There are few protections on consumer data. This little regulation has allowed companies like Facebook, Google, and many others sell your data to third party companies like Cambridge Analytica. They do not need informed consent from you and there are no alternative options to use their products without giving up all rights to your data.
In research, all of our data is heavily regulated. If we wish to share this data it must go through even more regulation and we definitely can’t sell it for profit. Through the institutional review board (IRB), our experiments are ethically sound during the collection and analysis of data. That means we give informed consent to the participant and tell them what will happen in the experiment, allow them to opt out at any point easily, and what we will do with that data afterwards (Icenogle, 2003).
Before we even begin data collection we must submit a proposal about what the experiment is, what we will do with that data and how we will keep it secure. We also must annually renew the proposal if the project is still active. The IRB will also periodically audit each lab and meticulously go through every consent form and all other files containing data to make sure no rules are being broken (Icenogle, 2003).
Most data are deidentified so when it does come time to analyze the data, anonymity is kept by the participant. If there is protected health information (PHI) with participant data we must keep it in a secure place, such as in an encrypted file on a desktop or on a secure file transferring database. We can’t use Dropbox or send documents through Gmail that have PHI. If the IRB finds that a lab has broken any rules, it risks being shut down, losing all funding, and the university losing all federal funding (Icenogle, 2003). This means everyone in the lab is out of a job and a tarnished career. We take great care in handling data to make sure it abides by IRB rules. Companies do not. Look at Facebook and Equifax.
I find it quite curious that research, which can only grab limited data sets, has stricter regulations on data privacy than corporations that can harvest nearly unlimited data on its users. They are also allowed to sell this information without consent to third parties! Corporations should be held to the same regulations that researchers are. Every time they wish to gather data, they should submit a proposal and say what it is for, what they will do with it and how exactly they will protect it. The Federal Trade Commission or a created agency should have heavy power in the regulation of consumer data and privacy. They should be audited on a annual basis to ensure they are abiding by regulations set forth by this board.
Consumer data has as much protection as Flint water does from lead. Our data is being abused and nothing has been done in the US. Companies will continue to exploit our data until there are strong laws that regulate them. The EU has already moved with protections starting in May. America has many issues, this is one worth fighting for. Please call your congressman today and demand protection for your consumer data.
Icenogle, D. L. (2003). IRBs, conflict and liability: will we see IRBs in court? Or is it when? Clinical Medicine & Research, 1(1), 63–68. https://doi.org/10.3121/cmr.1.1.63