Consumer privacy, also known as customer privacy, involves the handling and protection of sensitive personal information that individuals provide in the course of everyday transactions. As the internet has evolved into a medium of commerce, consumer data privacy is a growing concern.
Legal consumer privacy protection
Consumer privacy derives from the idea of personal privacy, which, although not explicitly outlined in the U.S. Constitution, has been put forward as an essential right in a number of legal decisions, beginning in the 1920s.
While legislation has enforced high standards of data privacy protection in Europe, data privacy protection in the United States has centered more on Federal Trade Commission (FTC) regulations requiring companies to disclose their corporate privacy policies to customers. The FTC can take legal action against companies that violate customer privacy policies or companies that compromise their customers' sensitive personal information.
The evolution of consumer privacy regulations was influenced in the U.S., in part, by the Privacy Act of 1974, which governed collection and use of information about individuals in federal agencies' systems. The Privacy Act prohibits the disclosure of an individual's records without their written consent, unless the information is shared under one of 12 statutory exceptions.
More recently, former U.S. President Barack Obama's administration worked to broaden data privacy protection by requiring internet service providers to obtain their customers' consent prior to using their personal data for advertising and marketing. These protections were reversed in the early days of President Donald Trump's administration in 2017 before they ever took effect.
Consumer privacy issues
Personal information, when misused or inadequately protected, can result in identity theft, financial fraud and other problems that collectively cost people, businesses and governments millions of dollars per year.
Consumer privacy features offered by corporations and government agencies include do-not-call lists. Other privacy features that have emerged over time include verification of transactions by email or telephone; nonrepudiation technologies for email; passwords and other authorization measures; encryption and decryption of electronically transmitted data; opt-out provisions in user agreements for bank accounts, utilities, credit cards and similar services; digital signatures; and biometric identification technology.
The emergence of internet commerce and so-called big data, beginning in the early 2000s, cast consumer data privacy issues in a new light. While the World Wide Web Consortium's (W3C's) Platform for Privacy Preferences Project (P3P) arose to provide an automated method for internet users to divulge personal information to websites, widespread gathering of web activity data was largely unregulated.
Why consumer privacy protection is necessary
A series of high-profile data breaches in which corporations failed to protect consumer data from internet hacking have drawn attention to shortcomings in personal data protection. Several such events were followed by government fines and forced resignations of corporate officers. In 2017, the litany of customer data breaches came to include Uber, Yahoo, Equifax and others.
Consumer privacy issues have arisen as prominent web companies like Google and Facebook moved to the top of business ranks of using web browser data to gain revenue. Other companies, including data brokers, cable providers and cell phone manufacturers, have also sought to profit from related data products.
Concern for corporate use of consumer data led the European Union to create its General Data Protection Regulation (GDPR) to curb data misuse. The regulation, effective on May 25, 2018, requires organizations doing business in the EU to appropriately secure personal data and allow individuals to access, correct and even erase their personal data. Such compliance requirements have led to renewed emphasis on data governance, as well as data protection techniques such as anonymization and masking.