Over 90% of Americans feel like they have no control over their data or their online privacy. Congress should be working to actively give them back their control, instead of letting the companies with the worst privacy track records dictate users’ legal rights. But any new federal data privacy regulation or statute must not preempt stronger state data privacy rules.
EFF emphasizes five concrete recommendations for any proposed legislation regarding the data privacy rights of users online:
- Requiring opt-in consent to online data gathering and sharing
- Giving users a “right to know” about data gathering and sharing
- Giving users a right to data portability
- Imposing requirements on companies for when customer data is breached
- Requiring businesses that collect personal data directly from consumers to serve as “information fiduciaries,” similar to the duty of care required of certified personal accountants.