If the internet is changing and evolving, then so should our policies regarding how it integrates into the norms and protections of our societies, including consumer privacy. Just as there are unalienable rights for human beings in the analog world, it is important that these be expanded into the digital universe as well. Shockingly, many people are not aware of the lack of legislative protection of their information in the country they live in, let alone globally.
Opinion: As a value-based organization, ZAMARTZ believes that the consumer should have access and protection of their information. Businesses should be able to thrive while still maintaining basic human rights, including those outlined in this article.
We have outlined many of the typical rights and information that legislation, such as GDPR and CCPA, are attempting to protect and enable for the consumer.
At the time of this article, approximately only 10% of these rights and types of Information have wide-spread protection.
Table of contents
Consumer Privacy Rights
| Right | Description |
|---|---|
| Right to Easily Request | Customer must have a conspicuous and multiple ways to make request easily |
| Right to Knowledge | Request their information specified by customer |
| Right to Access | Receive a copy of personal information organization holds about the consumer |
| Right to Portability | Have that personal information in a format that is transmittable to another entity if provided electronically |
| Right to Erasure | Have personal information deleted, subject to exceptions |
| Right to Opt Out of Sales | Restrict the sale of the consumer’s personal information |
| Right Against Discrimination | Not to be charged a different price or receive different services where exercising the other rights |
| Right to Stop Data Processing | Not to have data processed for direct marketing purposes. |
| Right to Amendment | Requested information is amended to correct customer’s data |
Types of Information Collected
| Type | Detail |
|---|---|
| PII (Personal Identifiable Information) | Identifiers such as a:Real NameNamed AliasPostal AddressUnique personal identifiersOnline identifier IP addressEmail addressAccount nameSocial Security numberDriver’s license numberPassport number or other similar identifiers |
| Characteristics | Example Characteristics of protected classifications:GenderAgeEthnicityRaceHair/Eye Color |
| Commercial Records | Commercial information including records of:personal propertyproducts or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies |
| Biometrics | Examples:Facial RecognitionFingerprintsIris Photographic RecognitionDNA SequencingVein RecognitionRetina ScanningVoice RecognitionFinger Geometry |
| Electronic Activity | Internet or other electronic network activity information, including, but not limited to: Browsing historySearch historyInformation regarding a consumer’s interaction with a website or applicationInformation regarding a consumer’s interaction with advertisement |
| Geo Location | Examples:HemisphereContinentCountryState/RegionMunicipalityCity/Town/VillageStreetAddress NumberPostal CodeServiceable Area |
| Sensory | Examples:AudioElectronicVisualThermalOlfactoryOr similar information |
| Professional | Professional or employment-related information |
| Educational | Education information, defined as information that is not publicly available personally identifiable information (PII) Examples as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99) |
| Modeling | Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s PreferencesCharacteristicsPsychological trendsPredispositionsBehaviorAttitudesIntelligenceAbilitiesAptitudes |
| Protected Health Information (PHI) | “Individually identifiable health information” is information, including demographic data, that relates to:the individual’s past, present or future physical or mental health or condition,the provision of health care to the individual, orthe past, present, or future payment for the provision of health care to the individual |
Identification Verification Process
There may be times where the requests and precision of collection may require the identity of the requester to be confirmed before proceeding. A classic minimum standard is suggested to be followed before any request for information be amended, deleted, or transmitted to/by the consumer.
At least 2 verification methods need to be completed to continue with processing:
- Request state-provided identification
- Request certified bill/document with residential address
- Request sent through identity verification tool or provided
Example: https://www.trulioo.com/
Data-Protection Categories
We also suggest having the standard cookie and data-protection categories:
- Strictly Necessary Essential (MIN):
Essential cookies enable core functionality, such as page navigation and access to secure areas. The website cannot function properly without these cookies. - Functional:
Functional cookies allow us to remember choices you make during your visit to a website–they are necessary to provide features and services specific to individual users. - Performance/Analytics:
Analytics cookies track your online behavior and share data with 3rd-party services that help us improve the performance of the website. - Targeting/Marketing:
Marketing cookies track your online behavior and share data with 3rd-party services that help us improve the relevance of marketing campaigns you receive. - Social (MAX):
Social cookies are a range of social media services that track across other sites and build up a profile of your interests
It is crucial that our policies evolve with the constant changes and advancements in technology, particularly when it comes to the protection of consumer information. However, as the article highlights, currently only a small percentage of these rights and types of information have widespread protection. Consumers also do not have a good understanding of the types of information collected and how it is used. It is imperative that we continue to advocate for and implement legislation to ensure these rights and protections are upheld in the digital world.
Note: ZAMARTZ Consulting and affiliates are not responsible for any issues, litigation, or cases as a result of shared data and opinions on this page.
Additional External Reference:
http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375