Privacy Legislation Prospects Murky, Though Parties Interested, Say Panelists
Privacy issues are getting much attention, but it's unclear if Congress will pass a bill this session, panelists suggested at a Public Knowledge event Monday. Megan Stifel, PK cybersecurity policy director, said though there's over a 60 percent chance a bill will be enacted, she was even more optimistic last fall. Most others didn't handicap the prospects. Yael Weinman, Verizon privacy associate general counsel, said her company and others are "interested" in privacy legislation. Abigail Slater, Internet Association general counsel, said "constructive conversations" are occurring.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Prolific state privacy and broadband activity makes a "federal conversation more likely," said Justin Brookman, Consumers Union director-consumer privacy and technology policy. Lawmakers could address some "low-hanging fruit," such as preventing companies from charging consumers for remedial steps after a data breach, but broader privacy legislation is "less likely," said Eric Null, New America Open Technology Institute policy counsel. He doubted he would like what Congress might produce, given its current leadership.
Last's year's Equifax data breach showed the current privacy framework isn't working, said Harold Feld, PK senior vice president. Saying no single bill can be expected to resolve privacy concerns, he outlined four principles he proposed in a December white paper for considering legislation: "Americans deserve the right to own and control their personal information"; "Context matters"; "Americans need more privacy protection, not more federal preemption"; and "Backward compatibility with existing federal privacy and data breach protections" is needed.
CU's Brookman agreed with giving consumers more control, including through some opt-out rights, but that should be paired with industry steps, such as data minimization. "I just want to make sure we don't put too much burden" on consumers, he said. OTI's Null agreed with giving consumers control but said it's no longer an "analog world" with "just a couple decision points." Verizon's Weinman said such control "really gets down to what is practical" and said industry already is taking many innovative steps to help consumers. IA's Slater said it's sometimes better to adopt "West Coast" tech solutions than "East Coast," Washington solutions.
The consumer advocates generally supported incorporating "context" into privacy safeguards, with Brookman backing a distinction between "sensitive" and "nonsensitive" information. They also generally supported allowing states to come up with privacy protections. Weinman backed a "one-size-fits-most" approach because she said consumers don't want to deal with a lot of granularity and complex distinctions between providers.
Weinman and Slater supported federal pre-emption of state privacy regulation, calling fragmented regulation impractical. The industry representatives backed the use of FTC privacy enforcement, often by detailed consent decrees. Weinman called such actions more "nimble" than regulatory rulemakings. Brookman said there should be middle-ground legislation that sets high-level federal principles that go beyond the FTC's "unfair and deceptive" practice standard, with agency enforcement actions to implement the details. Null said rules are still useful.