If, for example, you’d like to use Facebook to share photographs with your friends and see what they’ve been doing lately, you must agree to the service’s policies which include the service’s ability to keep your personal data on file and use it to deliver targeted ads and to track the other, non-Facebook websites you visit.
The Consumer Privacy Bill of Rights aims to give consumers more control of their personal information. Some of the guidelines are common sense, and many companies already follow these guidelines or come close. Codifying these principles is a positive step towards making consumers aware of expectations for the companies they interact with every day, like social media websites, banks and other financial institutions, and retailers.
Here are the main points:
Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
- Companies should give consumers choices about how companies collect, use, and share personal data.
- The ability to make these choices should be easy to use and easily accessible.
- The ability to change these choices after initially selecting them should be just as easy to use and accessible.
Consumers have a right to easily understandable and accessible information about privacy and security practices.
- Companies should clearly explain how personal information is collected and used internally and with third-parties.
- Companies should clearly define the policy for deleting private customer data.
Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
- Companies should not provide consumers’ personal information to third parties who will use that information for a different than it was intended. For example, if I, as a Facebook user, “like” the band Pink Floyd, I shouldn’t begin receiving emails from Amazon.com advertising Pink Floyd albums.
- Companies have a right to ask whether any particular customer would consent to this type of information sharing.
Consumers have a right to secure and responsible handling of personal data.
- From the text of the Privacy Bill of Rights: “Companies should assess the privacy and security risks associated with their personal data practices and maintain reasonable safeguards to control risks such as loss; unauthorized access, use, destruction, or modification; and improper disclosure.”
Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
- Companies should ensure the data they collect is accurate and current.
- Consumers should be able to review and correct stored information.
- Consumers should be able to request stored information be deleted.
Consumers have a right to reasonable limits on the personal data that companies collect and retain.
- Companies shouldn’t collect more information than necessary.
- Companies should securely dispose of information when no longer needed.
Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
- Consumers should expect companies to follow these guidelines.
- Both companies and consumers should expect the employees of companies collecting users’ personal information to follow these guidelines.
Published or updated February 27, 2012.