advances and provides new flexibility in the means available to businesses to communicate with Californians. Companies may utilize an automated portal or other mechanisms already in place to provide access to data required by European law or choose to provide ‘just in time’ notice to Californians about personal information disclosed rather than responding to requests.”
They finally mentioned that many companies – including Facebook and Google – already comply with existing European privacy laws that require them to provide mechanisms for users to access personal information held by the companies.