"Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Ray Kingman, CEO at Semcasting.
Recent polling indicates overwhelming public support for GDPR-style privacy regulation in the United States.
Congress has discussed privacy frequently since Facebook’s Cambridge Analytica scandal. And there’s the California Consumer Privacy Act, Vermont’s law regulating data brokers and threats of privacy legislation from Colorado, Oregon, Virginia, Nebraska and others, creating the potential for a patchwork of legislation that begs for a federal response.
Throw in a recent Facebook hack and Google shutting down Google+ after failing to notify 500,000 users of a data breach, and it appears we have a recipe for national privacy regulation.
There is stakeholder consensus behind the idea that people have a right to choose how their identities are managed and distributed.
Industry groups and tech titans have finally retreated from their self-regulation framework of the previous decade. They’re now pushing the Trump administration hard for a national privacy law. And on Wednesday, Apple CEO Tim Cook called for national privacy legislation inspired by GDPR.
Despite support voiced by tech companies, any final privacy law will undoubtedly be covered with industry fingerprints, but as Sen. John Thune (R-SD) said, “It is increasingly clear that industry self-regulation in this area is not sufficient.”
But in 2018’s bizarre political climate, even a clear need for legislative action is certain to be run into a ditch or two.
After a Sept. 26 Senate Commerce, Science and Transportation Committee hearing, Thune said a bill would probably be introduced next year. He said the industry wants national regulation rather than individual state laws, and it wants the Federal Trade Commission (FTC) as the primary enforcement body.
Sen. Brian Schatz (D-Hawaii) did something that day that Democrats seldom do: advocate for states’ rights in an area that obviously demands federal action.
"We're not going to … replace a progressive California law, however flawed you may think it is, with a nonprogressive federal law," Schatz said.
Is there enough momentum?
While there are no guarantees that a legislative effort won’t fall flat, the evidence suggests that the climate for a national internet privacy law may be as good as it will ever get. But is it good enough?
Despite the alignment between stakeholders, legal complexities and an internet industry lobbying effort that has barely started, we’re probably only in round one of this fight.
Complicating matters may be a divided government in round two assuming the Democrats take back the House. But maybe divided government is just what is needed to force the conversation from the hyperbolic to where it belongs.
To strike a balance between the internet economy’s legitimate commercial interests and individuals’ right to choose how their data is used, we must agree that there’s a need to standardize data privacy laws. We must also agree that as a practical matter in an omniconnected world, there is no such thing as temporary or permanent digital anonymity or an enforceable right to be forgotten.
We must also accept that consumers should always have the right to choose how their identity is managed and distributed. And we must agree that businesses with a clearly articulated permissible purpose also have the right to conduct legitimate commercial activity, such as targeting advertising to potential customers until the consumer elects not to view said advertising.
We might not get a national privacy law from this next Congress, but if we don’t push with all our might for a federal law that strikes a balance between consumer and commercial rights, shame on us. This window – imperfect as it may be – won’t last forever.