Local Laws Start to Fragment Privacy Picture

For well over a decade, the leading technology companies have been able to build hugely profitable businesses on the back of people’s personal data. Now, for the first time, serious questions are being asked about how their operations collect, use and store our private information.

The EU has long subscribed to the view that privacy is a human right. Earlier this year, it overhauled its data protection laws for the modern Internet era. Safeguards governing its citizen’s personal information were beefed up significantly. The California Consumer Privacy Act soon followed.

Such fragmentation is the last thing the big tech service providers want. Already they are collectively lobbying for federal legislation to get some of their powers back.

Geographic differences in privacy law are also confusing for users. Travelers do not want to have to take local privacy laws into account every time they connect to the Internet.

Fortunately, they don’t have to. With a virtual private network (VPN), their data communication is encrypted, ensuring their data stays private no matter where in the world they happen to be.

Recipe for Confusion

Online privacy is a very subjective issue. At one end of the spectrum are those that are perfectly at ease with sharing personal information if it adds value to their online experience.

At the other are those who care a great deal about their data and do all they can to share as little as possible.

Thanks, in part, to the Data Analytica scandal and other high profile data breaches consumer awareness of what happens to their personal information online has never been greater.

Recent data protection legislation has also played its part. Earlier this year the EU updated data protection laws dating back to 1995. General Data Protection Regulation (GDPR) as it is known ensures the personal information of EU citizens is appropriately safeguarded against the risks of the modern Internet age.

Then, over the summer, the state of California introduced its very own Consumer Privacy Act. Taking a similar approach to GDPR, the California regulations insist businesses are transparent about the kind of consumer information they collect and share.

In common with GDPR, users in California may withhold consent from having their data collected and businesses that do not comply face the threat of substantial penalties.

Should other states decide to follow and impose their own data privacy rules it could quickly become a recipe for confusion.

Tech Industry United

Unsurprisingly, the big tech companies have been alarmed by these developments.  

The new rules on the other side of the Atlantic are problematic enough. But the prospect of having to abide by a set of state-by-state rules would be a nightmare for them (not to mention confusing for end users).

Even corporations like IBM, Salesforce and Apple – who are not in the business of selling targeted advertising – want to see federal legislation that would supersede all local laws. From their point of view, it’s much better to have strong unilateral data protection laws like those in the EU than a fragmented and inconsistent picture.

Regulation motivates service providers to reduce the risk of data breaches and promotes responsible sharing of personal information, helping to build business and consumer confidence in the digital economy.  A number of technology companies have come together to lobby for federal legislation that would override the California ruling.

Consumer Disinterest

From an end user perspective, the most noticeable consequence of EU GDPR is that websites constantly bombarded you with consent requests.

Research has revealed that many consumers find this pretty annoying. Almost three quarters (72%) of respondents expressed irritation at how often they have to accept cookies before they can access website content.  Yet, just 2% said they regularly refuse consent, indicating consumers are more interested in convenience than data privacy.

People’s attitude to how brands use their personal data is equally inconclusive. More than two thirds (68%) of those surveyed do not mind sharing personal information with advertisers. Many (47%), however, expect brands to give them something in return.  

Guaranteed Data Privacy with VPN

The good news for businesses and consumers is that VPN software provides consistent protection for sensitive data irrespective of whatever local privacy laws are in place.

A professional, enterprise-grade VPN automatically generates an encrypted tunnel for data traffic passing between remote users and the corporate network. Therefore, users never need to worry that sensitive private information could be intercepted or fall into the wrong hands. The remote devices of many hundreds of users may be managed and authenticated from a single, central control point.

In summary, in response to the many data breaches involving personally identifiable information (PII) EU legislators have this year tightened up the rules on data protection. In the U.S., the state of California followed suit. There is now a very real prospect that other states may soon bring in guidelines of their own.

The alarming notion of having to make many expensive operational adjustments for multiple local jurisdictions has brought the technology industry together to lobby for a federal equivalent to EU GDPR.

In a world fragmenting over privacy, it’s reassuring to know that with the right VPN technology businesses and users can still protect their sensitive data regardless of the privacy laws in their region.