As technologies change, businesses have been able to collect more personal data about consumers. But consumers may not know how their information is being used and shared. For example, individuals’ social security numbers, zip codes, ages, and purchase histories can all be used to track online behavior. This has intensified concerns about the privacy and accuracy of consumer data.
Today’s WatchBlog post looks at our new snapshot on some of our work on the gaps in consumer privacy issues.
Data… Going once. Going twice… Sold!
Businesses and other entities, such as hospitals or colleges, collect data on individuals to create a consumer score. Consumer scores are used to analyze past behaviors and predict future ones. These scores can be helpful to businesses that want to target their advertisements, or to individuals looking for relevant coupons. They can even be used by hospitals to prescribe preventative care plans for patients at higher risk of developing diseases, such as diabetes and high blood pressure.
Key ways consumer scores are used
But, as we reported, these data and scores are often created, used, and sold without the consumer’s knowledge.
And these scores can be harmful when based on inaccurate, outdated, or biased data, which can lead to discrimination. For example, incorrect information could be used to determine whether a person suspected of a crime is granted bail. This could impact their life and freedom.
Because of these concerns, we asked Congress to consider enacting protections for consumer scores beyond existing federal laws. This could include enabling consumer access to view and correct incorrect data, or to be informed of score uses and their potential effects.
Not just a face in the crowd with facial recognition technology
Businesses are also collecting visual data on consumers through the use of facial recognition technology. This technology can make it easy to unlock one’s phone or help businesses identify shoplifters.
However, we reported that businesses’ use of facial recognition technology could also threaten consumers’ anonymity and violate their consent to use their image. And the technology is not without its flaws. It can misidentify or profile individuals.
Because of these concerns, we asked Congress to consider strengthening the federal consumer privacy framework to reflect changes in technology and the marketplace.
On the internet, privacy protections are paramount
While issues and threats to privacy on the internet continue to grow and evolve, there is no comprehensive U.S. internet privacy law governing how businesses and other entities collect, use, or sell individuals’ private data.
This leaves consumers with limited assurance that their privacy will be protected. We’ve already seen examples of where data has been abused. For example, in 2018, Facebook disclosed that a Cambridge University researcher may have improperly shared up to 87 million users’ data with a political consulting firm.
As a result, we asked Congress to consider developing comprehensive legislation on internet privacy that would enhance consumer protections and include the oversight authorities that agencies should have.
Congress should consider comprehensive consumer privacy legislation
While we’ve made several recommendations to agencies and Congress on actions they could take to address privacy issues and technology, what is needed is a comprehensive consumer privacy law.
Find out more about our work on consumer privacy and technology by reading our new snapshot on this issue.
- Comments on GAO’s WatchBlog? Contact firstname.lastname@example.org.