In the wake of Cambridge Analytica and Facebook data breach, Senators Edward Markey and Richard Blumenthal introduced a privacy bill dubbed as CONSENT Act (The US version of GDPR) last week.
“America deserves a privacy bill of rights that puts consumers, not corporations, in control of their personal, sensitive information,” said Senator Markey. And that’s what the bill is all about.
What is CONSENT Act?
The CONSENT Act (expanded as the Customer Online Notification for Stopping Edge-provider Network Transgressions Act) is a bill to regulate the collection, usage, and sharing of the US-based users’ information by an edge provider*.
*Edge provider is a person/company which provides its service over the internet.
It also focuses on enforcing a standard data security practices and after-measures for a data breach. The act is similar to the GDPR passed by the EU, which takes effect from May 25th of this year. But, as cited by the Digiday, there’s a big loophole in the consent act, which we’ll discuss a bit later.
Here’s a copy of the consent act.
What does it demand from the edge providers?
The act would require an edge provider,
- To get ‘consent’ from its users,
- To embrace data security practices, and
- To notify about the use cases and data breaches promptly.
Getting ‘consent’ includes providing “understandable” opt-ins to share, use, and sell the users’ information. Notifying users requires necessary details on the data breach and ‘what kind of data has been compromised’.
Let’s not stay vague. The consent act points to the information used by the advertisers and publishers use, to target ads. For instance, from Good Ol’ cookies to browsing history to third-party permissions, everything should be collected and processes after the users’ approval.
What if an edge provider goes off the track?
This is one of the big differences between the consent act and the GDPR. There’s no standard fine or revenue cut from the recalcitrant. Instead, the district court of the United States (Subjected to the edge provider’s jurisdiction) will take on the case to enjoin, enforce or obtain compensations on behalf of the residents of the state.
How will this affect the Ad tech or Facebook or Google?
A survey created by The7Star media agency in the UK found out that more than one-third users have a chance to decline the consent of using their personal information.
In numbers, it means 20 percent of Ad competency will be gone. Of course, it includes UK users too. But, a complete US-based survey will worsen the numbers more. In the near future, advertisers may have micro-targeting circles spread over the internet.
But hey don’t worry. There’s a loophole in the consent.
What’s the loophole?
The Consent Act doesn’t provide enough clarity on the usage of personally identifiable information such as Names and Email Addresses. The users who opt-out of the targeting ads radar can be pulled back into it, with the help of this information.
Also, Google is working on a project which helps publishers to run non-personalized (not targeted) ads. Besides, publishers are already digging across the web to find alternatives. Especially, Instagram stories, Snap’s commerce, Facebook groups have been on a successful test run so far.
It’s like balancing the ecosystem.
Consent Act Vs. GDPR
On a high level, you may think of them as the ‘twins’. But there are a few key differences in the consent act that makes it less-realizable (as of today).
- It doesn’t address how the rules apply to the companies obtaining data and the ones who are processing on behalf of the controller.
- No distinction between the controller and processor yet.
- The PII loophole that we’ve mentioned above.
On the other hand, the GDPR explains the application of its rules and regulations in-detail, without leaving any doubts on PII and others.
Tip: Need any help with the GDPR, we covered everything you need to know in our ‘GDPR Series’. Listen to it here.
Less-realisable? so it’s a long way off?
With the historic references and current-flaws, you’re right. Congress has introduced privacy laws in 2011 and 2015, but both of them failed to cross the desks. Ultimately, it’s up to the FTC to enforce the law.
When you look at the real-time data, data breaches and security have got the headlines of many publications and one made it to the Senate. So, we’ve plugged into the Senate and the FTC to listen to the updates.
Subscribe to our newsletter, and get the updates first.