U.S. Senators John Kennedy of Louisiana and Amy Klobuchar of Minnesota introduced the Social Media Privacy and Consumer Rights Act of 2018, which is supposed to improve transparency, strengthen consumers’ recourse options in case of a data breach, and ensure that companies are compliant with privacy policies that protect consumers.
This new bill follows another Senate bill introduced recently by Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut called the CONSENT Act.
Social Media Privacy and Consumer Rights Act of 2018
After the Facebook and Cambridge Analytica privacy scandal, Congress seems to be moving towards increasing consumers’ privacy protections in the United States. The European Union’s new General Data Protection Regulation (GDPR) will also go into effect in May, so Congress may feel that it needs to keep up.
More specifically, the new bill aims to improve the following things in American privacy rights legislation:
Requires terms of service agreements to be in plain language,Ensures users have the ability to see what information about them has already been collected and shared,Provides users greater access to and control over their data,Gives consumers the right to opt out and keep their information private by disabling data tracking and collection,Mandates that users be notified of a privacy violation within 72 hours,Offers remedies for users when a privacy violation occurs,Requires that online platforms have a privacy program in place.
Senator Klobuchar said:
Every day companies profit off of the data they’re collecting from Americans, yet leave consumers completely in the dark about how their personal information, online behavior, and private messages are being used.Consumers should have the right to control their personal data and that means allowing them to opt out of having their data collected and tracked and alerting them within 72 hours when a privacy violation occurs and their personal information may be compromised. The digital space can’t keep operating like the Wild West at the expense of our privacy.
Explicit Consent Not Required
Many of the provisions in the bill already seem in line with the GDPR. However, there is one far more important provision that seems to be missing from it: requiring companies to ask for explicit consent (users would have to opt-in, rather than opt-out) before collecting their data.
As such, although the Social Media Privacy and Consumer Rights Act of 2018 borrows some good ideas from the GDPR, it doesn’t come close in terms of the control it gives consumers over their data and how that information is collected.
'CONSENT Act' Is Still Better For Consumers
The CONSENT Act is not perfect. As we discussed earlier, it seems to go out of its way to ensure that the new bill only affects “edge providers” or online services rather than ISPs, too.
However, Markey’s bill comes with many of the same transparency and data breach disclosure provisions that the Social Media Privacy and Consumer Rights Act has, while also requiring online companies to ask for consent before collecting user data. Additionally, the companies are also required to notify users about all types of data collection and data sharing with third-parties.
Perhaps the two bills can be combined, as long as the CONSENT Act remains intact. Otherwise, the CONSENT Act is the bill you should want to call your Senator to vote, if you care about stronger privacy rights.
Ideally, both of them would target the ISPs, or better yet anyone that deals with consumers’ data, which is the approach the EU GDPR took. U.S. consumers may gain new protections against social media and other online companies, but if their ISPs are free to share and sell data collected from all of their paying customers, then that wouldn’t be as large of a win as it could be.
