Customer data is an essential corporate asset. Organizations collect a vast amount of data about their consumers, including personal information such as names, addresses, email addresses, and purchase history. This data can be used for a variety of purposes, such as improving customer service, developing new products and services, and targeted marketing. However, organizations need to protect consumer privacy when using their websites and other digital platforms.
Protecting consumer privacy has never been more important for organizations. First, protecting consumer privacy can help organizations to avoid costly data breaches. Data breaches can occur when cybercriminals gain unauthorized access to an organization's computer systems and steal personal data. Data breaches can have a devastating impact on organizations, both financially and reputationally.
Second, protecting consumer privacy is essential for building trust. Consumers are more likely to do business with organizations that they trust to protect their personal information. According to a new study by MAGNA Media Trials and Ketch, a remarkable 74% of people now rank data privacy as one of their top values. When consumers feel confident that their privacy is respected, they are more likely to share their data, which can help organizations to better understand their customers and improve their products and services.
Third, it is a legal requirement in many countries. Data privacy laws such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States give consumers the right to control how their data is collected, used, and shared. Organizations that fail to comply with these laws can face significant fines and penalties.
Data Privacy and the Law
There are several reasons why so many companies are facing class-action lawsuits over online data privacy violations in the U.S.
- Increased awareness of data privacy rights. Consumers are becoming more aware of their data privacy rights and are more likely to take legal action when their privacy is violated.
- More aggressive enforcement by regulators. The U.S. Federal Trade Commission (FTC) and state regulators are taking a more aggressive approach to enforcing data privacy laws.
- The increase in settlement costs of class action lawsuits. Plaintiffs’ attorneys are emboldened by their successful claims against organizations, large and small. Last year, Facebook (Meta) agreed to pay $90 million to settle its online tracking class action suit; the online data privacy class action lawsuit involving the Boston Globe settled for $5 million, Advocate Aurora Health paid over $12 million, Massachusetts General paid $18 million in settlement of its data privacy violations.
- The high cost of data breaches. Data breaches can be very costly for companies, both financially and reputationally. This makes them a target for class action lawsuits.
In addition to the above factors, the recent lawsuits involving violations of wiretapping laws and the VPPA (US Video Privacy and Protection Act) have also contributed to the increase in data privacy violations in the US. These lawsuits have shown that companies can be held liable for violating consumers' privacy rights, even if they do not directly collect or use consumer data. Just this week, Sony settled a lawsuit for $16 million in which the plaintiffs argued that their online entertainment platform, Crunchyroll, shared consumer data with Meta, Google, and Adobe without authorization, violating VPPA.
Here are some additional examples of recent data privacy class action lawsuits in the U.S.:
- Cabela’s sued for improper use of ‘session recording’ tools violating Florida’s consumer privacy laws.
- H&R Block, Meta and Google are named in a class action lawsuit alleging that they illegally coordinated to use spyware to collect and share taxpayers’ sensitive financial information.
- The University of California San Francisco and Dignity Health sued for violation HIPAA by sharing personal health information with Meta.
Organizations can protect consumer privacy in several ways. Here are some tips:
- Know the data privacy laws in the states in which you operate. The U.S. has no federal law, and regulations vary by state.
- Use data security measures to protect personal data from unauthorized access, use, or disclosure. This includes tools to prevent your website from sharing data with third-party ad tech and marketing tools.
- Be transparent about how you collect, use, and share personal data. Provide consumers with a clear and concise privacy policy that explains how their data will be used and what choices they have about how their data is shared.
- Obtain consent from consumers before collecting or using their personal data. Consumers should have the right to choose whether to share their personal data with you.
- Give consumers control over their personal data. Consumers should be able to access, correct, delete, and restrict the use of their personal data.
Cookie Consent Is Not Enough
Cookie consent banners are pop-ups or notification boxes that appear on a website when a user visits it for the first time. They inform users about the use of cookies on the site and typically request their consent for cookie usage.
Cookies are small text files that are stored on a user's device when they visit a website. They can be used for a variety of purposes, such as tracking user behavior, personalizing the user experience, and delivering targeted advertising.
Cookie consent banners are required by law in many countries, including the European Union but not required by U.S. law. However, they are not always effective in gaining users' informed consent.
Why Cookie Consent Banners Aren't Always Effective
- They are often too complex and technical for users to understand. Many cookie consent banners use jargon and legal language that is difficult for the average user to comprehend. This makes it difficult for users to make informed decisions about whether to consent to cookies.
- They are often pre-checked by default. Many cookie consent banners have all the cookie categories pre-checked by default. This means that users must actively uncheck the boxes for the cookie categories that they do not want to consent to. This can lead to users accidentally consenting to cookies that they do not want.
- They are often difficult to dismiss. Some cookie consent banners are designed to be difficult to dismiss. This can be frustrating for users who want to quickly get on with using the website.
- Users are often blinded to them. Cookie consent banners are often displayed at the bottom of the page, where users are less likely to see them. Additionally, some users may have trained themselves to ignore cookie consent banners, as they see them on so many websites.
Organizations Can Build Trust by Building Better Websites
It’s a fact of modern life that businesses rely on consumer data to drive sales, online and offline. And advertising technology will continue to proliferate and become more sophisticated. The onus, therefore, is on corporations to build trust with their customers by building better websites that are designed to protect their customers’ data. Rather than asking consumers for consent to exploit them, corporations should proactively demonstrate good stewardship of their customer’s personal information and be transparent about how they collect, use, and share personal data to the benefit of their customers.
Ian Cohen is the CEO and founder of LOKKER, a provider of online data privacy solutions for the enterprise. He is an expert on how insurance businesses can identify risk and reduce exposure to mitigate losses for both their clients and their businesses Before founding LOKKER in 2021, Cohen formerly served as CEO for Credit.com, and CPO for Experian, where he focused on consumer-permissioned data.