A handful of states, including California, Delaware, Illinois, Utah, and Arkansas, are leading the country in establishing regulations to protect citizens' digital privacy. California is often blazing the trail (Article 1, Section 1 of the Declaration of Rights), being the only state to outline privacy as an inalienable right in the state constitution. Special call-out to Illinois for being the only state to proactively protect biometric data.
As is often the case, California sets the precedents in technology and the rest of the country tends to follow. With the stalemate and bureaucracy by the Federal government that has opened a chasm for misuse of personal data, it is the states that are implementing the necessary oversight. A tremendous amount of friction between privacy advocates, technology power-houses, and the government has slowed down what is needed to protect people's privacy, freedoms, and liberty. States are stepping in to protect their citizens. Unfortunately, it is not unified, which complicates matters, but at least traction is being made.
The battle for privacy is not over. This is just the beginning. People must have more notice of who has their data, what it is being used for, with whom it is being shared, and ultimately the control of their personal information.
In my opinion, personal data should be treated as an asset (which requires accountability and annual reports - just like investors get reports on their financial assets) and intellectual property (which has an owner, requires security, and authorization to use). Yet, we are far from that point. Currently, personal data is often traded like coins between companies without the knowledge or consent of the affected people. Even consent and notification are bewildering.
EULA’s and privacy policies are often purposely written to be confusing, vague, and with clauses that state they can be changed at any time whilst indicating that by using the product or service, it is acceptance that the company can harvest and sell user data. They are rarely read and even less often understood.
The underhanded practices and tools to harvest, steal, hide, and misuse personal data are becoming stronger, and evolving faster than the rules, regulations, or ethics that will protect people’s privacy.