Technology

Advocates draw battle lines over national privacy law

by Harper Neidig 11/13/18 06:00 AM ET

Internet privacy advocates are drawing a line in the sand for lawmakers as Congress begins considering a federal data privacy bill.

A coalition of 34 public interest groups on Tuesday released a set of privacy principles that they want codified in any comprehensive data bill that Congress drafts.

They say the principles are the bare minimum privacy protections any legislation should include, including giving consumers more control over data and making it easier to sue internet giants in court over violations.

{mosads}

It’s the result of mounting frustration for advocacy groups who say Silicon Valley has been able to regulate itself and fear the prospect of industry lobbyists writing the new law.

Various industry groups have already released their own wish lists for lawmakers in recent months to capitalize on the growing momentum for a federal privacy law.

“The companies have been sucking all of the oxygen out of the internet privacy debate for a while now,” Allie Bohm, a policy counsel with the consumer group Public Knowledge, which helped draft the proposal, told The Hill. “It’s extraordinarily important that public interest voices, that consumers, that civil rights advocates, that privacy advocates be heard in this debate.

“We are, after all, the ones representing actual human beings who care about privacy and whose personal information is at stake here,” she added.

Their proposal consists of four broad principles: that a privacy law be comprehensive and apply to all industries that collect user data, protect against algorithmic discrimination, empower federal agencies and states with strong enforcement mechanisms and give individuals the ability to fight back in court when their privacy is violated.

“The current U.S. data privacy regime, premised largely upon voluntary industry self-regulation, is a failure,” the document reads. “The public needs and deserves strong and comprehensive federal legislation to protect their privacy and afford meaningful redress. Privacy legislation is essential to ensure basic fairness, prevent discrimination, advance equal opportunity, protect free expression, and facilitate trust between the public and companies that collect their personal data.”

Among the 34 groups that signed on to the proposal are the Center for Democracy and Technology, Human Rights Watch, Public Citizen and the National Hispanic Media Coalition.

The new push for a privacy bill didn’t start with those advocates, many of whom have been calling for greater protections for years, but rather with the private sector. And it was later taken up by top Republicans, who have largely been hesitant to impose any regulations in recent years even after major breaches at companies like Yahoo, Equifax and Uber.

But California’s passage in June of a new privacy law that is the toughest in the country was a wake-up call to the industry. That law goes into effect in 2020, and Silicon Valley is already scrambling to head it off, asking Congress to preempt it and any other regulations at the state level.

“Our goal is to have a nationwide privacy law signed by the president and to be the law of the land, rather than have a piecemeal approach that’s state-by-state,” said Michael Beckerman, the president CEO of the Internet Association, a trade group representing major tech companies like Facebook, Google and Amazon.

“It doesn’t make sense to have a patchwork of state laws,” Beckerman continued. “It’s confusing for individuals and it’s bad for startups and other companies that are trying to comply.”

The California law gives consumers greater control over their data and requires companies to be more transparent over how they collect and use it.

One of the biggest sticking points in the fight between privacy advocates and industry groups over a federal law will be how to handle laws passed by California and other states.

The consumer organizations behind the privacy principles on Tuesday think that states should be free to impose and enforce their own tougher data standards on top of anything Congress passes.

“We’re talking about a federal floor and not a federal ceiling, and that’s what really sets us apart from the companies,” Bohm said.

For now, it’s unclear when a congressional bill will take shape.

Democrats, who are more likely to be sympathetic to the privacy demands from consumer groups, have signaled that data protection will be a high priority for them when they take over the House next year. And Republicans have yet to rally around their own expectations for any such legislation.

But it’s clear that there’s momentum for a new standard and support for stronger enforcement. And both sides are digging in for a long fight.

One proposal that was released last week by Sen. Ron Wyden (D-Ore.) includes the prospect of prison time for executives of companies that repeatedly violate user privacy.

Still, that bill may not gain traction among Republicans, who still hold the Senate and the White House.

California Attorney General Xavier Becerra, a former House Democrat who’s now tasked with enforcing the nation’s only data privacy law, says that he thinks the fight over a national bill will likely drag out for at least two more years.

“I suspect Sen. Wyden’s proposal will get a lot of consideration. Ultimately what could become law is far, far away,” Becerra said at an Aspen Institute event last week.

“I don’t expect that you’re going to see something fly through this upcoming Congress,” he added.