Debi, I’d like to see something like the EU’s GDPR law enacted in the US. This EU law mandates that any personal information collected from any EU citizen must come with an explanation for how that data will be used and list any entities that personal data could be shared with.
Two specific points about GDPR should be extra interesting in context of this thread:
1. Entity must protect to ensure that the personal data collected is not used outside of its original stated purpose without first contacting the individual to request their additional approval for that extended incremental use. Doesn’t that sound like a pain in the butt.
2. The EU citizen has the later right to request that their collected info be removed from the stated original data storage place(s). This also obligates the original collector to purposefully reach out to any secondary recipients of same personal data to instruct them to delete it from their database(s) too. Does that sound like two pains in two butts.
Of courses penalties exist for any entity who screws this stuff up and extra penalties exist on the original entity if they can’t take responsibility for knowing and managing the entire string of data ownerships and exposures.
I suspect this kind of law would seriously muck up some key business/income models of FaceCrook, Sgroogle, and a few others. By the way, the GDPR d-o-e-s also apply to how US entities handle personal info of EU citizens too (but law has a delayed US effective date if I recall).
Relevance to this thread is that with a similar law here, the DNA testing companies could be prevented from revealing to you the identity of someone else genetically related to you who wants to remain anonymous.