scholarly journals Can the CCPA Access Right Be Saved? Realigning Incentives in Access Request Verification

2020 ◽  
Vol 20 (1) ◽  
Author(s):  
Rebecca Iafrati
Keyword(s):  
Personal Information ◽  
Profit Maximization ◽  
Identity Theft ◽  
The United States ◽  
Control Rights ◽  
Consumer Privacy ◽  
Data Control ◽  
Access Request ◽  
Verification Systems ◽  
Access Right

The California Consumer Privacy Act access right has the potential to give Californians a level of control over their personal information that is unprecedented in the United States. However, consumer privacy interests will be in peril unless the access right is accompanied by an effective access request verification requirement. Requiring companies to respond to access requests when they cannot verify that the requestor is the subject of the requested data puts sensitive personal information at risk. Inversely, allowing companies to shirk their access request responsibilities by claiming that data is unverifiable diminishes consumers’ data control rights. Thus, in the context of access request verification policy, there is an inherent tension between privacy as confidentiality and privacy as control. The success of the access right, and thus all CCPA data control rights, hinges on an access request verification policy that successfully balances these competing privacy interests. The endemic identity theft caused by credit application verification systems demonstrates why such balancing cannot be wholly left to private companies. In the credit context, balancing has been driven by the profit maximization interests of businesses, which currently do not align with consumer privacy interests. Fortunately, several scholars have proposed methods for aligning these divergent interests. The strengths and weaknesses from these proposed solutions to identity theft provide a useful framework for building a system that incentivizes companies to prioritize consumer privacy when developing access request verification systems.

scholarly journals Data protection regulation: a comparative law approach

2021 ◽  
Vol 2 (2) ◽  
pp. 33-53
Author(s):  
MarcusAbreu de Magalhaes
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Data Transfer ◽  
Personal Information ◽  
Security Requirements ◽  
Comparative Approach ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Law ◽  
Data Control

This paper aims to present a comparative approach to data protection regulations around the world. Most countries possess data protection laws in some level of detail. In order to compare structures of data control and compliance in dissimilar systems, the study selected four distinct arrangements : the European General Data Protection Regulation (GDPR); the California Consumer Privacy Act (CCPA); the Brazilian Digital Privacy Law, Lei Geral de Proteção de Dados Pessoais (LGPD); and the Chinese Data Privacy Framework, which is molded by a set of different regulations. The analysis was based in common key points of those regulations – territorial scope, consent and disclosure, data security requirements, data transfer, Data Protection Officer, awareness and training, and penalties – to explore the different policies and national goals. The paper argues that, in the landscape of the information based society, new law is needed to protect citizens’ rights to privacy and to bound harvesting and mining of personal information to ensure transparency, control, and compliance of the information economy.

scholarly journals Setting the Bar Low: Are Websites Complying With the Minimum Requirements of the CCPA?

2021 ◽  
Vol 2022 (1) ◽  
pp. 608-628
Author(s):  
Maggie Van Nortwick ◽  
Christo Wilson
Keyword(s):  
Personal Information ◽  
The United States ◽  
State Legislature ◽  
Consumer Privacy ◽  
Privacy Act ◽  
Privacy Laws ◽  
Minimum Requirements ◽  
The Law ◽  
Compliance With The Law ◽  
Rule Making

Abstract On June 28, 2018, the California State Legislature passed the California Consumer Privacy Act (CCPA), arguably the most comprehensive piece of online privacy legislation in the United States. Online services covered by the CCPA are required to provide a hyperlink on their homepage with the text “Do Not Sell My Personal Information” (DNSMPI). The CCPA went into effect on January 1, 2020, a date that was chosen to give data collectors time to study the new law and bring themselves into compliance. In this study, we begin the process of investigating whether websites are complying with the CCPA by focusing on DNSMPI links. Using longitudinal data crawled from the top 1M websites in the Tranco ranking, we examine which websites are including DNSMPI links, whether the websites without DNSMPI links are out of compliance with the law, whether websites are using geofences to dynamically hide DNSMPI links from non-Californians, how DNSMPI adoption has changed over time, and how websites are choosing to present DNSMPI links (e.g., in terms of font size, color, and placement). We argue that the answers to these questions are critical for spurring enforcement actions under the law, and helping to shape future privacy laws and regulations, e.g., rule making that will soon commence around the successor to the CCPA, known as the CPRA.

