Welcome to Privacy Insider newsletter, a round-up of the week's most important privacy news.
How much is personal data worth? That's a fascinating question. How would we even decide that? Would certain data be considered more valuable than other data? Let's say I went into a store where I could sell my data. Could I ask the clerk to pay me to double the amount for my health care records that she would for my email address?
This week, the Wall Street Journal reported on the ongoing TikTok case. It's a long story you can read about below if you want, but basically: TikTok is accused of collecting users' data without consent. Now lawyers are debating the settlement's amount. Right now, it's at $92 million, but that's not a huge payout per person when it gets divided among thousands of people. That could happen if enough of those impacted learn about the case.
Even more interesting than putting a money value on data -- the data companies collect from us and use to make profits -- is the idea of data ownership. Some say the solution to companies' greedy data grabs is to allow users to own their data. Then they could use it however they want: Sell it, rent it, give it away to charity.
The Financial Times has a calculator that allows you to find out how valuable your data is, the going rate if you will. Former Secretary of the U.S. Chamber of Commerce, John Kerry, gave it a whirl: his data was worth $1.78 because he travels a lot, but the default value is $0.007, according to Kerry's report.
Lawmakers have introduced a couple of bills in recent years that would give individuals a "property right" over their data. They never went anywhere, but more are sure to spring up. Who knows, we could find ourselves hawking our data for wares in the not-too-distant future.
Enjoy reading, and I'll see you next week!
1. Supreme Court delivers robocall ruling in 'landmark decision'
JD Supra reports on the Supreme Court's "landmark decision" released April 2 that answers the long squabbled-over question: What constitutes an autodialer? In Facebook v. Duguid, the Supreme Court said "autodialers" under the Telephone Consumer Protection Act (TCPA) must "not only dial stored numbers using a random or sequential number generator, it must also have generated those numbers in the first place." Facebook did not generate the numbers themselves; they were associated with Facebook user accounts. The decision will have a massive impact on TCPA compliance for companies who call or text customers, the report states.
Read Story
2. French DPA starts internet sweep for compliance with new cookie rules
The French data protection authority, CNIL, started doing sweeps of websites for compliance with its new guidelines on cookies. Now that the April 1 enforcement date has passed, the CNIL is looking for sites' collection of consents for ad tracking cookies. Users must take a "clear and positive act" like clicking "I accept" for cookies deployment. It must also be as easy for users to withdraw consent as to give it, per the new rules.
Read Story
3. TikTok case begs the question: How much is personal data worth?
The legal dispute over TikTok's proposed $92 million settlement over claims the company illegally collected user data stems from a disagreement over the payout's size, The Wall Street Journal reports. Jay Edelson, one of the plaintiffs' attorneys objecting to the settlement, said the case presents an interesting question: How much is an alleged privacy violation worth?"
Read Story
4. Whistleblower to privacy authority: Company 'underplayed' breach fallout
In January, Internet-of-Things device vendor Ubiquiti disclosed it had a data breach. But a security professional who helped the company with its response told the European Data Protection Supervisor that the company "misrepresented the impact of a recent data breach to the public," Security Boulevard reports. The company advised users there wasn't evidence hackers "misused a user account" or had access to databases their information. But the whistleblower said that isn't true, and the breach was "catastrophically worse than reported."
Read Story
5. Facebook and Health Net breaches indicate US needs a privacy law
"How many data breaches will it take before our leaders accept the need for a national privacy law?" That's the question David Lazarus asks in this piece for the Los Angeles Times. Over the weekend, Facebook disclosed that hackers accessed more than half a billion users' names, birth dates and email addresses. Recently, health insurance company Health Net notified policyholders of a breach involving their confidential medical records after hackers accessed one of Health Net's third-party vendor's servers. Still, Washington can't seem to make progress on a federal bill.
Read Story
6. Oklahoma's privacy bill is dead; Washington's still has a (slight) pulse
While it seemed to be gaining momentum in recent weeks, Oklahoma's Computer Data Privacy Act has died. The bill would have required businesses to get consumers' consent to collect their data. It also would have required consumers to opt-in to businesses selling their personal information. While the Washington Privacy Act, which contains similar provisions to Oklahoma's bill, still lives, things aren't looking good, the National Law Review reports.
Read Story