REPORT: States are getting failing grades for privacy
BALTIMORE – Nearly half of states that have passed consumer privacy laws get a failing grade for protecting consumers’ data, finds a new scorecard report from Maryland PIRG Foundation and the Electronic Privacy Information Center (EPIC). The Maryland General Assembly is currently considering a bill that would be the 2nd strongest protection in the nation.
Tech companies’ harvesting of personal information including demographics and browsing and search history has attracted more attention in recent years. Over 80% of Americans are concerned about how companies collect and use their data.
The U.S. currently lacks a federal comprehensive consumer privacy law. Since 2018, 44 states have considered consumer privacy bills aiming to fill the void of federal regulation and protect consumers. In many states, however, legislators considering consumer privacy bills have faced a torrent of industry lobbying vying to weaken protections. Of the 14 laws states have passed so far, all but California’s closely follow a model that was initially drafted by industry giants.
“Many of these ‘privacy laws’ protect privacy in name only,” said Caitriona Fitzgerald, deputy director of EPIC. “Industry lobbyists have been drowning out the voices of consumer advocates across the country, leading to the passage of weak laws that do little to protect privacy. Big Tech should not be allowed to write the rules.”
The more data companies collect, and the more companies they sell and disclose it to, the more likely it is that your information will be exposed in a breach or a hack and end up in the hands of identity thieves, scammers, or on robocall lists.
“The easiest data to keep secure is data that isn’t collected in the first place,” said R.J. Cross, Maryland PIRG’s Don’t Sell My Data campaign director. “The best thing for consumers is preventing companies from collecting unnecessary data. Unfortunately, there’s not a privacy law in the country that does this as well as it should. Maryland has the opportunity to buck the trend and protect consumers.”
Maryland has yet to pass a comprehensive consumer privacy law. The Maryland Online Data Privacy Act of 2024, sponsored by State Senator Dawn Gile and Delegate Sara Love, would require companies to limit data collection to only what’s necessary, and limit the uses of sensitive data to only essential purposes. The bill earns a B- on the scorecard and would be the 2nd strongest protection in the country.
The Maryland General Assembly is holding hearings on the bills on February thirteenth and fourteenth in the House and Senate, respectively.
“Right now in Maryland, companies are collecting and selling personal and sensitive data about our lives without our knowledge or consent. Unknowingly, we are both the consumer and the product,” said Delegate Sara Love. “This bill will change that by giving consumers protection over their personal data, along with additional protections. I think that the fact that our privacy bill earns a B- while half of those in other states earn failing grades speaks volumes about the need for this legislation and the progress we need to make.”
“This data privacy bill aims to empower individuals with control over their personal information, ensuring transparency, accountability, and security in the digital realm,” explained State Sen. Dawn Gile. “It’s imperative that we enact robust measures to protect our constituents’ privacy, fostering trust and confidence in our increasingly interconnected world.”
####