On June 12, 2017, Nevada’s Governor, Brian Sandoval, signed Senate Bill Number 538 into a law requiring internet website providers to disclose the type of information it obtains from internet users in the state of Nevada. The bill, sponsored by Senate Majority leader Aaron Ford and Assembly speaker Jason Frierson, received overwhelming support from the Nevada Senate. It requires any company or person who owns or operates an Internet website or online service for commercial purposes that collects information about Nevada residents and maintains minimum contacts with Nevada to make available a notice explicitly listing the personal information that the said operator is to collect from its clients. In addition, the operator must allow the consumer to review and request changes to this information. Failure to adhere to this regulation will first lead to a 30-day period to remedy a failure, or face a civil penalty imposed by the state attorney general.
In essence, this bill provides privacy protection to Nevada residents in lieu of the Federal Communications Commission’s Broadband privacy rules which have been repealed by newly elected President Trump. The FCC privacy rules, which were set to take effect later this year, were designed to ban Internet Service Providers (ISPs) from collecting, storing, sharing and selling private information obtained from customers without their consent. These set of rules would have required ISPs to obtain consumer permission before selling information such as web browsing history, location details, and app usage history to third parties for advertising purposes. The repeal deprives consumers of this type of federal protection, leaving it up to the states to perhaps take steps in furtherance of privacy protection.
Nevada is one of several states to undertake such a measure to protect the interests of its residents. Illinois is another state that has taken steps to protect the privacy interests of its people. For example, Illinois is working to implement the Right to Know Act in its state. This law would require the operator of commercial websites or online services to make available certain personal information that has been disclosed to a third party, and to provide a way for customers to inquire further about said information, whether via email, or telephone.
While I do not believe that it is illegal for entities who own or operate an Internet website or online service for commercial purposes to obtain personal information from its users, I do think that they should have an affirmative duty to disclose to their clients the information being obtained, how it is being obtained, and how it is being used. The onus shouldn’t be on the user to have to opt out of these arrangements after being essentially bound to a unilateral agreement by default. After all, it is the commercial website service that gets to benefit financially from this endeavor. Thus, the burden of seeking consent should be placed on them.
As a consumer, it isn’t unusual to expect that the information I provide to another party will be used solely for the intended purpose, unless otherwise stated. Put differently, if I were to tell a secret to another party, it is implied that the secret would stay between the recipient of this sacred information and I, unless I were to agree for this message to be passed on to others. Likewise, I believe it is reasonable to expect that the same principle would apply here in this context.
Opposition might argue that the majority of internet users will not willingly agree to have their information used for advertising if they in fact knew how their information was being used. Others might also argue that the use of this information is for the benefit of the users themselves, as it will provide convenient shopping amongst other benefits. To the proponents of the first oppositional point, I think this may present a challenge for perhaps new innovative ways of marketing, without necessarily infringing upon privacy rights. To the proponents of the latter, if this disclosure would in fact educate users of the benefits of such information gathering, there ought to be overwhelming support, hence no foreseeable problems.
Further, I am not saying that entities who own or operate an Internet website or online service for commercial purposes shouldn’t be allowed to sell this information to third party clients. Instead, I am simply asking that they seek the consent of the individuals who are essentially having their privacy rights infringed upon. Since the users do not get monetary compensation, the least they can be provided is the ability/opportunity to give informed consent. This would require simple disclosure, and the opportunity to grant or decline consent. Since the Federal Government is taking a step back in providing this protection to citizens, more states should follow in the footsteps of Illinois and Nevada, and protect the privacy of residents.
In sum, I am in favor of Senate Bill Number 538 being passed as a law, as I believe it is a step in the right direction towards protecting the privacy of consumers online. Entities who own or operate an Internet website or online service for commercial purposes should have the affirmative duty of disclosing to its users the type of information being obtained, how it is being obtained, and what it is being used for. This will enable users to make an informed decision as to whether or not to provide this information and/or continue to use the service(s) being provided. More states should follow suit.