A 3D-printed Facebook Like symbol is displayed in front of a U.S. flag in this illustration taken, March 18, 2018.

© 2018 Reuters

Public concern in the United States about what happens to personal digital data has rightly exploded following reports about data analysis firm Cambridge Analytica’s alleged access to information about Facebook users. While Cambridge Analytica has disputed many aspects of what has been reported about its access, it appears that many affected users were likely unaware of the collection of their data or how it could be used.

The bigger issue here is that privacy laws in the US are currently too weak to prevent abuses of social media data by intelligence agencies, law enforcement, advertisers that engage in discriminatory profiling, or others who may violate rights. Americans badly need congressional action to adopt stronger legal protections for their data.

Today, internet-based companies in the US can create and store large pools of data about our religious and political leanings, race, and sexuality, among other aspects of our private lives. These enormous data collections pose obvious temptations for government and others who might wish to profile and target people in violation of their rights, including criminal hackers and fraudsters.

Decades ago, the UN Human Rights Committee foresaw these problems. In a clairvoyant analysis of the human right to privacy from 1988, this body of experts concluded that the gathering and storage of digital personal data “must be regulated by law,” and that countries should take “effective measures” to prevent this information from reaching those who would use it to abuse rights. The committee also embraced a vision of a world in which people can control data about themselves, stating that everyone should be able to find out whether government bodies and private entities hold such information about them, and get that data corrected or deleted if it is wrong or was collected illegally.

This is not impossible: beginning in May, the ambitious and binding General Data Protection Regulation (GDPR) will apply in all 28 European Union countries. While not perfect, the regulation will require innovative protections for users, such as ensuring more fully informed consent by users to the collection of data about them. It would also help them learn what personal information has been gathered about them.

Next week, the US House of Representatives will hold a hearing on Facebook’s protection of its users’ data. This should be the start of something bigger: a move toward laws that protect everyone in the US from data misuse that can undermine human rights.