If Texas' standards for online privacy were graded, the Lone Star State would earn an "F," a new study indicates.
An analysis of online privacy laws in the 50 states shows Texas adheres to only five (25 percent) of the 20 privacy standards examined by pro-consumer tech research website Comparetech. Just two states surpassed the 50 percent mark — California (75 percent) and Delaware (55 percent). At 5 percent, Wyoming was ranked the worst state for online privacy protection laws.
Texas did, however, have some redeeming qualities. The state has laws on the books regarding how companies dispose of consumers' data, how organizations protect data about students in kindergarten through 12th grade, how biometric data is protected, and how journalists are shielded from revealing their sources, according to Comparetech.
Ranking 23rd in the Comparetech study, Texas fell short in areas such as social media privacy, security of insurance data, third-party sharing of data, and disclosure of what types of data companies collect about consumers.
"Texas still has a long way to go in protecting its residents' privacy, particularly when it comes to how companies and government entities can collect, use, and share personal data," says Paul Bischoff, a privacy advocate with Comparetech.
During Texas' 2019 legislative session, one comprehensive measure aimed at tightening online privacy laws, the Texas Consumer Privacy Act, failed to reach the governor's desk.
However, lawmakers passed and Gov. Greg Abbott signed the Texas Privacy Protection Act. This law, far less sweeping than the Texas Consumer Privacy Act, revises notification requirements under the Texas Identity Theft Enforcement and Protection Act, according to the Data Privacy Monitor blog. It also establishes the 15-member Texas Privacy Protection Advisory Council, which will recommend future legislation tied to data privacy.
In Texas, Bischoff says, companies still "have few restrictions on how they are allowed to gather information from users, how long that data can be retained, and with whom it can be shared. Likewise, government entities like schools and law enforcement are not bound by laws that would prevent them from invading people's privacy."
He notes, however, that Texas is among only four states that protect biometric data such as fingerprints and facial-recognition scans.
Among all the states, California "sets a fairly high bar" for protection of online privacy, Bischoff says, but even it fails to meet all of the pro-privacy criteria set out in the Comparetech study.
Around the country, most people support beefing up state laws governing online privacy, he says, "but technology has outpaced legislation, so many states just need time to catch up."
Some Americans, though, doubt that any laws can safeguard their online privacy. In a 2019 survey commissioned by privacy-technology company FigLeaf Inc., 29 percent of U.S. adults said they thought it was impossible to safeguard their digital information.
"Without question, consumers are telling us that online privacy is important to them. However, far too many believe online privacy is difficult, if not impossible, to achieve," Slava Kolomeichuk, co-founder and CEO of Deerfield, Illinois-based FigLeaf, says in a news release. "This attitude is resulting in individuals who are choosing to restrict their own online activity, which limits their personal freedom. Unfortunately, current tools do not give consumers the assurance they need that it is possible to control one's own online privacy."
Control of online privacy is a serious concern for U.S. adults. In a 2019 survey by SurveyMonkey, 58 percent of adults viewed online privacy as a crisis. For Texans, this concern won't be addressed by state lawmakers until the Legislature reconvenes in 2021. Meanwhile, federal lawmakers aren't expected to take action this year on an online privacy bill.
U.S. Sen. Richard Wicker, a Mississippi Republican who chairs the Senate Commerce Committee, is one of the main sponsors of the federal privacy legislation. He says Americans deserve the same online protections regardless of where in the U.S. they live or travel."That means internet privacy regulations should not vary across state lines," Wicker says on his website. "Not only would 50 different privacy standards leave Americans uncertain about what is being done with their data, but a patchwork of state-level interventions could also lead to uncertainty for businesses, bad internet service, and slower economic growth."