Released: February 27, 2018

Data insecurity and data protection

Consumer Action examines whether U.S. consumers stand to benefit from new EU data protection laws

Contact: .(JavaScript must be enabled to view this email address) 202- 544-3088 .(JavaScript must be enabled to view this email address) 301- 718-2511

As consumers do and store more and more online, the threat of data breaches and privacy lapses is ever-present. Americans’ privacy rights are dictated by a spotty patchwork of federal and state laws that Consumer Action believes are inadequate to ensure consumers are protected and have a say as to what’s done with their personal information. This year, a new framework for data protection goes into effect in the European Union (EU) to help safeguard consumers’ personal data and provide them with better control over the information that companies collect about them. The new General Data Protection Regulation (GDPR) applies to all companies that do business in Europe or with EU citizens, no matter where the firms are based.

American consumers may see some ripple effect from the EU’s strong data protection rules. It’s unlikely that global corporations will create country-specific systems for data protection, retention, correction and deletion rights—making it possible for the strong EU rules to become the default for consumers in the U.S. and other countries.

“As global firms adapt to the EU’s data protection law, we’re hopeful that all consumers will benefit from stricter data security, gain a reasonable measure of control over their personal information and benefit from the EU’s strong regulation,” said Consumer Action’s director of national priorities, Linda Sherry.

Already, global companies are asking themselves: How much data do we really need to collect and keep? Even though firms are under no obligation to follow the new EU rules on foreign soil, some companies have been busy doing “data hygiene”—cleaning up their data collection and retention practices in preparation for the new rules.

The EU data protection rules will give consumers the right to know, limit, delete and correct information about themselves. They will provide consumers with better access to the personal information collected about them, improve corporate accountability for data handling and impose steep fines for violations.

Consumer Action devotes the new issue of its quarterly newsletter, Consumer Action News, to the new EU rules and the topic of data protection.

U.S. consumers have no comprehensive data privacy protection. We rely on state and federal laws that offer limited protection. There are specific rules or laws about credit-related data under the Fair Credit Reporting Act (FCRA), some medical data restrictions under the Health Insurance Portability and Accountability Act (HIPAA), and safeguards for children’s data under the Children’s Online Privacy Protection Act (COPPA). These limited protections focus primarily on notice and individual or parental consent.

Click here to review all stories in the Data Protection issue of Consumer Action News.
                                                                                                                                                                              ###

Through multilingual consumer education materials, community outreach and issue-focused advocacy, Consumer Action empowers underrepresented consumers.