The data protection world was busy in 2019. In July, the Federal Trade Commission (FTC) fined Facebook $5 billion for inappropriately sharing information belonging to 87 million users with the now-defunct British political consulting firm Cambridge Analytica. In September, the FTC fined YouTube $170 million in the largest penalty ever levied for violations of the Children’s Online Privacy Protection Act (COPPA), which imposes restrictions on the use of personal data associated with children ages 12 and under. According to the law, digital platforms that collect data from young users are required to have their parents’ consent and parents must be given the option to opt out of having their children's information shared with third parties.
Data security is now even more important with the advent of the Internet of Things (IoT). As connected devices exchange data with servers across networks (e.g., local area networks, cellular networks and internet service providers), entry points could be exploited by enabling unauthorized access and misuse of personal information.
These companies, however, have taken steps to improve their privacy issues. Apple and Google now require people to opt in to take part in the accuracy program. Amazon adjusted its privacy settings for Alexa after backlash. And Google’s Nest devices now come with physical switches to turn off cameras and mics.
Nonetheless, privacy problems continue. Researchers from Security Research Labs (SRLabs) recently created apps hiding malicious code that could leave Google and Amazon smart speakers exposed to hackers. SRLabs researchers were able to compromise the data privacy of users by requesting and collecting personal data, as well as eavesdropping on users.
SRLabs developed an app giving a fake error message which sounded as if it had closed, while it actually continued operating, even transcribing everything the user said. Fortunately, this was not exploited and SRLabs shared its findings with both Amazon and Google before making them public.
Tech giants Apple, Facebook, Google and Microsoft have called for a federal data privacy law. In a letter to congressional leaders, Business Roundtable CEOs urged policymakers to pass a comprehensive national data privacy law that strengthens protections for Americans. Over 50 chief executives including Amazon’s Jeff Bezos; Best Buy’s Corie Barry; Cisco Systems’ Chuck Robbins; and IBM’s Ginni Rometty signed an open letter to lawmakers asking for a federal privacy bill, arguing that consumers may not understand rules “that may change depending upon the state in which they reside.”
And in a letter sent to Congressman Ben Ray Lujan, CTA suggested a federal approach that increases privacy protections and allows the U.S. to remain the world leader in innovation.
In October, Senator Ron Wyden (D-OR), proposed legislation (“Mind Your Business Act”) to bring serious punishments for companies that violate people’s data privacy, including larger fines and potential jail time for CEOs. The bill is based on three basic ideas: consumers must be able to control their own private information; companies must provide more transparency about how they use and share data; and corporate executives should be held personally responsible for protecting personal information. The bill imposes tough criminal and civil penalties for knowingly or willfully certifying a false statement in an annual data protection report.
Privacy will be front and center in 2020, too. The California Consumer Privacy Act (CCPA), was signed into law on June 28, 2018, and took effect on January 1. The law provides new privacy benefits to California’s 40 million residents, granting consumers a right to know what information companies have on them, a right to have that information deleted and the right to opt-out of the sale of that information.