TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | A state legislator’s perspective on data privacy legislation Related reading: Utah on the cusp of US's latest comprehensive state privacy law

rss_feed
GDPR-Ready_300x250-Ad

If you are a data privacy professional trying to keep up with state-level data privacy legislation, then you deserve a vacation. We legislators can be a frustrating bunch — whether it’s because of our inept drafting skills or our ignorance about “dark patterns,” we sure can make things difficult for people trying to follow along. If I had my druthers, I’d make it easy on you, and every state would simply pass my legislation, HB 1602, a comprehensive opt-in data privacy framework, and we could all move on. But, alas, I lack a magic wand.

Fortunately, I do believe we are on the cusp of either federal pre-emption or uniform state-level laws. Why do I believe this when only a few states have actually enacted such laws, and the federal government is gridlocked? First, because you are seeing a growing coalition of organizations calling on the federal government to act, if for no other reason than to guarantee trans-Atlantic data transfers. Second, even if the federal government continues to rest on its laurels, you can be assured there will not be a patchwork of 50 different laws in 50 different states. If you look at the myriad of bills filed, you’d have some justification for that fear, but I believe the patchwork problem is and always has been a red-herring argument because commercial realities dictate states ultimately pass more uniform laws. A state’s failure to do so would make it an economic pariah. 

From my perspective, the bigger concern is what the uniform law will look like when the dust settles. Part of the reason data privacy legislation has been such a disjointed process is because we have elected officials attempting to make law in a highly specialized and technical area, and they do not fully appreciate the content or context of that law. This critique is not unique to data privacy legislation, and it is not a unique critique about legislators in general because it is a practical reality. Legislators are like everyone else, humans with a finite amount of time and mental bandwidth. It is impossible to know everything about every bill you vote on as a legislator. 

So, I am writing to ask for your help, individually. Personally.

I write with the hope that you see an opportunity in this fiasco that is the legislative process and that you would be willing to help volunteer to educate me and my colleagues about how what we’re doing affects you and your clients. As an individual in the data privacy field, your voice is more important — and powerful — than you know, and you personally can be part of the solution to the data privacy legislation conundrum.  

Before you put this down because you don’t want to get involved in politics, I’m not asking you to do anything political. I’m not asking you to be for the red, blue or green team. I’m asking you to become educational. I’m asking that you take your experience and training and help your elected officials understand what they’re doing and how it will impact those in your sphere of influence. You can become their “personal privacy advisor.” You don’t have to give an opinion about whether opt-in or opt-out is a better method of data control or whether a private right of action is a good idea; you can simply explain what certain concepts mean and how they would affect your line of work and look back at your representative or senator and say, “It’s your choice.”  

I fear that too many people believe the trope that legislators don’t listen to their constituents, only to big money. In my experience, that isn’t true. As a whole, legislators want to know how what they’re doing affects their constituents, and they also want to know when they’re being led down a primrose path through fancy lobbying efforts. The consequence of a bad vote could be a lost election. Legislators who don’t listen to their constituents don’t last long.

Your legislator wants to hear from you not just because you are a voting constituent but because you have the ability to be unbiased. Let me explain: I’ve never taken the time to learn about cattle, so if there’s a bill on the House floor about cattle (not an infrequent occurrence in Oklahoma), this urban Democrat turns to his rural Republican colleagues and asks, “What are your thoughts?” 

I listen to these people because they deal with cattle every day. It only makes sense that it would be a good idea for me to listen to them on matters that touch their lives. However, there aren’t equivalent data privacy professionals hanging around on the House floor to engage with on a discussion about data privacy. As a result, there are no trusted colleagues to turn to for help on a disputed aspect of a data privacy bill.  

When legislators don’t have trusted colleagues on a matter (e.g., my rural colleagues), they typically turn to special interest groups (e.g., the cattleman’s association). To be clear, special interest groups are not inherently negative or evil. Special interest groups have common interests in legislation, and they range the gamut from disability advocates to the American Heart Association. The reason special interest groups get a bad rap is because they can devolve from advocates of truth to advocates of their truth. In my experience as a legislator and as a person in general, the truth is usually halfway between opposing interest groups.  

Unlike many other areas of legislation, data privacy is an area where your voice can have an outsized impact because more mature and developed areas of law have more vested interests in maintaining the status quo. In data privacy, your personal take on an issue can carry a lot of weight with your elected official because the only other alternative is the potentially biased special interest group. 

We haven’t yet reached a tipping point of states to see what the future uniform law will look like, which means there’s work to do. Correctly or ineptly, legislators are forging ahead with data privacy legislation. The question then becomes: What are data privacy professionals going to do about that? 

Do states need to think in terms of the EU General Data Protection Regulation or the California Consumer Privacy Act? Something in between? Something wholly different? The failure to educate your representative or your senator may result in them getting some bad advice and voting for an absolutely terrible bill, and that bill might ultimately become the standard-bearer for the rest of the country. 

Would you be OK with that? 

If not, I suggest you call and email your state representative and senator today and make an appointment with them. Let them know you’re concerned and want to be part of the solution. Imagine how far a little education would go.  

Photo by Nathan Dumlao on Unsplash


Approved
CDPO, CDPO/BR, CDPO/FR, CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, LGPD
Credits: 1

Submit for CPEs

Comments

If you want to comment on this post, you need to login.