Sunday, the Editorial Board of the New York Times criticized “(t)he legal fiction of consent” under U.S. privacy law and stated “Americans deserve strong privacy protections.” This position adds a new voice to the privacy dialogue in the US and brings to focus the reasoning behind GDPR Article 7 and Recital 32 (legal consent must be freely given, specific, informed and unambiguous)? After all, as The Times notes, “(t)he average person would have to spend 76 working days reading all of the digital privacy policies they agree to in the span of a year.”
For those who are watching the US dialogue take shape, it appears that there are now three distinct and vocal points of view.
The most privacy forward is that expressed by the New York Times and its call for “strong privacy protections.” Albeit, it is not clear what that really means beyond meaningful consent.
The most vocal is the view point of Facebook, Google and Amazon, who appear to be fine with how things are. No doubt they will be willing to compromise, but will seek to minimize the disruptions to their business models.
And then, there is the middle view of Apple’s Tim Cook and his four principles:
- “The right to have personal data minimized.” (“Companies should challenge themselves to strip identifying information from customer data or avoid collecting it in the first place.”)
- “The right to knowledge.” (Consumers should have the ability “to know what data is being collected and why.”)
- “The right to access.” (“Companies should make it easy for you to access, correct and delete your persona data.”)
- “The right to data security.”
It is important to note that unlike the New York Times, Tim Cook did not mention the importance of meaningful consent. Tim Cook’s proposal’s address giving people a right to deal with data after it is collected, not before.
It is anyone’s guess where this all ends up. But, it would not be surprising if there is no agreement on national legislation and 50 different state regulations.
(c) SafeGuard GDPR, LLC. 2019