The information age has revolutionized the way we interact, communicate and are perceived. In the United States, approximately 90 percent of the population is on the internet, using Facebook and Google to catch up with high school friends and to answer their questions. Companies such as Google constantly collect data on search habits of the user and what they like, in order to provide more personalized results and to improve their company.

Data collection and the selling of this personal data has been a topic of controversy lately, primarily due to the Facebook and Cambridge Analytica scandal. In the 2017 hit Sci-Fi movie The Circle, the main character Mae obtains a job at a company eerily similar to Google, called the Circle. The company created a social network paralleled to Facebook called True You, and is constantly creating new software and products that revolve around collecting copious amounts of data because “Knowing is good; Knowing everything is better.” As the film nears the end, the Circle knows everything about anyone and can track a person down in under 20 minutes. While being greatly exaggerated this shows the potential of what improper use of data can lead to, and begs the question should we allow access to people’s private data in order to improve our personalization of services we use or even to the government in order to increase national security? The proper use of data can greatly improve products and make our lives easier, however, we, as consumers, deserve the right to know how our information is being collected and used.

Every time we sign up for a new web service we must accept a Terms and Conditions contract. This agreement is full of legal jargon and extremely unreadable to the average consumer and needs to be changed in order to be easier to read and comprehend. In a study conducted by Jonathan Obar and reported about by NPR, the researchers created a fictitious social networking site and wrote a Terms and Conditions for it. With statements such as all information will be passed on to the NSA and that you would have to surrender your first born child to the company. Only 1 out of 500 participants expressed concern about the NSA and nearly 98% of participants said they did not even notice the first born child clause. Practically no one reads the Terms and Conditions (26% in this study skimmed the documents, the rest did not read it at all) part of this is due to their length, according to Obar “It would take the average user 40 minutes a day to read all of the privacy and terms of service policies”, but also in a large part due to the readability of the text. In fact, a 2014 survey found that 52% of internet users incorrectly believed that “‘When a company posts a privacy policy, it ensures that the company keeps confidential all the information it collects on users’”. Initially, this is surprising yet thinking about it more, the poor readability of many terms and conditions contracts leads to a gross misunderstanding of what the company can do with your information. In order to gauge just how hard the terms and conditions agreements are I calculated the SMOG (a commonly used formula to calculate what level of education is needed to comprehend a text) score for Apple’s contract, the contract scored at 14 years of education. Meaning that you would need to be at least in your second year of college in order to fully understand what you are agreeing to when you sign up for an Apple product. With the average age when kids get their first mobile device is 12.1 years old it is impossible for them to have adequate education in order to properly comprehend what they are, often blindly, agreeing to.

Countries such as Canada and European Union’s recently passed General Data Protection Regulation (GDPR) legislation are taking steps in order to improve Terms and Conditions and data transparency. Canada has the Personal Information Protection and Electronic Documents Act (PIPEDA) which focuses on keeping companies accountable for personal data usage management, limiting collection and use, accuracy, and individual data access among a few. The GDPR was just enacted into law in mid-April 2018 and will be applicable on May 25, 2018. This law aims to give the data back to the consumers, by requiring specific data consent and carefully regulating companies commodification and selling of personal data. According to an article in the Harvard Business Review, 25% of people did not know that companies can collect location data on them. However by enacting laws such as the PIPEDA and the GDPR governments are making a huge step towards data transparency by being more open about the data they collect, how they use it and allowing consumers to see the data collected on them. Ultimately laws such as these will allow consumers to be more knowledgeable of the extent of their personal data.

The United States has an estimated 286,942,362 users online yet according to the Council on Foreign Relations article the

“U.S. lacks a single, comprehensive federal law that regulates the collection and use of personal information. Instead, the government has approached privacy and security by regulating only certain sectors which [in turn creates] overlapping and contradictory protections”.

The recent GDPR law is the most comprehensive data protection to the U.S. has to date, and it’s a European Law! The GDPR is changing the way many U.S. based companies are handling customers data since companies like Snapchat, Facebook and Google are also present in Europe. This has prompted many companies to change their terms and conditions in compliance with the new law. In fact, over the past week, I received at least one email daily notifying me of the changes a given company was making based on the GDPR rules regarding data transparency and use. The fact that a European law has more control over U.S. companies data standards is absurd and should (but probably won’t) trigger a law being passed in Congress.

Before a potential bill is passed it must be brought to attention through the public agenda and on the matter of data transparency, this is seemingly difficult. In 2015 Almost ¾ of Americans are reluctant to share their data with business because they want to maintain their privacy and that “93% of adults say that being in control of who can get information about them is important”. Yet there is a gross misunderstanding of how consumer’s data is collected and used. While most people gather that companies are collecting data on you, no more than 25% know that search history, communication history, and IP addresses are specifically collected. This is the challenge, most consumers do not know just how private the data is being collected on them actually is. For example in mid-2015, 85% of Americans say they trust their credit card companies with personal data, yet in 2015 according to ID Theft Center 2015 report, there were 71 data breaches in the banking, credit and financial sector. The average American consumer does not know the reach of their own data or how it is used, let alone when it is being misused. This is a problem because data transparency is necessary in order to properly regulate large corporations use of highly sensitive and personal data, yet many Americans do not see this as a problem. On the FCC’s (which regulates the internet) website, for example, you can look at all the complaints filed by consumers, and privacy over data is not even in the top 5, it ranks below unwanted calls and telemarketing. Clearly, it is not a large concern in the U.S., and this can be mostly attributed to consumers simply not knowing the poor practices in the industry.

The current state of data privacy in the U.S. is extremely closed off and will continue to be until a majority of consumers say something about it. Terms and Conditions agreements are getting ever more unreadable, even as they are updated in order to comply with new data regulation laws. And overall consumers are in the dark about how their data is collected and used, not even knowing the basic types of information collected about them. As companies and their software become even more intrusive (especially with advancements in artificial intelligence and machine learning) privacy over personal data is going to become a primary concern. However without a nationwide call to action, nothing is going to be done, these giant companies have immense lobbying power and without a significant backlash, they will continue to improperly use personal data.