Internet companies are perfectly happy to gobble up as much user data as possible so that they can sell it to third-party data brokers, monetize targeted ad networks, and even feed large language models that power the next generation of AI. For decades, this mass data grab went on with little legal regulation to rein in the worst offenders. However, House Republicans recently unveiled a new federal privacy bill that will change the way Big Tech handles personal and private data for good.
What is the SECURE Data Act?
Short for “Securing and Establishing Consumer Uniform Rights and Enforcement,” the SECURE Data Act directly gives users more control over the way companies access and use their personal information on the web. The bill establishes two major frameworks — one outlining the rights of consumers and the other to limit the actions of corporations.
Users get full control over the collection and monetization of their data.
Consumer rights under the SECURE Data Act
Access: Users have a right to know when a company accesses or processes their personal data, as long as this knowledge doesn’t violate company trade secrets.
Pro: Users gain a full understanding of how their information is applied to the websites they visit, the apps they use, and the services they subscribe to. This, in turn, empowers them to make informed decisions on which companies they choose to support based on their data collection practices.Con: Companies will have to invest in expensive resources to document and report on the data of every user, costing the company time and money that lead to potential reporting delays.
Corrections: Users can contact a company to correct inaccurate details saved in their personal data. This can include user names, email addresses, home addresses, and other markers.
Pro: Users ensure that any information a company uses is current and accurate to prevent errors.Con: Companies can use the updated information to build optimized profiles of its users for even more targeted online tracking.
Deletion: If the user no longer wants a company to access their data, they can request to have their information deleted from a company’s servers entirely. This includes data that the user provides themselves, as well as information the company gathers on its own.
Pro: Users get full control over the collection and monetization of their data, and they can revoke access if the company abuses that power. This can also be used as a tool to boycott companies if/when companies take a stance that opposes the views and beliefs of their users.Con: Companies will miss out on vital data that they would use to build better products and services for their customers, potentially leading to the stagnation of future apps, products, and services.
Man_Half-tube/Getty Images
Transferability: User data must be stored in a format that can be exported and transferred to another company, such as in the case of switching from an app, service, or operating system to another.
Pro: Instead of being locked into a certain platform or app, users can freely take their data to a competitor as they see fit. As an example, this will be especially useful for users who want to switch from iPhone to Android and vice versa.Con: Without an encrypted data standard across all platforms and services, converting data into an easily transferable format could weaken encryption and lead to potential data security risks.
Control: Users reserve the right to opt out of selling their personal data to third-party partners or participating in targeted advertising.
Pro: Users can actively prevent companies and data brokers from building digital profiles that track users’ buying habits, online interests, and more.Con: A lack of user data could cause economic damage to the marketing and digital ad industries.
Company limits under the SECURE Data Act
In order to supply consumers with the rights above, companies must adhere to these key mandates:
Minimization: Companies are limited from collecting user data en masse, instead restricting them to gather only what is considered “adequate” for their business.
Pro: Companies are ultimately barred from spying on their customers’ online habits, a huge win for the sake of user privacy.Con: This restriction is too vague without any real hard limits, leaving it open to interpretation. For instance, a company like Google may insist that large amounts of user data are necessary to support its free services and ad business, while competitors are barred from gathering to the same degree.
Limitations: Gathered data can only be used for the expressed reason it was collected, and companies can’t save or repurpose data for other projects without users’ consent.
Pro: Users can feel confident that their data isn’t being used in secret projects or private moneymaking schemes.Con: This may limit a company’s ability to conduct research and development with users’ data, potentially slowing down the creation of future products and limiting innovation.
Discrimination: Data cannot be collected or processed based on race, ethnicity, or other identifying factors. Furthermore, companies can’t use these factors to deny goods and services, offer dynamic prices, or alter their products’ quality of service.
Pro: Companies would essentially be barred from punishing users who don’t align with their own ideas of diversity, equity, and inclusion.Con: The bill doesn’t strictly protect religious beliefs and political affiliations, leaving companies a pathway to oppose users who don’t think or vote in favor of their values.
Notice: Companies must educate users on how their data is processed, saved, sold, and applied to their business. At this point, users will also have the option to make changes as part of their protected rights.
Pro: Companies can no longer hide how they make money from their users’ private data.Con: Similar to the GDPR-compliant cookie notices that pop on the websites you visit, users may receive so many data notices from the services they use that they either accept without reading the terms or ignore them entirely.
Sale: Companies must notify users when their data is about to be sold and why, giving them the chance to opt out before the sale takes place.
Pro: Consumers can ultimately prevent companies from making money by selling their information to data brokers and third-party partners.Con: If a user doesn’t intervene before their data is sold, it may become difficult to trace where the data goes and how it’s utilized by brokers and third-party partners down the line.
Sensitive data under the SECURE Data Act
Lastly, the bill provides special protections for “sensitive data,” especially for underage users, noting that parents must consent before companies can collect information on minors. The most important part here is that unlike many of the age-verification bills coming from both sides of the aisle right now, the SECURE Data Act doesn’t require a user to prove their age through any form of identification. Instead, the responsibility to declare underage data is left in the hands of parents, not the government.
A win for consumers
Internet companies have gathered user data for decades with very little legal oversight. As usual, the government is late to legislate, and yet, the SECURE Data Act couldn’t come at a better time. AI companies, like OpenAI, Anthropic, and Google, have shifted their data collection practices into overdrive, all bent on gorging their LLMs before President Trump’s AI framework ends their plight. The SECURE Data Act is just another piece of the puzzle that will finally give users robust protection over their digital footprint on the internet.
Big tech, Privacy, User data, Secure data act, Tech
