Rethinking Privacy Laws for Subscriptions: A Consumer Harm Perspective
摘要
Consumers spend billions of dollars each year on online subscriptions, and spending continues to grow. Despite major privacy statutes, gaps remain in how these laws protect personal data in subscription-based models. This paper examines consent under the CCPA and GDPR, showing how narrow interpretations and weak consent mechanisms expose subscribers to harm. Using a privacy-defining framework, we analyze documented disputes between consumers and businesses to assess the application and interpretation of these laws and to identify vulnerabilities specific to subscriptions. We find that many subscription businesses employ exploitative data practices that conflict with modern privacy statutes and cause consumer harm. Consumer research also indicates a desire for greater control over personal data while using subscriptions. We propose updates to consent mechanisms and default data-handling procedures that increase user control and transparency across the subscription lifecycle, aligning practice with consumer intent and the aims of contemporary privacy law.