The recent revelation that Facebook has allowed device makers including Apple, Samsung and Huawei broad access to user data raises fresh questions about the legal and ethical constraints on companies’ data usage practices and could prompt a reckoning that would pull the U.S. closer to the tighter controls of the general data protection regulation currently in place in the European Union, attorneys say.
Rutan & Tucker LLP attorney Michael Hellbusch told Law360 that a good question to ask before sharing personal data with third parties is “whether the same result can be achieved without disclosing personal data,” and that companies — especially those under obligations such as GDPR —”should evaluate carefully whether they have a lawful basis to share the personal data and, more importantly, whether the third-party receiving the data pasts muster as a reputable and trustworthy recipient of that data.”
“Businesses are quickly developing privacy reputations with the general public,” Hellbusch said. “Even if not explicitly illegal or in breach of an agreement, sharing personal data, or more personal data than is necessary to accomplish the task, can have serious impacts on a company’s privacy reputation.”