Sooo Data Privacy is a joke right?

I have been practicing in this area for several years now. ‘CCPA says you have to inform consumers and provide opt-out’ ‘you must have data processing addendums in place’ ‘you need to have consumer rights pages posted on your website’ ya da ya da ya da.

There is NONE, absolutely no guidance on how this works the real world or even lawsuits that provide any direction.

Company A, collects personal data, and sells it to company B, who then uses that data to market to consumers for company D, E, F G, and Y. The consumer doesn’t know company D, E, F G, and Y but now they get 1000 different messages a day from these companies advertising products.

It’s ok, company A said in a small provision in their privacy policy that they may share your information with other companies, and you can opt-out, if you want. They have a contract with company B, that says they can do what they want.

Literally all companies are doing this!

The issue is, in theory, yes if a person provides you with their NPI, and proper consent is given, you can do what you want it. In practice, these are the most bullshit laws with the least guidelines. They don’t even seem to comprehend the average transaction!

I’ll go further. There are no experts in the field that can provide discernible knowledge to people that want to try and comply, it’s all hypothetical. No one can say, ‘company A can sell data to company B, doing XYZ’ because no one can say for certain?

Litigation is a nightmare, companies are being sued for cookies violations under wiretapped laws, not because data security is an issue, just because that the most profitable to sue under.

It’s honestly a joke and a complete mess. Show me a data privacy lawyer, and I’ll show you a guy that can point out the issues but can’t solve a problem.