Because of the expansive technology that businesses can use to gather personal data on their customers, there are many privacy regulations that have been put into place to protect the rights of the user when online, which may be part of why cybersecurity insurance rates are rising. For example, in Europe, ePrivacy Directive is the governing body of user experience and privacy, and secures one’s right to privacy in terms of online tracking, personal profiting, unsolicited marketing tactics, and nonconsensual data harvesting by third parties. Similarly, the General Data Protection Regulation (GDPR) addresses data protection regardless of data type, giving users multiple rights and powers over where and with whom their data is shared. In the United States, state-specific legislation gives users rights related to the processing of their personal information. California, Colorado, and Virginia are only a few of the many states that outline specific guidelines for how data and private information is handled.
If too many users refuse to consent to sharing their data, businesses struggle to gather sufficient data and analytics may be rendered useless. When websites are unaware of the proportion of consenting users, what cohort is reflected in collected data, and if a sufficient sample is present to make accurate optimizations, it is increasingly difficult for businesses to make accurate inferences about user behavior. In addition, if these regulations are violated, there are heavy fines associated with non-compliance. In May 2018, the EU issued over 800 fines, and to date, big name companies like Amazon and Google have incurred millions of dollars in fines. It is tedious for users to read the consent agreement and give permission to a website to store their data, therefore a smaller proportion of users are consenting, leaving companies with insufficient information and a higher likelihood of fines and violations.