Last week saw some troubling developments for online privacy. First off, the Senate passed legislation that would essentially allow large telecommunications companies to sell your personal data to highest bidder. If that wasn’t enough, Congress is now working on a joint Congressional Review Act (CRA) that would prevent the Federal Communications Commission from ever writing new privacy protection rules in the future.

It’s obvious now that the federal government isn’t going to do much in the way of standing up for your digital rights, and that shouldn’t be surprising. But It isn’t all bad…

As the New York Times documented earlier this week, State governments are stepping in to fill the void left by the feds. They’re introducing privacy legislation of their own, which is proving to be much more effective at protecting consumer data. Specifically, states like Illinois, Connecticut, and even California have started crafting bills that would:

  • Give consumers a “right to know” which companies are collecting their data, and what they’re looking at
  • Limit the use of location tracking for commercial purposes
  • Prevent the involuntary use of microphones and cameras on smart devices
  • Restrict government access to online communications like emails
  • Prohibit companies from spying on their employees’ social media accounts without permission

While this approach may seem like a piecemeal strategy for influencing policy on a large scale, consider what happened when California adopted stricter fuel standards than the rest of the country in 2010. Even though automotive manufacturers could have produced two sets of cars, one for the more lax federal standard and one to meet California’s new requirement, they instead chose just to meet California’s standard because it was cheaper than developing two different vehicles.

While this comparison isn’t totally analogous to the situation regarding online privacy standards (because software is cheaper to build than cars), it does provide the opportunity for moral leadership, and regulations that could be implemented in the state these companies are probably based in: California.

California could choose to adopt more stringent privacy standards and additional legislation like the bills mentioned above because: a) it’s the right thing to do, and b) many of these larger companies that are in the business of managing consumer data (Google, Apple, Amazon, Facebook, etc.) are located right here in Silicon Valley.

While this new legislation may not entirely thwart these and other companies’ attempts to capture and sell consumer data, it will certainly create some legal hurdles for them to do so, which would at least lead to greater transparency. And if the New York Times article was illustrative of anything, it’s that legal and political compliance costs maybe the single greatest motivator to default to the highest level of protection.