Academic journal article Iowa Law Review

147 Million Social Security Numbers for Sale: Developing Data Protection Legislation after Mass Cybersecurity Breaches

Academic journal article Iowa Law Review

147 Million Social Security Numbers for Sale: Developing Data Protection Legislation after Mass Cybersecurity Breaches

Article excerpt

I. Introduction

Have you ever searched your name on Google and immediately found your phone number and home address on the very first page? Have you noticed that as you scroll on Facebook, the ads you see are tailored to your favorite stores and items? Have you ever wondered why certain apps on your phone track your GPS location, even when the app is not in use? Have you questioned whom your email address will be shared with when you sign up for a coupon on a store's website? Consumers are beginning to ask these questions in light of recent mass data breaches, like UnderArmour's "MyFitnessPal" in 2018, Equifax in 2017, LinkedIn and Yahoo in 2016, and eBay in 2014, which affected hundreds of millions of Americans. 1

Technology has enabled phones, smart watches, and computers to recognize an individual's face and voice, to track a person's average heart rate and hours of sleep, or even to collect internet search history, financial information, and sensitive medical history.2 Additionally, 70% of smartphone apps share the personal information they collect with third-party companies such as Google Analytics and Facebook Graph API.3 Data collection gives companies the power to tailor their products and services to specific individuals. For example, Cambridge Analytica collected the private information from more than 50 million Facebook users in order to identify American voter personalities and sway their behavior in the 2016 Presidential election.4 Of the 50 million individual accounts harvested, only 270,000 Facebook users consented to having their data collected, after being told it was to be used solely for academic purposes.5 While the mass collection of individuals' data is helpful for businesses and some consumers, the problem arises when businesses invade the privacy of individuals by storing and, sometimes, losing their information, exposing those consumers to harm.6

While other countries have extensive data protection laws to protect consumers' personal information, the United States lacks universal, federal data protection laws.7 Instead of calling for a law that would protect consumers from the progression of technology and globalization, many companies are actively lobbying against U.S. data protection legislation.8 Equifax, a company that suffered a data breach that affected over 147 million Americans in 2017,9 has spent millions lobbying in Congress against such protections.10 Many states have attempted to fill the void of data protection laws by passing their own laws; however, large companies that rely on the collection of consumer data for revenue have thwarted these efforts by urging state legislatures to vote against such data protections.11

As a result of the growing data protection problem, this Note argues Congress should implement data protection legislation to keep up with the rapidly advancing impact of technology on society and to protect consumers' privacy. First, in Part II, this Note compares the vastly different legal frameworks for data protection between the United States and the European Union ("EU"). Section II.A explores the current U.S. data protection framework, made up of sector-specific federal laws and state data protection laws. Section II.B discusses the development of data protection laws in the EU and contrasts its uniform regulatory framework with the U.S. approach. Finally, Section II.C provides a background on the General Data Protection Regulation ("GDPR"), which is a comprehensive data protection law passed by the European Parliament that will significantly affect how U.S. businesses collect the personal information of EU citizens. The GDPR establishes several rights for EU citizens regarding the right to control the processing of their personal information, such as the right to informed consent and the right to be forgotten.12 When drafting a federal data protection law, Congress should use provisions of the GDPR as examples of the rights and critical protections that consumers need in order to be effectively protected from future mass data breaches. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.