Momentum Picks Up for Federal Data Privacy Protection
With a tough California law soon to take effect and a new Congress heading to DC, associations are making their case that the federal government should step in with new rules for data privacy and, potentially, new legislation.
With the 2018 election (mostly) resolved, associations are starting to move their focus to the policies that could get fresh attention in a revamped Congress.
Near the top of the list for many organizations is data privacy. The issue is set against the backdrop of a new law in California that takes effect soon and could shake things up for online providers already struggling to comply with the European Union’s General Data Protection Regulation.
Many technology and advertising organizations have pushed back on the California Consumer Privacy Act of 2018, arguing that a federal statute is needed instead. And with the House coming under Democratic control, the dynamics on the Hill are changing. Rep. Frank Pallone (D-NJ), the ranking member of the Committee on Energy and Commerce, has said that “meaningful privacy and data security protections” will be a priority in the new year. Even before the election, Sen. Ron Wyden (D-OR) had made a proposal of his own, CNET notes.
Groups such as the Internet Association, the Computer and Communications Industry Association (CCIA), and Digital Content Next (DCN) are likely to have some thoughts on what such a measure would look like. All three groups recently submitted comments on data privacy to the National Telecommunications and Information Administration, an agency of the U.S. Department of Commerce. NTIA is looking to develop a privacy framework that would recommend “outcomes” rather than adopt firm regulations.
In DCN’s comments, CEO Jason Kint and Senior Vice President of Government Affairs Chris Pedigo argued that federal law is better suited than state law to govern data privacy.
“Federal rules governing the treatment and protection of consumer data will provide certainty and clarity for industry—including both large and small companies and across multiple sectors,” they wrote [PDF]. “In addition, a patchwork of state and international frameworks could create confusion among consumers and potentially lead to loopholes that could be exploited by bad actors.”
Meanwhile, CCIA and the Internet Association, whose members include large tech companies such as Google and Facebook, made similar arguments, Multichannel News noted.
One sticking point over any rulemaking that is likely to play out: What agency would own the regulatory power? Privacy advocates—and Wyden’s bill—say the Federal Trade Commission should make the rules and dole out civil penalties. The Internet Association, however, called discussion of those questions “premature.”
The battle over online privacy at the federal level broke out in earnest last year, after the new Republican-led Congress eliminated privacy regulations established by the Federal Communications Commission during the Obama administration. That move led to an increase in activity at the state level and eventually the California law. Several developments since then further highlighted the issue, including the Cambridge Analytica scandal and a data leak that will lead to the shutdown of Google+ next year.
(MF3d/iStock/Getty Images Plus)