We share so much online these days, but not all of that information should be available for the public to view. So how is your most sensitive data being protected? Much of it depends on privacy policies and how tech companies seek to comply with regulations surrounding them. In this article, we’ll explore why your privacy concerns are a major force in how privacy policies are developed and implemented, and what we can expect to see in the coming years.
What are privacy policies?
They can be simple, like the one-page document from your auto insurer promising not to share your mailing info to third-party advertisers. But they can also be massive. Some of the policies for using Apple phones and apps, for example, can include pages and pages of legal jargon and terminology.
Unfortunately, playing your favorite game or using your preferred social media platform requires you to agree to their privacy policies. There are no exceptions if you want to use them. When you click to accept the terms of a program, which typically occurs during installation, you’re agreeing to the app developer’s policies.
Are privacy policies required by law?
EU policy affects U.S. business
The tricky aspect of the legality of privacy policies is knowing exactly who instituted the laws. The European Union (EU) famously changed the game with their General Data Protection Regulation (GDPR) that simplified data sharing rules across all EU countries and tightened the language on how data is collected, stored, and transferred.
It’s likely that you experienced some of the results of GDPR
following its implementation in May 2018. It was the cause of all the website popups that appeared and asked if you consent to tracking cookies. It also led to the barrage of emails that went out to let people know of the changes. This federal-level regulation caused many U.S. businesses to comply as well because they serve customers and visitors from the EU.
U.S. law and state laws are very different, however. While there are some larger pieces of federal regulation that cover aspects of data and privacy, there is no single privacy ruling for all data uses. Those larger pieces include:
- The 1998 Children’s Online Privacy Protection Act (COPPA) specifically covers information provided by children under 13 and what websites who knowingly collect it can do with that data 
- The Health Insurance Portability and Accountability Act (HIPAA) ensures that information about your health care and medical treatment stays protected and is only used by those with a duty to treat you or pay for your medical treatment 
- The Gramm-Leach-Bliley Act requires financial institutions to track and report on their information-sharing practices and limits how they do so 
The U.S. government is still trying to keep up with technological changes and often creates law in response to data breaches or concerns, rather than creating laws proactively. Despite efforts, over 90% of consumers feel that they have lost control over how personal information is collected and used by companies . Of those who are aware of privacy policies protecting their information, 68% of internet users don’t think the existing laws are good enough and almost as many think the government should do more .
How do privacy concerns direct privacy policies?
There have been many instances of newsworthy data breaches or misuse of personal info that have spurred legislative action, but companies don’t have to wait until they are legally compelled to act.
In a perfect world, companies would create easy-to-understand, simple privacy policies that protect user data and give us a full range of tech features. For those companies that have made changes, the new protections won’t limit what they can do with the data they have already collected.
Why are privacy policies changing?
Privacy policies are changing because people want them to. The public has been very vocal with their concerns about tech companies tracking and storing their personal data and activity to market to them or influence their behavior. Even though most people won’t stop using the technology that causes these concerns, public pressure to put privacy first has forced many companies to make changes now.
Fear of litigation is a motivator
The fear of litigation is also a factor. Heavy fines have been levied against companies like Google. GDPR alone has cost the company more than $50 million in penalties for failure to comply with the new privacy terms . That fine is just the start of what experts think may be a series of penalties against the largest tech companies.
EU leads the way
With the EU leading the way for change, it’s likely that other governing bodies and countries will follow. Companies cannot afford to wait to make changes until they have been penalized. To stay in business, their policies must reflect the ownership of data by the individual and the priorities to protect that data, even at significant expense.
New tech keeps moving the bar
Policies also change as tech changes. Of course, email privacy didn’t exist prior to email, and phone app data didn’t need protecting before smartphones. New tech prompts new data; new policies and law are a natural result.
The future of social media privacy concerns
Privacy policies are designed to let the consumer know how their data is stored, used, and sold, but they don’t only benefit users. They also create boundaries for tech companies and opportunities for social media platforms to market themselves as champions of privacy.
By choosing to acknowledge that the data belongs to the users, and using this acknowledgment as part of their branding, social media can become allies instead of enemies.
These established policies give us a benchmark to measure. Without them, we can’t hold data collectors accountable for any misdeeds, breaches, or questionable uses. Social media companies have the attention of the public and lawmakers who recognize the power held by companies with millions of users’ data.
As the discussion becomes more mainstream, social media platforms will be compelled to offer a more transparent response and possibly a simplified approach toward privacy policies.