Editing Consumer privacy (section)

== Legislation ==
Consumer privacy concerns date back to the first commercial [[courier]]s and [[bank]]ers who enforced strong measures to protect customer privacy. Harsh punitive measures were passed as the result of failing to keep a customer's information private. In modern times, the [[ethical code]]s of most professions specify privacy measures for the consumer of any service, including [[medical privacy]], [[client confidentiality]], and [[national security]]. These codes are particularly important in a [[carceral state]], where no privacy in any form nor limits on [[State (polity)|state]] oversight or data use exists.<ref>{{Cite journal|last=Lee|first=Dong-Joo|date=June 2011|title=Managing Consumer Privacy Concerns in Personalization: A Strategic Analysis of Privacy Protection|journal=MIS Quarterly|volume=35|issue=2|pages=428–A8|doi=10.2307/23044050|jstor=23044050}}</ref> ''Corporate customer privacy practices'' are approaches taken by commercial organizations to ensure that confidential customer data is not stolen or abused.<ref name=Siam>{{Cite journal|last=Siam|first=Kayla|date=2017|title=Coming to a Retailer near You: Consumer Privacy Protection in Retail Bankruptcies|url=http://connection.ebscohost.com/c/articles/124102448|journal=Emory Bankruptcy Developments Journal|volume=33|pages=487–521}}{{Dead link|date=November 2019 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> Since most organizations have strong competitive incentives to retain exclusive access to customer data, and since customer trust is usually a high priority, most companies take some [[security engineering]] measures to protect customer privacy. There is also a concern that companies may sell consumer data if they have to declare bankruptcy, although it often violates their own privacy policies.<ref name=Siam/>

The measures companies take to protect consumer privacy vary in effectiveness, and would not typically meet the much higher standards of [[client confidentiality]] applied by [[ethical code]]s or [[legal code]]s in [[banking]] or [[law]], nor [[patient privacy]] measures in medicine, nor rigorous [[national security]] measures in military and [[Intelligence agency|intelligence organizations]]. The [[California Consumer Privacy Act]], for example, protects the use of consumer privacy data by firms and governments. This act makes it harder for firms to extract personal information from consumers and use it for commercial purposes. Some of the rights included in this act include:<ref>{{Cite web |date=2018-10-15 |title=California Consumer Privacy Act (CCPA) |url=https://oag.ca.gov/privacy/ccpa |access-date=2024-02-23 |website=State of California - Department of Justice - Office of the Attorney General |language=en}}</ref>

* The right to know about the personal information a business collects about them and how it is used and shared
* The right to delete personal information collected from them (with some exceptions)
* The right to opt-out of the sale or sharing of their personal information
* The right to non-discrimination for exercising their CCPA rights

Since companies operate to generate a [[Profit (accounting)|profit]], commercial organizations also cannot spend unlimited funds on precautions while remaining competitive; a commercial context tends to limit privacy measures and to motivate organizations to share data when working in partnership. The damage done by privacy loss is not measurable, nor can it be undone, and commercial organizations have little or no interest in taking unprofitable measures to drastically increase the privacy of customers. Corporations may be inclined to share data for commercial advantage and fail to officially recognize it as sensitive to avoid legal liability in the chance that lapses of security may occur. This has led to many [[moral hazard]]s and customer [[privacy violation]] incidents.<ref>{{Cite journal|last=Vagle|first=Jeffrey L|title=Cybersecurity and Moral Hazard|journal=Stanford Technology Law Review|volume=67|issue=2020|pages=71–113}}</ref>

Some services—notably [[telecommunications]], including [[Internet]]—require collecting a vast array of information about users' activities in the course of business, and may also require consultation of these data to prepare [[Invoice|bills]]. In the US and Canada, telecom data must be kept for seven years to permit dispute and consultation about phone charges. These sensitivities have led telecom regulation to be a leader in consumer privacy regulation, enforcing a high level of confidentiality on the sensitive customer communication records. The focus of consumer rights activists on the telecoms industry has super-sided as other industries also gather sensitive consumer data. Such common commercial measures as software-based [[customer relationship management]], rewards programs, and [[target market]]ing tend to drastically increase the amount of information gathered (and sometimes shared).  These very drastically increase privacy risks and have accelerated the shift to regulation, rather than relying on the corporate desire to preserve goodwill.{{citation needed|date=July 2019}}

Concerns have led to consumer privacy laws in most countries, especially in the [[European Union]],<ref>{{Cite book |last=Skiera |first=Bernd |url=https://www.worldcat.org/oclc/1303894344 |title=The impact of the GDPR on the online advertising market |date=2022 |others=Klaus Matthias Miller, Yuxi Jin, Lennart Kraft, René Laub, Julia Schmitt |isbn=978-3-9824173-0-1 |location=Frankfurt am Main |oclc=1303894344}}</ref> [[Australia]], [[New Zealand]] and [[Canada]]. Notably, among developed countries, the [[United States]] has no such law and relies on corporate customer privacy disclosed in privacy policies to ensure consumer privacy in general. Modern privacy law and regulation may be compared to parts of the [[Hippocratic Oath]], which includes a requirement for doctors to avoid mentioning the ills of patients to others—not only to protect them, but to protect their families— and also recognizes that innocent third parties can be harmed by the loss of control of sensitive personal information.<ref>{{Cite journal|last=Hajar|first=Rachel|date=2017|title=The Physician's Oath: Historical Perspectives|journal=Heart Views |volume=18|issue=4|pages=154–159|doi=10.4103/HEARTVIEWS.HEARTVIEWS_131_17|issn=1995-705X|pmc=5755201|pmid=29326783 |doi-access=free }}</ref><ref>{{Cite journal|last1=Indla|first1=Vishal|last2=Radhika|first2=M. S.|date=April 2019|title=Hippocratic oath: Losing relevance in today's world?|journal=Indian Journal of Psychiatry|volume=61|issue=Suppl 4|pages=S773–S775|doi=10.4103/psychiatry.IndianJPsychiatry_140_19|issn=0019-5545|pmc=6482690|pmid=31040472 |doi-access=free }}</ref>

Modern consumer privacy law originated from telecom regulation when it was recognized that a [[telephone company]]—especially a [[monopoly]] (known in many nations as a [[Postal, telegraph and telephone service|PTT]])—had access to unprecedented levels of information: the direct customer's communication habits and correspondents and the data of those who shared the household. Telephone operators could frequently hear conversations—inadvertently or deliberately—and their job required them to dial the exact numbers. The data gathering required for the process of billing began to become a privacy risk as well.  Accordingly, strong rules on operator behaviour, customer confidentiality, records keeping and destruction were enforced on telephone companies in every country. Typically only police and military authorities had legal powers to [[wiretap]] or see records.  Even stricter requirements emerged for various banks' electronic records. In some countries, [[financial privacy]] is a major focus of the economy, with severe criminal penalties for violating it.{{citation needed|date=July 2019}}