Data Privacy Explained for My 15-Year-Old

Data Privacy

Data privacy today, in a nutshell

Why data privacy laws?

Laws aimed at protecting consumers' privacy have been around for decades, but most have been so limited that they were widely ignored. That all changed in 2016, when the European Union passed the General Data Protection Regulation (GDPR). GDPR was different from all its predecessors for several reasons, including

    • • It applies to any company collecting the data of EU residents, regardless of where the business is located.
    • It grants specific rights to consumers, including the right to access their data, the right to have their data deleted, and other rights that businesses are obliged to honor.
    • • It has big enough "teeth"—in the form of significant penalties for violations—to make businesses take it seriously.

A couple of years later, the state of California followed suit by passing the California Consumer Protection Act (CCPA), which mirrored many of the GDPR's requirements, and more laws in other states are making their way through legislatures—or have already been passed.

Data privacy explained for:        my 15-year-old                  

Think about the last time you ordered something online—pizza, athletic shoes, the latest iPhone, movie tickets, whatever. As part of the ordering process, you probably gave the vendor information like your name, phone number, email address, maybe your physical address, and credit card information (or they already had this info from when you first set up your account). No big deal, right?

 

But did you ever think about what happens to all that data after you click "Place order?"

 

Chances are it doesn't just sit on a server just waiting for you to place another order. Companies make money—big money—selling personal information to advertisers, so that those advertisers can target ads to you based on your age, gender, geographic location, past purchases, online habits, and a slew of other factors. Your information can change hands any number of times and wind up in the hands of any number of companies (some less legit than others), and you'd never know it.

 

And then there are the breaches. You've probably heard about companies like Equifax, Marriott, eBay, and Yahoo!, where cyberthieves  hacked their way in to steal millions of customer records. If the thought of a criminal knowing your name, address, phone number, and other personal information gives you the creeps, it should.

 

 

 

How data privacy laws protect you

Basically, data privacy laws put into enforceable legislation many measures that responsible businesses should be taking anyway, including

  • • Getting your consent before they gather and use your personal data
  • • Letting you see the data they've collected about you (some of which might surprise you)
  • • Being open and honest about how they use your data
  • • Not selling or sharing your data without your permission
  • • Protecting your data against breaches, both intentional and unintentional

 

 

 

 

Curious about whether your state has a data privacy law in place, and if so, what it entails? Here's a handy resource published by the International Association of Privacy Professionals. (Just be warned: data privacy regulations tend to be heavy on legalese, so you may need to ask a parent to help you translate. We can help, too.)

 

 

 

Got questions about data privacy laws?

 

Give us a shout.