Over the last few decades, the U.S. government (more accurately the industries that lobby it) have made it abundantly clear most aren’t keen on even the most basic of privacy law for the internet era. Sure, companies like Facebook and AT&T say they want a privacy law, but they don’t. Not really. Even the most basic privacy laws would educate consumers and empower them to more easily opt out of tracking and behavioral ads, costing countless sectors billions of dollars. What they want, if we have to have a law at all, is a law their lawyers write, so riddled with loopholes and caveats as to legalize dodgy behavior, not ban it.
Since these bogus solutions don’t sell well with consumer advocates and many privacy experts, we routinely hit gridlock. The result: the U.S. has no meaningful federal privacy law for the internet era decades after the fact. And, in the rare instances where U.S. leaders somehow manage to shake off lobbying influence and their own incompetence to pass even modest rules (like the FCC’s dead broadband privacy rules), they’re quickly dismantled by a Congress slathered in campaign contributions from multiple, coordinating industries.
This federal, lobbyist-induced apathy to passing any real federal privacy solutions has resulted in states rushing to fill the void. Often poorly. California, for example, has been lauded for passing one of the most comprehensive privacy solutions in the nation (which isn’t saying much) in the form of the California Consumer Privacy Act (CCPA). The problem, as we’ve noted previously, is that it was a rushed mess cobbled together in a mad dash. Sloppy wording means the bill had a huge share of problems, which Mike has outlined previously. For a subject this complicated, a “mad dash” approach was never likely to work out that well.
Fast forward to this week, when a new report by Consumer Reports found the bill (surprise!) isn’t really succeeding at its primary goal: clearly informing consumers what’s going on in terms of access to their data, and making it easier to opt out of data collection and sale. This most basic provision also isn’t being meaningfully enforced in any substantive way. The organization spent much of May testing numerous websites and found that actually trying to opt out of data collection and sales was either impossible, or very difficult to confirm with the companies in question: [ … ]