5 ways to finally fix data privacy in America

As a new administration enters the White House, we have the chance to finally fix privacy in America. Short of passing a national privacy law (which the majority of Americans want), we need action on data privacy. We need changes enacted swiftly and without delay. Both consumers and businesses deserve consistency and clarity.

As business leaders, we must put our customers first. We should be customer-centric in our thinking and unwavering in our support for greater controls that deflate the “us vs. them” mentality pervasive in privacy. Managing privacy shouldn’t be complicated and confusing. It should be as simple and straightforward as reasonably possible.

In that spirit, here are five ideas to make privacy work for consumers and businesses. A couple of them could likely even be mandated by Executive Order. One thing is sure: American companies are creative and innovative. We can protect an individual’s right to privacy while still delivering services and products that consumers want — at a profitable price. What are we waiting for?

1. Make privacy opt-in

It’s a sad state of affairs when companies have to trick you into agreeing to share your personal information to use their services or gain access to a website. Nearly everywhere you look, you have to opt-out of data sharing. Flip that on its head: that means that privacy is an opt-in experience; you have to “opt-in” to protect your privacy because you have no default assumption of data privacy.

And you have to declare your privacy preferences with every single company. You have to tell each company that you want data privacy by telling them how to use your data. In essence, you’re opting into privacy by opting out of their data sharing. This needs to change. Data privacy should be the default. The onus is then on companies to show the benefits of data sharing so that consumers can actively choose to opt in to share their personal information.

2. Require plain English privacy policies

Privacy policies are dense documents thick with legalese. They’re so hard to understand that few people actually read them and so long that it would take 76 working days to read the policies you encounter in a single year. Incredible.

How in the world are we putting data privacy on the shoulders of consumers when it’s the companies that are getting the most benefit from invading our data privacy? They should be honest and transparent; we shouldn’t need lawyers to understand what we’re consenting to.

Companies should have privacy policies that are written plainly in easy-to-understand language. Businesses can put these policies into centralized privacy hubs. These hubs show users how their data is collected, stored, and used, as well as one-click privacy controls to manage their consent. Plain and simple language, with easy navigation in one location — that’s the answer.

3. Mandate privacy labels

Apple is absolutely on the right track here. The company’s requirement for app developers to clearly define how apps use data is a watershed moment for privacy in America. However, when one company acts alone, it doesn’t create a shared environment of trust. Even if other companies follow suit, we will only have a patchwork of privacy labels that is equally dense as our current system. Instead, we should mandate privacy labels just like we do nutrition labels on foods.

Every company should explain its data usage with privacy labels that are consistent in content and conspicuous in placement — as in, the labels have the same layout and are easily located. When you flip over a product in the supermarket, you know what you’re going to find and where. Privacy should be the same: You should know what you’re signing up for in a consistent way across services.

4. Give data an expiration date

What if we simply required companies to allow each of us to set personal limits on data storage and usage? We could refine our data privacy settings in a more granular way, controlling our data destiny by deciding what data specific companies can use and for how long. Google has already started this in some products; all companies should follow suit.

If all data had an expiration date, it would prevent algorithms from using that data after the consumer has requested its deletion. Think about it: Even if you ask a company to stop using your data, it likely lives on in black-box algorithms. If data had an expiration date, it would rebalance the power away from the algorithms and towards humans.

5. Make protecting data cheaper than abusing it

Data needs to be protected, plain and simple. When the FTC settled with Flo, the fertility app accused of misleading consumers about data usage, it highlighted what we’d known all along: Many companies, especially health and fitness trackers, know more about us than we know about ourselves.

And yet we have no idea how well businesses are protecting our personal data. Europe’s privacy law, the GDPR, requires data protection as a default — and the law makes non-compliance costly. Fines range from 10 million euros or 2% of worldwide annual revenue to 20 million euros or 4% of revenue. Those fines have also increased 40% year-over-year.  While the U.S. fined Facebook $5 billion for abusing customer data in 2019 (a record fine), we need a consistent penalty framework that makes privacy protection less costly than privacy violation.

Companies should rightly be penalized when they violate our trust. We must align the disincentives with the externalities caused by privacy abuses. When it’s less expensive to pay fines than implement sound privacy practices, we have a serious problem.

To fix privacy in America, we have to shift the burden of privacy management from consumers to companies. Privacy is a human right and should be a de facto facet of the internet — not something that we have to fight for at every turn of our online journeys. Privacy protection should be a mandatory part of doing business in America — not an optional afterthought.

Harry Maugans is the CEO of Privacy Bee. His vision for the future of privacy is a world in which consumers have total transparency and control over their data footprints. He’s contributed to HackerNoon, AllBusiness, IB Times and ReadWrite.