Illinois legislators in Springfield are tackling the online privacy debate with two groundbreaking bills that crack down on online data mining.
One proposed measure would require online companies, such as Google, Facebook and Amazon, to disclose to consumers what personal data has been collected and shared with third parties.
The Right to Know Act would require companies to provide an e-mail address or toll-free telephone number for customers to request information.
“Currently, companies aren’t required to tell you what happens if unauthorized third parties access this data,” said Matt Erickson, Industry Outreach Director for Digital Privacy Alliance. “(The Right to Know Act) simply gives some transparency to where your information goes.”
The Right to Know Act was drafted by Cook County Sheriff Tom Dart. He said the idea came from the overwhelming number of victims of financial crimes, like identity theft and hacking, in Cook County.
“The better way to go was to reduce the universe of potential victims by making people more well informed of what information of theirs is out there and who can get their hands on it,” said Dart. “In doing that, people can self-regulate themselves and maybe narrow the pool of people whose information is all over the place for criminals to get a hold of.”
“What in God’s name is wrong with letting consumers know this company takes all your information and sells it?” said Dart.
A separate bill, dubbed the Geolocation Privacy Protection Act, would prohibit companies from collecting, using, storing or disclosing geolocation location from a location-based app without a consumer’s consent.
“This is a big deal,” Erickson said. “We’re not looking to end the practice of trading information for services, but we’re looking to be able to allow people to have some say of what happens to themselves.”
The privacy debate is brewing in statehouses across the country at the same time the federal government rolls back guidelines restricting how Internet Service Providers share consumer data.
In March, Congress voted to repeal broadband privacy rules, which were adopted under the Obama administration and set to go into effect this year. The rules would have required ISPs, such as Verizon, AT&T and Comcast, to disclose what personal information they collect and share and would have required consent from consumers before sharing sensitive information.
An official with Comcast, which is the parent company of NBC News, wrote in a recent blog post that the corporation already does not share sensitive information, such as banking, children’s and health information, without obtaining opt-in consent.
AT&T officials also voiced the Obama-era rules would not have regulated most online companies.
“Companies that collect and use the most customer information on the internet are not the ISPs but other internet companies, including operating system providers, web browsers, search engines, and social media platforms,” wrote Bob Quinn, AT&T Senior Executive Vice President, External and Legislative Affairs. “The FCC rules had nothing – literally nothing – to do with these companies or their practices.”
The proposed measures before the Illinois General Assembly encompass all companies that provide online services or operate a commercial website.
Trade association CompTIA (Computing Technology Industry Association), based in Downers Grove, oppose the legislation.
“Consumer privacy is of paramount importance,” said a CompTIA spokesperson. “Codifying regulation of the internet must be done carefully and deliberately in order to achieve meaningful standards that continue to nurture the trust of consumers in our digitally driven marketplace.”