Congress debated privacy!
 | | Senator Maria Cantwell and committee chairman Senator Roger Wicker listen during a hearing before the Senate Commerce, Science and Transportation Committee in October.Alex Wong/Getty Images |
|
The holiday season is upon us. The race for the White House is underway in anticipation of its first primaries. And, of course, there’s impeachment. So you could be forgiven for not quite paying attention to the other set of hearings in Washington that are near and dear to this newsletter’s heart: federal privacy legislation. |
Because this debate is critically important to the future of the internet and because it’s a complicated policy argument, I wanted to attempt a quick run-through of what happened in recent weeks. |
- Consumers would have the right to view, correct and delete their data. They would also theoretically be able to stop it from being sold by third parties.
- Companies could face higher fines for data abuse.
- Companies could be fined for first-time privacy offenses.
- Companies would be forced to obtain special permission to collect sensitive data. This would include location information, biometrics and other information that can’t be easily changed, like a password.
- The Federal Trade Commission could expand with the creation of a bureau for privacy.
- A data security fund would be established, to be run by the Treasury Department.
- State attorneys general would be allowed to bring privacy lawsuits under federal law.
- Companies would be required to audit their algorithms for bias — especially with regard to financial discrimination or housing.
|
First, some reactions to the bill. |
The Electronic Frontier Foundation was generally in favor but had misgivings around one point: |
| COPRA satisfies two of EFF’s three key priorities for federal consumer data privacy legislation: private enforcement by consumers themselves; and no preemption of stronger state laws. COPRA makes a partial step towards EFF’s third priority: no “pay for privacy” schemes. |
In a tweet, Roger McNamee, an investor turned privacy advocate, called the bill a “step in the right direction,” arguing that “it does not try to do everything. Key elements: right of private action (individuals would be able to sue companies for privacy violations), and allowing states to create their own laws. |
On the Republican side, Senator Roger Wicker responded a few days later with a draft consumer privacy bill. Wicker said that much of the bill aligns with legislation introduced by Senator Cantwell. |
There are a few major differences, though. Wicker’s bill, according to a Reuters report, “would set nationwide rules for handling of personal information online and elsewhere and override state laws, including one in California set to take effect next year.” The other big area of disagreement is over a private right of action — whether individuals can sue companies under the law for violations of their privacy. |
Cameron Kerry, a former Department of Commerce general counsel who has written extensively about federal legislation, argues that the private right of action will be particularly difficult to resolve in negotiations because it is “anathema to congressional Republicans and many businesses.” The issues, he writes, may “be resolved only with a committee markup or a floor vote.” |
Here’s Kerry’s sober summary of the two bills: |
| The Wicker draft would allow wider latitude for existing data practices of many businesses, while the Cantwell bill is generally more detailed in requirements and broader in application. Nevertheless, there are also some areas where the Wicker draft is more protective of consumers, such as in the scope of exceptions for small businesses, and both proposals would raise individual privacy protection beyond existing federal law and even the CCPA. |
So, where does that leave us? Last week, there were rumblings that Congress might see December as its best chance to sneak some real legislation through. Wishful thinking. |
Legislative realities aside, there’s some reason for optimism. The Cantwell and Wicker bills are not really that far apart. While I haven’t seen the full details of the Wicker bill, both lawmakers are looking at data protections much more granularly. Both seem to think the F.T.C. ought to have more power to enforce. This is all a step forward from previous discussions on the Hill, which focused largely on theoretical issues like whether the bill should be modeled after the European Union’s G.D.P.R. Seeing these disagreements feels a bit like progress. |
That said, the disagreements are too important. While businesses certainly would like a one-size-fits-all federal law to pre-empt state laws, it would offer tech companies safe harbor from more aggressive privacy-legislating states like California. But perhaps most important is the right to action, which could substantially wrest the power over data back from Big Tech to consumers. And there’s some compelling data suggesting that forced arbitration in consumer contracts has outsize benefits for tech companies. According to The American Prospect: |
| The data, submitted by the tech firms themselves in response to questions from the House Antitrust Subcommittee, are believed to be the first time such arbitration statistics have been provided publicly. They show that a trivial number of employees, customers, and contractors bother to pursue arbitration against the likes of Facebook, Google, Amazon, and Apple. Google contractors, for example, initiated a grand total of three arbitration claims between January 1, 2014 and September 1, 2019, less than one per year. Google employees submitted only 11 arbitration claims during that time period. |
Ultimately, it seems like a mistake for Congress to move forward too quickly to put a compromised bipartisan bill into law. The privacy debate has come a long way, and while there’s certainly urgency on behalf of exploited citizens as well as lawmakers, the issue is far too complex and too important to rush. |
IAAU: Incredibly Annoying Acronym Update |
If you’re trying to follow the privacy legislation discussion, you may have noticed that the acronyms lawmakers have adopted are confusing and awful. Tony Romm, the reporter who broke the news of the Cantwell bill, has a handy guide to the madness. |
 | | Twitter |
|
Send me your pressing questions about tech and privacy. Each week, I’ll select one to answer here. And if you’re enjoying what you’re reading, please consider recommending it to friends. They can sign up here. |
歡迎蒞臨:https://ofa588.com/
娛樂推薦:https://www.ofa86.com/
沒有留言:
張貼留言