We are fast approaching a privacy crisis in the United States.
Google, Facebook and other big Internet companies collect information about us, which they deploy in the service of advertisers. Big data brokers, like Acxiom, have developed sophisticated tools that allow them to know almost as much about us as we know about ourselves; they then sell that data to all kinds of companies that want to learn everything from our habits to our health, from our sexual orientation to our finances.
The digital age has made it easy to collect medical data, which is supposed to be protected under federal law. Huge data breaches at big retailers like Target have made it seem unsafe to use credit cards.
And I haven't even mentioned the Edward Snowden revelations about the massive data collection by the National Security Agency.
"The United States," says Barry Steinhardt, the founder of Friends of Privacy USA, "is basically the Wild West of privacy."
It was two years ago that the Obama administration issued a report calling for a consumer privacy bill of rights.
Although the report went nowhere, it was full of sound, broad principles: "a sensible framework that would help establish fairness and accountability for the collection and use of personal information," as a group of privacy advocates put it in a letter they sent to the president Monday.
The advocates called on President Barack Obama to work with Congress to finally pass privacy legislation. In that spirit, I thought it would be a useful exercise to call some privacy experts and ask them what should be in such a bill. Here's what they had to say.
Regulate data brokers:
Almost everyone I spoke to saw data brokers as a far bigger threat to privacy than, say, Facebook. These are companies that collect a hundred different data points, both offline and online, and create scores and profiles that they sell to anyone who wants to buy them.
At a minimum, people should know what information of theirs is being compiled. Better yet, people should have a right to control what information of theirs gets sold and what remains private.
Opt-in instead of opt-out: The typical terms of agreement that we check when we want to use the services of an Internet company invariably gives the company the right to redeploy our information for their own benefit.
Some companies also give consumers the right to opt-out of that information-gathering, but it is usually a process that requires some effort.
A far better approach would have customers opting in instead of opting out. This would also likely force companies to explain to their customers why they need the data and what they will use it for, which is another thing that should be included in any privacy bill.
Give companies an incentive to prevent data breaches: One reason breaches like the recent Target disaster have taken place is that they bring with them very little consequence. But it would be easy enough to create consequences -- a data breach could be treated like an oil spill, with fines attached.
The government could also make it easier for people to sue. Lee Tien of the Electronic Frontier Foundation also says that companies should be doing far more encrypting than they do now. Privacy legislation could give them a push in that direction.
No more secrets: It's not just data brokers that need to be more transparent. It is every entity that collects data. People should be able to see the information that is collected on them.
For instance, there are companies that compile scores about people -- risk scores, or health scores, or fraud scores. Those scores should be known to the people who are being scored because it can affect everything from their ability to get insurance to their chances of landing a job.
"You should have the right to know what information is being collected about you, who has access to it, how it is being used, and to limit that use," says Marc Rotenberg of the Electronic Privacy Information Center. "And if companies violate those rights, there should be consequences."
In 1967, Sen. William Proxmire, who would later serve as the head of the Senate Banking Committee, pushed through the Truth in Lending Act in the face of fierce opposition from the credit card industry. It was, however, the best thing that ever happened to the industry because it showed consumers, for the first time, that it could protect them from fraud or shady practices.
In some ways, it is the same now with privacy. As much as the companies like Google and Facebook and Acxiom would oppose privacy legislation, they need it -- for their sake as well as ours. Sometimes, government has to save business from itself.