In an opinion piece for the Los Angeles Times, columnist David Lazarus discusses the issues of privacy and who owns your data:
Who owns your personal information — you or the business you share it with? It’s a fundamental question that gets to the heart of whether existing privacy protections are too strict or not strict enough.
It also addresses matters of accountability when data go astray, as was the case this week when a major credit card processing company said as many as 1.5 million card numbers may have been stolen by hackers. I wrote on Tuesday about the lack of adequate disclosure rules when people’s privacy is violated.
Today let’s look at whether your name, address, birth date and other sensitive data can be reasonably considered yours in an age when we’ve all been reduced to computer bits, and when personal info has become a commodity to be bought and sold by marketers and merchants. […]
Facebook’s grudging adoption of stricter privacy rules is illustrative of the situation.
The company makes most of its money from ads that target its more than 845 million users based on the personal information they divulge on the site. Facebook earned a profit of $668 million last year and could be valued at $100 billion or more when it goes public next month.
In November, the company settled with the Federal Trade Commission over allegations that it misled users about the handling of their personal info. The site shared with others tidbits that users had deemed private, the agency said.
Facebook also allowed advertisers to obtain personally identifiable information when a user clicked on an ad on his or her Facebook page, the FTC said. And it said Facebook shared user info with outside developers. […]
The FTC also wants Congress to enact laws giving consumers the right to know what sort of information private-sector data brokers are amassing about them. […]
Consumers should indeed be able to find out what’s being bought and sold in connection with their names, so lawmakers should act on the FTC’s proposal. But I’d take this whole thing a big step further.
I propose a law explicitly declaring that a person’s personal information belongs to that person, not to the companies it’s shared with. Aside from whatever uses are required for routine order fulfillment, no use of anyone’s information would be authorized without that person’s upfront consent.