By Joseph Wapelhorst, Staff Writer
In this digital age, protection of private information and interactions with large corporations can be important. Many websites and companies take advantage of “tech unsavvy” users’ unawareness of the risks of sharing information. Those more knowledgeable have sounded the alarm about predatory practices that collect and share personal data through online and in person interactions. Fortunately, new laws and proposed laws are beginning to catch up to digital data collectors and tried to regulate the trafficking of personal information. There are 3 bills currently before the New Jersey Assembly Science, Innovation and Technology Committee that are being considered.
First Bill – Collection & Sale of Personal Data
The first of the personal data bills being considered by the State Legislature, No. A3255, concerns the type of data collection that of us most of us would be familiar with. It prohibits businesses from collecting or selling any personal data, besides what is available in government records or widely distributed media like local news, without the consumer’s affirmative consent. It also allows consumers to inquire what data is being collected, why it is recorded, who it is shared with, and what purpose it is shared or sold for. It even goes so far as to ensure that this inquiry process is free and convenient for the consumer and nondiscriminatory, meaning that businesses cannot penalize any consumers who choose to exercise their rights to not want disclosure of personally identifiable information or to request information about the business’s use of that information.
This first bill is critical in the nationwide movement to create transparency in commercial interactions in which personal data is shared. Anyone who has had to share a driver’s license ID, a Social Security number, or even something as common as a credit card number should rightly wonder or worry about the security of their transaction. This bill would not only protect consumers’ information, but also help to educate them on such potentially damaging transactions.
By requiring positive consent, any consumer would be immediately aware when a business seeks to record and save their personal information. This would then allow consumers to not only protect themselves if they do not wish to share such information permanently, but would allow them to follow a trail of responsibility if their information is shared or sold by the collecting body. Most important however is the additional measure in the bill which allows for consumers to request that their personal information be deleted by the business that collected it. While this is not a foolproof method of retroactively protecting one’s information (since businesses can sell data to other businesses that may not be subject to this rule) it does allow consumers a great deal of flexibility to retroactively remove a businesses’ claim to their personal data and demand deletion.
Second Bill – Office of Data Protection
The second bill, No. A3283, called the New Jersey Disclosure and Accountability Transparency Act (NJ DaTA), backs up the first one, filling in some of the gaps it leaves in this process. For example, it mandates that in many cases, businesses that collect personally identifiable data must inform any third parties they have shared information with that the consumer has requested editing or deletion of their personal data and ensure it is carried out. Also, this bill specifies that certain data such as political affiliation, biometric information, and other more sensitive types of personal data are not to be collected except in very specific circumstances which still require the rigorous collection protocols and grant the consumers the same rights to deletion and transparency in the data collection process.
Most significant about this bill however is the creation of the Office of Data Protection and Responsible Use within the Department of Law Public safety. This body would provide resources to consumers and businesses alike, while also acting as a watchdog and advocate for consumer safety. This office would be key in evaluating and promoting additional legislation to protect consumer data and make the data collection process more transparent for the sake of consumer education.
Third Bill – Online Transactions
As a finale to the series of privacy bills being considered by the Legislature, No. A5448 concerns commercial internet transactions, applying the same requirements on positive consent to online business as well as offering consumers an option to refuse to have their information collected. The feeling of panic when hearing that a business’s data has been breached is widespread in the digital age and internet transactions can be particularly dangerous when it comes to revealing personal data, because so much is saved on devices and transmitted without individuals being aware. With the advance warning and consent requirements in addition to the deletion option and the opportunities to question how one’s collected data will be used as outlined in the other two acts, internet commerce can be safer and more secure than ever.
Each of these bills by themselves would be an important tool in the fight against discreet, shady data collection and sale. As a group they present a promising boost to consumer privacy rights. By not only giving consumers advance notice and clear warnings about what data can and will be collected, as well as the use for such personally identifiable information, all consumers will be safer and be empowered to make smarter decisions in order to protect themselves. These measures could potentially decrease fraud and identity theft and create corporate responsibility.
In particular, the creation of the Office of Data Protection and Responsible Use as an agent of consumer education and advocacy is significant.. This new entity as potential to educate consumers how to safely navigate their transactions in the digital age, particularly those that are conducted entirely online. As a watchdog, this office could also be invaluable in helping consumers know which rights to exercise and how to hold businesses accountable for any mistreatment of sensitive data. Government bureaucracy, in New Jersey as in other states, moves at a slow and frustrating pace. But the 3 bills or positive development for consumer privacy rights. We hope that they will move out of the Assembly Science, Innovation and Technology Committee this year toward passage and eventual signing by the Governor.
Staff Writer Joey Wapelhorst is a recent graduate of Fordham University where he studied Political Science and Accounting with a focus on Constitutional Law and American Government. He begins Georgetown Law School in the Fall.