How we may be closer to consensus on privacy legislation than it seems.
Anyone following the data privacy conversation knows it hasn’t been an easy road. It’s hard to keep track of the various proposals and regulations that have popped up on the state, federal and international levels, and it’s hard to truly understand what each does to protect consumers.
The confusing, problematic patchwork of regulations, for both consumers and businesses, has led to sometimes competing privacy protections based on jurisdiction that make it impossible to protect consumers in the most effective way possible and created costly and conflicting obligations for businesses. The good news is that there are many provisions and concepts on which lawmakers across the country can agree.
First is that we must move away from relying solely on the old “notice and choice” or “notice and consent” models of privacy. This model places far too much of the burden on consumers to manage their privacy, including lengthy privacy policy notices that are confusing and hard for consumers to understand. Bad actors can take advantage of this system and participate in data collection practices that are ultimately harmful to consumers. Privacy protections should instead place onus on companies to act in good faith by establishing a list of prohibited data practices they must comply with to ensure consumers are protected from harmful acts.
Many also agree that the FTC is the right agency to protect consumer privacy and enforce privacy laws. At a 2020 Senate Commerce hearing, former FTC Acting Chair Maureen Ohlhausen testified that comprehensive federal privacy legislation should include the FTC as the primary enforcer of the law and equip the agency with more resources to ensure they can adequately protect consumer privacy. And several current bills in Congress would provide the FTC with additional enforcement authority and resources to protect privacy. This is because the FTC is widely recognized as the expert agency on consumer data privacy and protection. No other agency has the history, expertise or experience to enforce privacy protections the way the FTC can.
Finally, and perhaps most importantly, all stakeholders agree there is an urgent need for federal privacy legislation. Sen. Richard Blumenthal (D-CT) recently spoke about the need for a federal privacy law to protect national security and establish U.S. leadership on data privacy. Jessica Rich, former director of consumer protection at the Federal Trade Commission, recently wrote that a federal bill is long overdue in providing consumer protections in the age of the internet. And Senate Commerce minority leaders recently sent a letter to President Biden urging him to work with Congress on a federal data privacy bill to protect Americans after they’ve shifted much of their activity online due to COVID-19. Though each stakeholder has their specific reasons, there is broad consensus that Congress needs to act now.
What America ultimately needs is for stakeholders to find common ground and work together to put forth a federal bill that ensures broad-based protections for all Americans, no matter where they live. A federal bill would also provide a clear set of rules for businesses to follow to ensure they aren’t inadvertently violating one state privacy bill in service of another.
As Congress continues to debate more controversial provisions, they should remember there is more consensus on the issue of privacy than there is difference. And they should use this momentum to really come together and work out the remaining issues in service of a federal privacy bill that protects all Americans as soon as possible.
Learn about P4A’s proposed approach: https://www.privacyforamerica.com/overview/