The Data Privacy Digest is Californians for Consumer Privacy's weekly round-up of relevant consumer data privacy news. You may subscribe here.
As California goes, so goes the nation. This week, California's privacy legislation got a pat on the back from its new Governor while the United States Government Accountability Office recommended Congress take up privacy legislation. When the California Consumer Privacy Act goes into effect in 2020, 1 in every 8 Americans will have the strongest consumer privacy rights in the nation – and not a minute too soon, seeing as how Motherboard's dogged investigation is now reporting highly personal data was collected and sold by telecom giants for years, including information used for 911 calls.
It’s time for this week’s Data Privacy Digest:
Privacy got a shout-out by California Governor Gavin Newsom in his first State of the State address:
"California is proud to be home to technology companies determined to change the world. But companies that make billions of dollars collecting, curating and monetizing our personal data have a duty to protect it. Consumers have a right to know and control how their data is being used. I applaud this legislature for passing the first-in-the-nation digital privacy law last year."
Hundreds of bounty hunters had access to AT&T, T-Mobile, and Sprint customer location data for years. According to an ongoing investigation from Motherboard, "documents show that bail bond companies used a secret phone tracking service to make tens of thousands of location requests." "In January, Motherboard revealed that AT&T, T-Mobile, and Sprint were selling their customers’ real-time location data, which trickled down through a complex network of companies until eventually ending up in the hands of at least one bounty hunter. Motherboard was also able to purchase the real-time location of a T-Mobile phone on the black market from a bounty hunter source for $300. In response, telecom companies said that this abuse was a fringe case.
"In reality, it was far from an isolated incident."
The United States Government Accountability Office is telling Congress it's time for privacy legislation.
"Congress should consider developing comprehensive legislation on Internet privacy that would enhance consumer protections and provide flexibility to address a rapidly evolving Internet environment. Issues that should be considered include: (1) which agency or agencies should oversee Internet privacy; (2) what authorities an agency or agencies should have to oversee Internet privacy, including notice-and-comment rulemaking authority and first-time violation civil penalty authority; and (3) how to balance consumers' need for Internet privacy with industry's ability to provide services and innovate."