Will Data Protection Laws Ever Catch Up To New Technology?

That was the question posed in an email newsletter I received today from the International Association of Privacy Professionals.   I am a member of this group out of personal interest and to to stay on top of issues related to privacy laws and technology.   One of the benefits of belonging to this group is that I get email newsletters with summaries of new laws, regulations, and lawsuits dealing with privacy issues from all over the world. 

Today’s email posed the question in the title of this post and featured an article from the New York Times by Natasha Singer called "Shoppers Have No Secrets."   The article details the technology of "behavioral tracking" by retail and advertising businesses and how the Federal Trade Commission (FTC) is playing catch up when it comes to regulating this technology.

Online behavioral tracking has been a hot button issue for both businesses and privacy rights groups for a few years.  Natasha’s article lists several types of new tracking to include:

  • Cameras that can follow you from the minute you enter a store to the moment you hit the checkout counter, recording every T-shirt you touch, every mannequin you ogle, every time you blow your nose or stop to tie your shoelaces.
  • Web coupons embedded with bar codes that can identify, and alert retailers to, the search terms you used to find them.
  • Mobile marketers that can find you near a store clothing rack, and send ads to your cellphone based on your past preferences and behavior.

The article is a very good summary of the issue and has links to advocacy groups on both sides of the debate.  The article also highlights the differences between European and US based privacy laws. In general, the EU is far more advanced and stringent when it comes to personal data protection. 

In the US, the FTC publishes guidelines and takes enforcement action under its authority to regulate unfair trade.  There are also the states’ Attorney Generals and class action and individual lawsuits.  Nevertheless, to answer the question I posed in this post, it is clearly a "NO" in the US.   Data protection laws will not catch up to new technology. At least, not anytime soon.

So, should Connecticut businesses ignore consumer privacy issues?    Not if the business wants to stay ahead of the game and out of litigation over privacy violations.   The FTC and state Attorneys General still have broad enforcement powers to regulate unfair trade.  Also, individual consumers continue to bring lawsuits over these issues.  

For Connecticut businesses, it is a good idea or best practices to implement  a policy related to protection of consumer data, preferences, and personal identifiers.  I have posted some tips about these issues before.  If you are looking for "do it yourself" resources, another good place to start is the FTC guidelines on behavioral tracking or its Guide for Business in protecting personal information. 

Of course, by the time you implement a privacy plan for today’s technology, it will be time to start updating it for what tomorrow brings.  Good thing I get an email to remind me.