While attending the University of Chicago, my dad, like many college students, often stopped by his favorite pizza parlor for some choice deep dish pan pizza. Since then, many of the mom and pop pizza parlors he frequented have migrated online to serve a larger customer base and cut down on brick and mortar expenses. But with the impending passage of SB 1502, these Illinois mainstays of the community might be facing burdensome costs that provide no real benefit to them or their customers.
SB 1502 would require the operator of a commercial website or online service to notify customers anytime information about them is collected or disclosed. This information can be for germane purposes and operational maintenance to reasons related to the nature of the website.
We can better understand the effect of the law by returning to the website for a pizza parlor.[pullquote]SB 1502 gives customers a false sense of security while impeding hard working Illinoisans from running their businesses.[/pullquote]
If the parlor takes your name to match you with your pizza, that requires notification. If the parlor collects your address or phone number to deliver the pizza, that requires notification, too. And if you pay for your pizza with a credit card, that collection of financial information mandates notification, as well. But are any of those notifications necessary? Is it unexpected that the parlor needs that information to complete the transaction?
Ultimately, what SB 1502 means is that a mom and pop business will have to pay for a lawyer to draft a privacy policy agreement for its website.
Not only are these policies expensive, an off-the-shelf version costing up to $5,000, the existence of the agreement subjects business owners to the risk of litigation. Even if an owner even unintentionally violates his own privacy policy, he could face an enforcement action from the FTC or a suit under this law.
The law is also problematic because it ignores the tenant: customers don’t read contracts. Decades ago, renowned Yale law school professor, Arthur Allen Leff said, “Some people would sign a contract even if ‘THIS IS A SWINDLE’ were embossed across its top in electric pink.” Years later, University of Pennsylvania Studies confirmed Leff was right. The Studies found that the majority of consumers don’t actually read privacy policies.
I understand and support the idea behind this bill, increasing transparency about online data practices. But this bill fails to achieve its goals as few people ever read these privacy policies.
How is the law supposed to help consumers if they’re not going to the read privacy policy and enter the website anyway? Instead of acknowledging this truth, SB 1502 gives customers a false sense of security while impeding hard working Illinoisans from running their businesses.
We cannot confuse redundant notifications with actual security. If we do, we may risk losing many of the businesses that makes Illinoisans feel they’re at home.