Despite widespread support for a federal privacy law across US citizens, businesses, civil rights groups, and even politicians, efforts to create one appear to have stalled.
Congress now appears to be placing its hopes in FTC regulation instead …
Background
Europe created the world’s toughest privacy law back in 2018, in the form of the General Data Protection Regulation (GDPR). Even Apple had to make improvements in order to comply.
That has created an appetite for similar legislation in other countries, including the US. Pretty much everyone agrees that a GDPR-style federal privacy law would be the sensible approach. Citizens would have the same protections no matter which state they live in, and businesses would have a single set of rules to follow, instead of different ones for each state.
Apple, for example, has been a strong advocate for a US version of GDPR, with CEO Tim Cook vocal on the subject.
We at Apple are in full support of a comprehensive federal privacy law in the United States. There, and everywhere, it should be rooted in four essential rights:
First, the right to have personal data minimized. Companies should challenge themselves to de-identify customer data—or not to collect it in the first place.
Second, the right to knowledge. Users should always know what data is being collected and what it is being collected for. This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham.
Third, the right to access. Companies should recognize that data belongs to users, and we should all make it easy for users to get a copy of…correct…and delete their personal data.
And fourth, the right to security. Security is foundational to trust and all other privacy rights.
Privacy and civil rights activists say that a single federal law would be a much better solution than the current mess of each state doing its own thing – or doing nothing at all. An overwhelming majority of 9to5Mac readers agree.
Even politicians seem on board with the idea – but have so far been unable to agree on a law.
Federal privacy law – plan B
One of the sticking points in Congress has been whether we need a distinct federal privacy law, or whether we should instead rely on beefed-up Federal Trade Commission (FTC) regulations. The Verge reports that the FTC route now appears to have the best chance of success.
On Wednesday, the Senate Commerce Committee plans to discuss the creation of a new privacy bureau at the FTC and “the need for a comprehensive federal privacy law.” It’s an uncomfortable dodge since Congress has thus far been unable to pass any such privacy law. But with states enacting their own privacy framework, there’s more pressure than ever for some part of the federal government to take action.
As legislative efforts have stalled, the FTC could be the Biden administration’s best bet at regulating the tech industry’s grasp over consumer data […]
Last week, several lawmakers, including a handful on the Senate Commerce Committee, wrote a letter to FTC Chair Lina Khan calling on the commission to write its own data privacy rules. The request came just a few months after the FTC voted to update its rulemaking procedures, making it easier for the agency to issue data rules. The letter also followed President Joe Biden’s nomination of Alvaro Bedoya, a longtime privacy and facial recognition critic, to become the third FTC Democrat.
Many, however, are skeptical. App Association president Morgan Reed says this could take a decade or more.
If Congress doesn’t pass privacy laws, and we spend the next six to 15 years in a [rulemaking] process where the FTC has to hobble together a set of rules within the confines of their existing regulatory authority, that is not an effective way to build trust with consumers about the way companies are handling their data.
There are also doubts that the FTC has the necessary resources.
“The FTC is not very well-funded to do this kind of work. It has limited resources and limited capabilities to engage in privacy work, plus all of the other work it has to do,” Sara Collins, privacy policy counsel at Public Knowledge, said Tuesday. “It’s a competition authority. It’s a general consumer protection authority. They have to have more resources to do this work.”
Democrats want to give the FTC an extra billion dollars for this work, but Republicans oppose the additional funding.
There is a small glimmer of hope, says Collins: The combination of state laws and FTC regulations could eventually force Congress to admit that a federal privacy law is a way out of the ensuing mess.
Photo: Ipse Dixit/Unsplash
FTC: We use income earning auto affiliate links. More.
Comments