ACLU pushes privacy bills in 16 states
Measures include providing checks on location-tracking technology.
A year ago, President Obama stood at the Federal Trade Commission and called for legislation that would set a single national standard for when companies have to tell consumers that their personal information was stolen or misused.
“Right now, almost every state has a different law on this, and it’s confusing for consumers and it’s confusing for companies — and it’s costly, too, to have to comply to this patchwork of laws,” Obama said.
But the proposal didn’t go anywhere. It even drew criticism from some who said the bill would actually leave some Americans with fewer protections. That’s because although there is no national standard for notifying people affected by a data breach, nearly every state has a law addressing the issue — some of them stronger than the national proposal.
On Wednesday, the American Civil Liberties Union announced a bipartisan campaign to introduce privacy bills in 16 states and the District of Columbia. In a media call, ACLU executive director Anthony Romero said congressional gridlock makes a state-by-state movement among the most effective ways to push for nationwide changes.
The bills would do things such as require a warrant before law enforcement agencies can gain access to emails and provide checks on location-tracking technology.
Americans care about privacy. In a Pew Research survey released last year, more than 90% of respondents said being in control of who can get information about them is important. But few believe they are in control of their personal information, Pew found.
The FTC serves as the government’s chief privacy watchdog, but is generally limited to enforcing the rules that Congress sets or going after companies it believes are engaging in deceptive or unfair practices.
States can often investigate because they have laws that typically give the state attorneys general some of the same powers to go after deceptive or unfair business practices. State attorneys general were among the first officials to raise alarm bells over the lack of disclosure about how websites track visitors and were more aggressive in pursuing the issue than federal watchdogs, said Danielle Citron, a University of Maryland law professor who is serving as a senior fellow at the Future of Privacy Forum.
One of the first major investigations into online tracking involved Internet advertising company DoubleClick, now owned by Google. The FTC dropped an investigation into whether DoubleClick’s practices violated consumers’ privacy in 2001 after the company committed to voluntary changes. But a group of state attorneys general pushed on, eventually reaching an agreement with DoubleClick that included a requirement that the company publicly disclose how it gathered information from people who visit websites — and that any site using the company to place ads must disclose DoubleClick’s activities in its privacy policies.
In 2003, California passed the first state law requiring commercial online services and websites to have privacy policies, the California Online Privacy Protection Act. And It worked almost like a national standard because unless a company wanted to retool its website for Californians or bar them altogether, it had to comply.