With the ever-growing necessity of technology, it is easy to become overly reliant and allow your devices to do the work for you. While this is an easy option, a smart, proactive user will understand not only the advantages, but the disadvantages that are associated with using technology and sharing their information with those whose technology they are using. As the technology industry has grown, smartphones have become the norm, with nearly 6.5 billion smartphone mobile network subscriptions worldwide as of 2022. One of the most prominent functions of smartphones is the ability to access third party websites and applications which serve purposes varying from a simple game to a one-stop-shop for all your banking and budgeting needs. Many of these websites and apps request access to user data as a condition to using the app and use artificial intelligence to analyze this data to boost efficiency through process automation, improve speed or consistency of service, use customer insights to inform decision making, among other things. However, the more sensitive the information being accesses, the more important it is for the user to not only know that the company is taking their data, but to know that their data is safe from both internal and external threats. Looking at only apps purchased from the IOS app store, over 45% of unpaid apps and 11% of paid apps have reported collecting privacy data from their users. Historically, express consent has not been a requirement to collect a user’s personal information. However, Gaining the users consent is just the tip of the iceberg when it comes to data protection. Once a company is allowed access to the user’s data, it then becomes their duty to keep this data secure. 

While developers may willingly misuse customer data, incidental breaches are a serious concern for users. “A data breach is any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data (Social Security numbers, bank account numbers, healthcare data) or corporate data (customer data records, intellectual property, financial information).” According to IBM’s Cost of Data Breach 2022 report, 83% of the surveyed organizations had experienced more than one data breach, showing that these breaches are a constant threat. A company experiencing a data breach loses on average 1.42 million dollars, but the cost associated with preventing such a breach is 1.44 million dollars, giving companies little incentive to protect their customers data. Per the companies surveyed, the cost on a company experiencing a data breach in the United States is more than 9 million dollars on average.

The United States has historically rooted their data privacy laws in a harm prevention approach. As of now, there is not a “one size fits all” approach to data security. The Federal Trade Commission understands that there are different security concerns for different apps and “expects app developers to adopt and maintain reasonable security practices” which depends on different factors such as the number of users and the privacy concerns implicated. “Apps that are more complex may rely on remote servers for storing and manipulating users’ data, meaning that developers must be familiar with securing software, securing transmissions of data, and securing servers.”

However, there has been a shift recently, with 5 states – California, Colorado, Connecticut, Utah, and Virginia – adopting a rights-based approach mirroring the European Union’s General Data Protection Regulation (GDPR). Under this approach, the users are the ones who own their data and they have the right to determine who and for what purposed their data is used. Essentially, under this approach, data privacy is viewed as a fundamental human right.1These laws apply to businesses across all sectors while there are still varying different laws that pertain only to specific sectors. The rights accorded by the GDPR, include access, correction, portability, erasure, consent, and appeal.In addition to individual rights, the GDPR implements governing principals such as privacy/data protection by design, record keeping, data minimization, transparency, informed consent, legitimate uses, data protection officers, data impact protection assessments, best cybersecurity practices, data breach notifications, employee training, requiring appropriate contractual language. While only 5 states have yet to implement such legislation, it is likely that more states follow their lead as user concern over their data has become an ever-increasing area of discussion. 

References:

1 Taylor, P. (2023) Mobile network subscriptions worldwide 2028, Statista. Available at: https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/

2 Martech, A. (2022) How do businesses use artificial intelligence? Wharton Online. Available at: https://online.wharton.upenn.edu/blog/how-do-businesses-use-artificial-intelligence/ (Accessed: 05 November 2023). 

3 Id.

4 Ceci, L. (2023) IOS apps admitting to collect data from global users 2023, Statista. Available at: https://www.statista.com/statistics/1322669/ios-apps-declaring-collecting-data/ (Accessed: 05 November 2023). 

5 Bellamy, F. (2023) U.S. data privacy laws to enter New Era in 2023, Reuters. Available at: https://www.reuters.com/legal/legalindustry/us-data-privacy-laws-enter-new-era 2023-2023-01-12/ (Accessed: 05 November 2023). 

6 What is a data breach? IBM. Available at: https://www.ibm.com/topics/data-breach (Accessed: 05 November 2023). 

7 Id.

8 Id.

9 Id.

10 See supra note 4.

11 Ritchie, J.N.& A. and Jayanti, S.F.-T. and A. (2021) App developers: Start with security, Federal Trade Commission. Available at: https://www.ftc.gov/business-guidance/resources/app-developers-start-security (Accessed: 05 November 2023). 

12 Id.

13 Bellamy, F. (2023) U.S. data privacy laws to enter New Era in 2023, Reuters. Available at: https://www.reuters.com/legal/legalindustry/us-data-privacy-laws-enter-new-era 2023- 2023-01-12/ (Accessed: 05 November 2023).

14 Id.

15 Id.

16 Id.

17 Id.

18 Id.

19 Id.