Odds Improving Congress Will Pass Federal Privacy Law, CES Told

“There’s probably a better chance than there has been in past years” for legislation, Ohlhausen told us. “That doesn’t mean it will actually happen. It’s just a very complex area.” A privacy law would affect just about every U.S. business, she said.

“There’s a pretty decent chance” for legislation, said Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology. “It’s rare that you have all of industry asking for something,” she said in an interview. “The devil will always be in the details, but this is a very unusual situation where we are post passage of these state and international laws but before they have gone into effect.”

House or Senate approval of a bill this year would still be a step forward, Richardson said. The California law forces the issue, she said. “You don’t want to get too far down the road of having different state regulations that companies successfully implement.”

Former Rep. Darrell Issa, R-Calif., said a privacy law is likely, and lawmakers have to get the ground rules right. “Congress does two things very well -- nothing at all and overreacts,” Issa told us. “That’s not just an applause line or a joke line, it’s a truth. We have done almost nothing in this area for a very long time.” The question is “what are going to be the ground rules that allow for that legislation to be well thought out and not like California’s knee-jerk three-week decision,” Issa said. He doesn't see privacy as a partisan issue.

Ohlhausen filled in for NTIA Administrator David Redl, who didn’t go to CES because of the partial federal shutdown (see 1901100020), keynoting a privacy discussion. The FTC has urged Congress to enact data security and breach notification legislation, which would put additional requirements on companies and allow the agency to pursue civil penalties, she said. The commission is also holding hearings on privacy and data security. “One of the things [the FTC] is focused on is their remedial authority,” Ohlhausen said: The agency wants to know how it can develop stronger tools to use against bad actors: “Technology and policy are very much in the government’s sights.”

The problem is the FTC doesn’t have power by law to do a specific thing but rather “to look for a scenario that is in fact wrong,” Issa said on a panel. It doesn’t put out “a definitive document or best practices,” he said. “Then they go after you when shit happens. That’s a reality. They have to try figure out what best practices are after something happens.”

Three worldviews are emerging on privacy, said Michael Petricone, CTA senior vice president-government and regulatory affairs. “You’ve got the European view where privacy is a human right and all the data belongs to the user,” he said. “You have the Chinese view where you have no privacy and all the data belongs to the government.” The traditional U.S. view is a hybrid.

“In terms of the tech economy, that hybrid approach has worked really well,” Petricone said. Most agree a state-by-state approach won’t work, he said. Consensus is possible this year, before 2020, when California’s law takes effect, he said.

Privacy concerns are huge here, said Jules Polonetsky, CEO of the Future of Privacy Forum. “We’re doing really cool and wonderful things, but with incredibly intimate and sensitive data.” Nearly daily, media report data problems or new litigation, he said. “People want certainty,” he said. “It’s time for us to put rules in place. Let's get it right. If you don’t think the Europeans got it right, let's show how we can get together and hammer it out.”

People have digital civil rights, Richardson said. “It’s not something to barter, it’s something so important that it can’t be signed away,” she said. “There should be a baseline behavior that we can expect from all the data collectors and the data processors, regardless of who you are or where you are or what box you check.” Setting the baseline will be hard, she said.

“If consumers don’t trust the products and the services that companies are offering, they’re not going to adopt them,” said Melissa Tye, Verizon vice president-public policy, on another panel. “In the past few years, it has become apparent that our national approach to privacy just isn’t working. We’re hopeful that Congress will pass federal privacy legislation in 2019.”

CES Notebook

AT&T Communications CEO Tom Donovan touted 5G efforts it has underway and defended the company’s use of the term for “5GE” or 5G Evolution. Other carriers called AT&T’s use of the term misleading (see 1901080024). "If I now occupy beachfront real estate in my competitors' heads, that makes me smile," Donovan said. AT&T said at CES two years ago it would launch an “on ramp” to 5G and call it 5GE, he said. Overnight, phones that in 400 markets indicate coverage was LTE now say it’s 5GE, he said. It’s “just a small piece of real estate” on the phone, he said. The message tells consumers their speed is twice what it was with traditional 4G LTE, he said. “We have markets now that it’s far in excess of that.” Research found customers want to know when their network improves, Donovan said. “We broke our industry’s narrative two days ago and they’re frustrated and they’re going to do what they do,” he said. “This is the ‘yes, you can’ technology,” Donovan said of 5G. It’s the first generation of wireless that’s “software-centric, that has all of the capabilities of the world around it, built into it,” he said. AT&T’s initial launch of 5G is going well, he said. The wireless industry in the U.S. is “highly competitive” and built on superlatives, everything is “first, biggest, widest best,” he said. “We were really proud in December that we got a real device that you could buy in a store and a real network in 12 cities.”