In the age of mass data collection and use, the lack of Federal privacy protection is becoming a problem. Several states have adopted their own—often conflicting—regulations for online entities to control and protect consumers privacy rights, and the EU famously adopted its General Data Protection Regulation (GDPR), which went into effect in May 2018.
How to construct the right federal privacy law was the primary topic at the “Innovation & Privacy: How We Keep Both” conference session, moderated by Rachel Nemeth, director of regulatory affairs for CTA.
“We support comprehensive federal legislation,” stated Khaliah Barnes, privacy and public policy manager for Facebook. “There’s a fragmentation at the state level, which makes it difficult for companies to understand their obligations. We need strong, comprehensive federal privacy legislation to ensure clear and consistent privacy rights, and clear and consistent corporate obligations.”
The desire for federal privacy legislation sounds simple. But, as with all policy regarding the internet, the devil is in the details.
“There’s a lot of emphasis about getting it right, wanting to understand all the varying sides of things,” noted Evelyn Remaley, associate administrator of the National Telecommunications and Information Administration (NTIA), which advices the President. “There is a lot of consensus that there should be some sort of federal action—and a lot of different ideas on how to get there.”
Just after Thanksgiving, Senate Democrats introduced the Consumer Online Privacy Act (COPRA). However, gaining bipartisan support for the bill might take awhile given the current political climate.
“Technology will always move faster than our legislature ever will—and I actually think that’s a good thing,” said Christi Barnhart, senior counsel for one of COPRA’s co-sponsors, Senator Brian Schatz (D-Hawaii). He added that the concern in thinking of a federal privacy regulation is that it needs to be “strong and enforceable”, but also must have “an element of future-proof.”
Another concern is adopting legislation that isn’t overly regulatory, which could produce a cure that was worse than the disease—burdening both consumers and business, stifling innovation and economic growth.
“That’s one of the things we saw with GDPR,” asserted Maureen Ohlhausen, a former FTC commissioner, former acting FTC chair, and now a partner at Baker Botts. Overly-burdensome regulations would only entrench the big players because “they are the only ones who can meet all the requirements and keep up with all the new laws. It’s great for law firms, I can tell you that. But it’s not so good for small businesses, and not so good for start-ups.”
So the ball remains in Congress’ conflicted court. But Barnhart sees the bipartisan light at the end of the tunnel. “Both sides are committed to continue to work things out.”