We didn’t choose the Privacy Policy life, it chose us… yay?
Before Termageddon, we all had exciting careers running web agencies, working for law firms, and doing other things that were much easier to explain to our families at Thanksgiving. But, more and more privacy laws kept coming out, and nobody was coming up with a solution to help website owners keep up. That’s where Termageddon comes in.
If there were just one single privacy law that all websites had to comply with – a comprehensive and affordable Privacy Policy Generator like Termageddon (not-so-subtle flex) probably wouldn’t need to exist. All the generators out there with no legal expertise on staff (not-so-subtle jab) could probably figure it out. Attorneys could charge clients for fewer hours of work. Websites could be protected, and we could use the Termageddon domain to start a termite treatment company.
But here we are… Living in a world with numerous privacy laws that are always changing and growing in number. The question is, why? Why can’t everyone agree on how to protect people’s data online?
There are multiple reasons for this, including:
- Lack of consensus
- Privacy laws change
- Political and economic priorities
Table of Contents
Lack of consensus
Anyone who has tried to get two siblings to agree on what movie to watch will know that this is the big one.
The world is full of different legal, cultural, and economic backgrounds that make it difficult to agree on any legislation, let alone something as complicated as a data privacy law. You’d need everyone to agree on questions such as:
- What privacy rights do people have?
- What type of data is to be protected?
- What does transparency and consent look like?
- What security measures must be put into effect?
- What businesses/organizations need to comply?
- What penalties should be implemented?
- How will those penalties be enforced?
The United States is a great example of this.
While the European Union has GDPR, and the United Kingdom has the UK DPA, there’s no comprehensive federal privacy law in the United States. There are federal privacy laws in the U.S. that protect specific data, such as health data (HIPPA), financial data (GLBA), and children’s data (COPPA). However, every federal data privacy bill proposed to protect data collected by websites has been rejected (so far). This has forced states like California, Colorado, Utah, Virginia, Delaware, and more to pass their own privacy laws.
Some of these laws do appear to draw inspiration from one another, but even bordering states disagree on things like:
- Should it apply to nonprofits?
- How should Personally Identifiable Information (PII) be defined?
- What disclosures need to be included in the Privacy Policy?
- Should it apply to small businesses?
Note: Check out Episode 15 of Privacy Laws: “What’s the deal with U.S. privacy laws?” for great information on this.
To make matters even more complicated, places like the European Union (EU) consider privacy to be a fundamental human right (as stated in the EU Charter of Fundamental Rights), while others do not. This fundamental difference makes it very difficult to agree on aspects such as consent, opt in/out measures, and how data can be used.
Privacy laws change
Even if you could get the entire world to agree on one privacy law, you’d have to start the process all over again each time the law needed to be amended. These changes happen more often than you might think. Technological advancements, new privacy risks, different societal expectations, and evolving interpretations could all warrant changes to an existing law.
Let’s take technological advancements as an example. Innovations like artificial intelligence and the Internet of Things (IoT) are always changing. This forces privacy laws to change as well to stay relevant. If they don’t, you end up with debacles like a 30-year-old privacy law (CIPA), which never mentions websites specifically, being reinterpreted to sue website owners.
The truth is, privacy laws are always changing
Political and economic priorities
Different areas value things differently, and getting everyone to agree on priorities isn’t easy.
Let’s use Canada to convey this next point. Canada currently has two major privacy laws: PIPEDA and Quebec Law 25 (other provinces have their own also, but they are substantially similar to PIPEDA). Let’s say two other Canadian provinces wanted to get together to create a different privacy bill of their own.
Province A may want harsh penalties for businesses that don’t comply to better protect the privacy rights of its residents. Province B, however, may be trying to grow its business sector and has fears that harsh penalties may discourage small business owners. This one difference between the provinces could lead to major disagreements on:
- What size businesses need to comply?
- What will enforcement look like?
- What will the penalties be?
Plus, elections exist. An elected official in Province A is going to prioritize what the residents of Province A want (more privacy rights and improved data security, for example). Province B will naturally do the same for its residents.
Even close neighbors can struggle to come to a consensus when slight differences have a major impact. This is why GDPR is so impressive. Not only was it one of the first, truly comprehensive privacy laws, but the entire EU also agreed to it.
Agree to Disagree About Privacy
At the time of this blog, there are well over a dozen new privacy bills being drafted between the United States, the United Kingdom, Canada, and Australia. So, it appears our jobs at Termageddon are safe for now.
Let’s not get distraught with the idea of even more privacy laws. Yes, it can be a headache, but it’s a great sign that more places are taking a stand for people’s privacy rights. The early internet days were the Wild Wild West of misusing people’s data. While we can’t seem to agree on who ‘the lawman’ should be to bring order, it’s becoming clearer to everyone that there does need to be a lawman.
Our tool helps you identify what laws do/do not apply to you, combines all applicable laws into one Privacy Policy, and then automatically updates that Privacy Policy whenever the laws change or new laws go into effect.
So, speaking of Wild Wild West and the recent loss of legendary Val Kilmer (RIP), if your business needs help complying with all the different privacy laws out there (and the ones on the way)… “We’re your Huckleberry.”
