Consumers spend billions of dollars each year on online subscriptions, and spending continues to grow. Despite major privacy statutes, gaps remain in how these laws protect personal data in subscription-based models. This paper examines consent under the CCPA and GDPR, showing how narrow interpretations and weak consent mechanisms expose subscribers to harm. Using a privacy-defining framework, we analyze documented disputes between consumers and businesses to assess the application and interpretation of these laws and to identify vulnerabilities specific to subscriptions. We find that many subscription businesses employ exploitative data practices that conflict with modern privacy statutes and cause consumer harm. Consumer research also indicates a desire for greater control over personal data while using subscriptions. We propose updates to consent mechanisms and default data-handling procedures that increase user control and transparency across the subscription lifecycle, aligning practice with consumer intent and the aims of contemporary privacy law.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Rethinking Privacy Laws for Subscriptions: A Consumer Harm Perspective

  • Elena Nye,
  • Kambiz Ghazinour,
  • Mehdi Ghayoumi

摘要

Consumers spend billions of dollars each year on online subscriptions, and spending continues to grow. Despite major privacy statutes, gaps remain in how these laws protect personal data in subscription-based models. This paper examines consent under the CCPA and GDPR, showing how narrow interpretations and weak consent mechanisms expose subscribers to harm. Using a privacy-defining framework, we analyze documented disputes between consumers and businesses to assess the application and interpretation of these laws and to identify vulnerabilities specific to subscriptions. We find that many subscription businesses employ exploitative data practices that conflict with modern privacy statutes and cause consumer harm. Consumer research also indicates a desire for greater control over personal data while using subscriptions. We propose updates to consent mechanisms and default data-handling procedures that increase user control and transparency across the subscription lifecycle, aligning practice with consumer intent and the aims of contemporary privacy law.