scholarly journals “I Just Bought a Flat Screen T.V. in Kolkata?” Application of Laws for International Outsourcing Related Identity Theft

2007 ◽  
Vol 7 ◽  
Author(s):  
Samantha Grant
Keyword(s):  
Customer Service ◽  
Personal Information ◽  
Identity Theft ◽  
Financial Information ◽  
The Internet ◽  
Consumer Privacy ◽  
Flat Screen ◽  
Service Jobs ◽  
Related Identity ◽  
Do So

Because the internet makes it economical to do so, many American companies have sent their customer service jobs overseas. Workers in these outsourced jobs often have access to personal financial information of American citizens. Recent identity thefts, both in America and abroad, highlight the need for laws mandating tighter security by the companies that hold and trade personal information. This paper explores American legislation attempting to deal with identity theft crime as well as parallel laws in India, where many of the outsourced jobs are located. Furthermore, this paper suggests that any federal legislation ought not to preempt state law, as California law is currently protecting consumer privacy stronger than proposed legislation would.

Consumer Consent and Firm Targeting After GDPR: The Case of a Large Telecom Provider

2021 ◽  
Author(s):  
Miguel Godinho de Matos ◽  
Idris Adjerid
Keyword(s):  
Firm Behavior ◽  
Personal Information ◽  
Data Types ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
General Data ◽  
Targeted Marketing ◽  
Dramatic Shift ◽  
Lock In

The general data protection regulation (GDPR) represents a dramatic shift in global privacy regulation. We focus on GDPR’s enhanced consumer consent requirements that aim to provide transparent and active elicitation of data allowances. We evaluate the effect of enhanced consent on consumer opt-in behavior and on firm behavior and outcomes after consent is solicited. Utilizing an experiment at a large telecommunications provider with operations in Europe, we find that opt-in for different data types and uses increased once GDPR-compliant consent was elicited. However, consumers did not uniformly increase data allowances and continued to generally restrict permissions for more sensitive or tangential uses of their personal information. We also find that sales, the efficacy of marketing communications, and contractual lock-in increased after consumers provided new data allowances. Additional analysis suggests that these gains to the firm emerged because new data allowances enabled them to increase their use of targeted marketing for households that were amenable to these marketing efforts. These results have significant implications for firms and policymakers and suggest that enhanced consent provided via GDPR may be effective for increasing consumer privacy protection while also allowing firms reliant on consumers’ personal information to improve outcomes. This paper was accepted by Chris Forman, information systems.

scholarly journals Cyberstalking victimization

Temida ◽  
2013 ◽  
Vol 16 (1) ◽  
pp. 151-162
Author(s):  
Vida Vilic
Keyword(s):  
Social Networks ◽  
Electronic Communication ◽  
Personal Information ◽  
Identity Theft ◽  
Social Phenomenon ◽  
Chat Rooms ◽  
Online Fraud ◽  
The Creation ◽  
Personal Photos ◽  
E Mail

Global social networks contributed to the creation of new, inconspicuous, technically perfect shape of criminality which is hard to suppress because of its intangible characteristics. The most common forms of virtual communications? abuse are: cyberstalking and harassment, identity theft, online fraud, manipulation and misuse of personal information and personal photos, monitoring e-mail accounts and spamming, interception and recording of chat rooms. Cyberstalking is defined as persistent and targeted harassment of an individual by using electronic communication. The victim becomes insecure, frightened, intimidated and does not figure out the best reaction which will terminate the harassment. The aim of this paper is to emphasize the importance and necessity of studying cyberstalking and to point out its forms in order to find the best ways to prevent this negative social phenomenon. Basic topics that will be analyzed in this paper are the various definitions of cyberstalking, forms of cyberstalking, and the most important characteristics of victims and perpetators.

scholarly journals Public attitudes towards algorithmic personalization and use of personal data online: evidence from Germany, Great Britain, and the United States

2021 ◽  
Vol 8 (1) ◽  
Author(s):  
Anastasia Kozyreva ◽  
Philipp Lorenz-Spreen ◽  
Ralph Hertwig ◽  
Stephan Lewandowsky ◽  
Stefan M. Herzog
Keyword(s):  
United States ◽  
Great Britain ◽  
Data Privacy ◽  
Large Scale ◽  
Personal Information ◽  
Public Attitudes ◽  
Personal Data ◽  
The United States ◽  
Individual Level ◽  
Personalized Services

