The Gold(en State) Standard of Online Privacy

It might seem like hyperbole to say that securing data privacy in the Lone Star State is a matter of life and death. But it can often have tragic consequences.

For example, two years ago in New Jersey, a lawyer angry at a judge for postponing a ruling on his case obtained the judge’s sensitive personal information—her address, routes to work, and even the names of her best friend and church—from data brokers for the price of a coffee. The disgruntled lawyer used that information to show up at the judge’s home to confront her and ended up killing her son and critically wounding her husband.

Here in the state of Texas, how companies collect and sell this kind of intimate personal information on the open market to whoever wants it is opaque at best.

Insufficient data privacy standards are increasingly problematic as users spend more time online and corrupt actors find more sinister ways to use the data. However, some states have developed a potent antidote the state legislature ought to adopt to protect Texans.

And though this might make Texans squirm, California is the state to look to.

In 2018, California passed and signed into law the California Consumer Privacy Protection Act (CCPA), making it the first state to codify a Digital Bill of Rights. The law affords Californians the following rights while online: the right to know what data is being collected; the right to know if one’s data is shared and with whom; the right to opt-out from one’s data being sold; the right to access one’s data; the right to request the deletion of personal data; and the right to not be discriminated against for exercising these digital rights. Importantly, this law also created new limits on the sale, sharing, and use of personal information and sensitive personal information. Given that the CCPA applies to businesses that meet a $25 million revenue threshold and make a significant portion of their revenue from the sale of personal information, Californians have dramatically more digital privacy rights than Texans.

If it stings that California is a leader in this area, the good news is that Texas can do even better.

In the 86^th Legislature, Texas established the Texas Privacy Protections Advisory Council to analyze data privacy laws around the country, and longstanding models like the EU’s General Data Protection Regulation. The Council concluded that Texans generally have very little or no knowledge of how their personal information is used with little safeguards in place for Texans’ sensitive personal information. However, by enshrining a Digital Bill of Rights in Texas, Texans would receive the requisite knowledge and safeguards to reduce the likelihood their personal information makes its way into the wrong hands.

While California frequently puts on master classes of poor public policy, every once in a while, it introduces something worth reviewing. Now it’s Texas’ turn to pass its own Digital Bill of Rights that will serve as the gold standard nationwide.