By: Tim Sparapani
It is time to rethink the concept of consent and to change data privacy law to better align corporate data practices with consumers’ expectations. We should increase the flexibility to innovate for companies that directly interact with consumers while restricting the chances that companies with no relationship with consumers have to misuse consumers’ data.
Recently, I’ve read articles speculating about why the Match Group, which runs online dating services including Match.com and Tinder, would purchase the Princeton Review, a leading student test prep service. Princeton Review has been unprofitable according to those articles. Why would an online dating company buy a test prep company? Perhaps the Match Group knows how to turn money losing test prep companies around or maybe they want to use or sell Princeton Review’s customer data to create new niche dating services. If the latter is true, this unexpected use of sensitive data would confuse, frustrate or anger most customers. When I used Princeton Review to prep for my law school entrance exam neither my girlfriend nor I would have expected that I’d be offered dating services along with new test taking skills. I would never have consented to this unexpected, third party use of my data.
This got me thinking that it is high time we rethought data privacy laws to benefit consumers in two ways by focusing on consumers’ consent. Ideally, consumers should both be free to choose exciting and unexpected innovations derived from their personal data provided by companies they know and trust, and reduced downside by lessened privacy risks posed by unknown companies accessing their personal data. Legislators should empower consumers both to consent to sharing their data for more opportunities they choose and restrict or denying access to corporations they do not know would access that data.