Data Privacy’s Tipping Point: Where We Go From Here

New research provides evidence we’re entering the Great Privacy Awakening

Consumers want to ensure their privacy is protected. This much we know. But what are they doing to protect it, and how much do people really care?  DataGrail recently released a new report that examines online privacy practices and consumer sentiments after a year of fear-inducing headlines about privacy.  Contrary to an existing bias suggesting people don’t care about privacy, the results say otherwise. Fifty-seven percent of people are “fed up with” or “creeped out by” existing data privacy practices. They are so fed up that 75% of people would abandon their favorite brands if they felt like a company wasn’t taking care of their data.

This “privacy awakening” stems from a long line of troubling incidents that have shaken beliefs that companies keep our personal information safe. From Edward Snowden’s surveillance bombshells and the Target breach in which hackers stole data from 40 million credit and debit cards, to the Facebook Papers, the overturning of Roe v. Wade and several points in between, this moment has been a decade in the making. Consumers are coming to grips with the fact that in moving so much of their lives online, they’ve unwittingly sacrificed their personal information for someone else’s gain.

With such recognition, it’s become commonplace to beat up on companies like Meta over its privacy practices; after all, its failings have been well-documented. But what about Apple? Even this perceived privacy champion is facing hiccups in the form of a consumer-backed class action lawsuit. The suit claims it continues to track customers despite being explicitly asked not to by its users through Apple’s much heralded App Tracking Transparency framework. Then there is Google, with its $391 million privacy settlement, the largest internet privacy settlement in the U.S. to date. And there are the “little guys” like Sephora that are having trouble keeping up with California’s CCPA privacy regulations. Who can you trust with your information?

Legal problems

In the U.S. that’s a hard question to answer, in part because we have no significant federal legislation in place to protect consumer data. Last summer, the House of Representatives introduced the American Data Privacy and Protection Act (ADPPA) in an attempt to coral the horse and put it back in the barn. But despite bipartisan support and consumers hungering for federal protection, the bill appears to have stalled out before mid-terms, facing opposition from states like California that have already enacted their own, stringent data privacy laws.

The U.S. remains one of the few economically developed nations with no data privacy regulations – which opens up a number of challenges for American businesses and leaves consumers wondering what rights they have to protect their information and whether those rights will be properly upheld.

In the absence of a federal law, consumers are taking action: From using ad-blockers, and deleting their browser history to using their privacy rights and requesting their data be deleted.

Actions People Take to Protect their Personal Data Online

To protect their personal data —particularly as companies and the government fail to act on their behalf—people are willing to go so far as to pay to ensure they could not be tracked by governments or targeted by companies—unless they explicitly said yes. Two percent of Americans said that they would pay over $5,000 per year.

Can the U.S. step up as a global privacy leader?

Up to this point, the U.S. has taken a backseat on privacy legislation for a variety of reasons – politics, the conflation of antitrust with data privacy, and no real appetite to tackle such thorny issues. But U.S.-based tech companies are tired of letting other countries– and an assortment of states– tell them how to run their businesses; if legislation is inevitable, they at least want some say in it. Lawmakers are also seeing just how active American consumers have become in taking their privacy rights into their own hands.

In California for instance, where citizens have certain rights under the California Consumer Privacy Act (CCPA), consumers are becoming much more involved in protecting their information. Between 2020 and 2021, the volume of data subject requests (DSRs) nearly doubled, and more invasive deletion requests, where businesses are asked to erase user information permanently and completely from their systems, also saw a massive spike.

The time has come to do SOMETHING. We’re going into a new year, with a new Congress. It’s time to show action that will benefit consumers and supply proper, consistent guidelines for businesses. Will our leaders be willing to open the door to new possibilities, or will we continue to watch idly as the European Union and nations around the world – or individual states– fine U.S. companies for poor privacy behavior? Data privacy matters. We need to act like it.