AbstractPeople rely on data-driven AI technologies nearly every time they go online, whether they are shopping, scrolling through news feeds, or looking for entertainment. Yet despite their ubiquity, personalization algorithms and the associated large-scale collection of personal data have largely escaped public scrutiny. Policy makers who wish to introduce regulations that respect people’s attitudes towards privacy and algorithmic personalization on the Internet would greatly benefit from knowing how people perceive personalization and personal data collection. To contribute to an empirical foundation for this knowledge, we surveyed public attitudes towards key aspects of algorithmic personalization and people’s data privacy concerns and behavior using representative online samples in Germany (N = 1065), Great Britain (N = 1092), and the United States (N = 1059). Our findings show that people object to the collection and use of sensitive personal information and to the personalization of political campaigning and, in Germany and Great Britain, to the personalization of news sources. Encouragingly, attitudes are independent of political preferences: People across the political spectrum share the same concerns about their data privacy and show similar levels of acceptance regarding personalized digital services and the use of private data for personalization. We also found an acceptability gap: People are more accepting of personalized services than of the collection of personal data and information required for these services. A large majority of respondents rated, on average, personalized services as more acceptable than the collection of personal information or data. The acceptability gap can be observed at both the aggregate and the individual level. Across countries, between 64% and 75% of respondents showed an acceptability gap. Our findings suggest a need for transparent algorithmic personalization that minimizes use of personal data, respects people’s preferences on personalization, is easy to adjust, and does not extend to political advertising.

Information Privacy

2013 ◽  
pp. 52-69
Author(s):  
Garry L. White ◽  
Francis A. Méndez Mediavilla ◽  
Jaymeen R. Shah
Keyword(s):  
Personal Information ◽  
The United States ◽  
Information Privacy ◽  
Multinational Companies ◽  
Privacy Policies ◽  
Corporate Managers ◽  
Secondary Use ◽  
Privacy Laws ◽  
Foreign Countries ◽  
Corporate Information

In the Web dependent world, companies must respect and protect individuals’ information privacy. Companies develop and implement corporate information privacy policies to comply with the domestic and international information privacy laws and regulations. This paper investigates: (a) the approach used by multinational and domestic companies to develop and implement corporate information privacy policies; and (b) the perception of corporate managers/professionals toward information privacy legislation and secondary use of personally identifiable information (PII) that organizations collect. A survey was conducted to collect data from corporate CEOs, managers, and technical professionals of national and multinational companies. Findings indicate the following: 1) Views regarding the practicality and effectiveness of information privacy legislations are similar for respondents from the national and multinational companies. 2) Respondents are undecided about whether the privacy laws of the United States and foreign countries are equally restrictive. 3) Multinational companies do not favor developing and implementing uniform information privacy policies or different information privacy policies across countries of operations. 4) Respondents strongly agreed that unauthorized secondary use of personal information is unacceptable.

E-Government, Security, and Cyber-Privacy

Cyber Crime ◽  
2013 ◽  
pp. 1314-1327
Author(s):  
Ross Wolf ◽  
Ronnie Korosec
Keyword(s):  
Personal Information ◽  
The United States ◽  
Advanced Technology ◽  
Sensitive Information ◽  
Government Responsibility ◽  
Public And Private ◽  
On Line ◽  
Enhance Efficiency ◽  
Technology And Communication ◽  
Public And Private Sector

E-government involves governments at all levels using advanced technology and communication tools to provide services, allow for transactions, and respond to citizen’s needs and requests. This on-line version of government, which is designed to enhance efficiency and improve operations, relies heavily on a network of data structures that are currently in place. While much has been written about e-government, few studies exist that link the concepts of e-government and security with individual rights and government responsibility. Now more than ever, progressive changes in technology allow public and private sector entities to routinely collect, store, and disseminate large files of personal information about the citizens and clients they interact with. The power associated with the magnitude of this information requires great responsibility and accountability. This chapter is a beginning point to discuss how governments in the United States attempt to maintain secure fortresses of data, limit the dissemination of sensitive information to unauthorized parties, and ensure on line privacy for citizens.

Sign in / Sign up

Export Citation Format

Share Document