Vermont Next To Pass Data Privacy Law
There have been some major developments around the world with regard to data privacy. Both the EU and California have passed new privacy laws. There also have been some major privacy scandals involving some of the world’s biggest websites and online services.
GDPR Set the Standards
The General Data Protection Regulation (GDPR) took effect in May this year, sending every business around the world in a tizzy. Although it involves only the European Union, the GDPR had a massive impact on the whole world because almost every business deals with EU consumer data.
Penalties are Real
While bigger tech companies agreed to change their privacy policies, disclose what data they collect and also allow users to opt out of it, many smaller companies blocked users from the EU altogether, because they couldn’t comply with the new rule. The fear of penalties – four percent of the annual revenue – is also big.
California Follows Suit
Close on the heels of the GDPR came the California Consumer Privacy Act (CCPA), which is set to take effect in 2020. The law passed by the State of California is similar to the GDPR and caused much uproar in Silicon Valley.
Although a lot of people were against this new rule, it is still taking effect because the open Internet has been revoked in the US, and there’s nothing to protect consumer data privacy anymore.
Several other regions plan to pass their own data privacy regulations. One such region is Vermont, which passed the first law in the US that regulates the companies collecting and selling our personal information.
Even though Vermont’s privacy law was passed in May before the GDPR went live, there has been little talk about it because GDPR and CCPA were getting all the attention.
Set to take effect in 2019, Vermont’s privacy regulation, like the GDPR, has far-reaching safeguards for both the people of Vermont and the rest of the country. But it could just force more businesses to avoid this state and to leave this state – a state that is just trying to remain somewhat relevant.
Why is the Vermont law important?
Whenever a privacy law is passed, the general public finds out (yet again) how much of their personal information is floating around. It is impossible to erase all of our personal data from the internet. What once goes online, stays there forever.
There is also a darker side to the data collection, which goes deeper than selling it to third parties. Most consumers aren’t aware that their personal information collected by companies on their website and social media is used to create “shadow” profiles of consumers.
Although unregulated, this is a prevalent practice among various companies throughout the country. With these shadow profiles, companies make crucial deductions such as determining credit-worthiness of the individual and the favorability of financial services and even customized job search results.
This means the jobs that you want to see may not be shown to you because they don’t match your shadow profile.
This is why it is high time that all data brokers disclose how they collect and use personal information from consumers.
Under the Vermont law, data brokers have to register with the Vermont Secretary of State and pay $100 as an annual fee. They also have to disclose customer data collection, storage, and selling practices.
What Changes Will it Bring?
The Vermont law is much like the GDPR, requiring data brokers to have a clear privacy policy explaining their data security system and the technical, physical, and administrative protections for consumer data.
There are also additional requirements about collecting, storing, and sharing information about minors, much like the GDPR.
While GDPR is still the strictest privacy law to have ever come into effect, it’s heartening to see that Vermont is trying to address the data collection problem that most people around the country don’t pay much attention to – that there are businesses that exist with the sole intention of selling our personal data for a profit.
It’s shocking just how many companies collect our data on a daily basis, without us having any control over it.
The Challenges
Unfortunately, although there are as many as 43 states working on data privacy laws, the end result will be uneven enforcement, more confusion, and perhaps more jobs and innovation in states that don’t go down this irrational route. This means the general public will never be completely safe from data collection but it does not need to be since if you put it online then it should mean that it is not a big deal if entities and people know about it.
Key Ideas
This is why the use of a virtual private network (VPN) is highly essential because it keeps you anonymous on the Internet and protects you from privacy breaches. When choosing a VPN, remember to stick to the paid, reputed ones, and stay away from the free, ad-supported options.
Send this article to Michigan Attorney General Nessel in Lansing, Michigan