Bipartisanship was a necessary precondition to passing privacy legislation last term. It will be even more crucial in the 118th Congress, which kicked off Jan. 3, split as it is between Democrat control of the Senate and Republican control of the House. Compromise will be an essential ingredient of any privacy bill in 2023 — and any bill, for that matter, including government spending measures.

Perhaps with this reality in mind, the White House is wasting no time highlighting the technology policy priorities it believes can win support from both parties. In a Wall Street Journal op-ed this week, President Joe Biden reiterated "three broad principles for reform"  his administration supports to "hold Big Tech accountable" and called for Congress to "unite behind our shared values and show the nation we can work together to get the job done."

Privacy is first among these principles. Specifically, the president called for federal limits on the processing of sensitive data, data minimization standards, limits on targeted advertising and enhanced protections for minors.

The president's list of sensitive data categories, which he called "highly personal data," includes internet history, personal communications, location and "health, genetic and biometric data." If you add personal data about young people, this list represents seven of the 15 categories of sensitive information defined under the latest public version of the proposed American Data Privacy and Protection Act. The ADPPA would limit the collection of all such sensitive data to either a set of permissible purposes or strict necessity and prohibit sharing without consent. Though the bill has not been reintroduced in the new Congress, it is likely to be the starting place for any new discussions on comprehensive privacy.

Although the president does not mention any proposed bills by name, echoes of the ADPPA are impossible to miss in his short list of privacy priorities. For data minimization, the ADPPA would impose collection requirements for all personal data, limited to either that which effectuates defined permissible purposes or reasonable necessity. It would also meet the president's requests related to targeted advertising, requiring companies to respect opt-out choices, including universal opt-out mechanisms to be defined by the Federal Trade Commission and prohibiting targeted advertising to minors.

Of course, privacy is not alone on Biden's wish list. His listed "principles" capture two other hot-button tech policy issues  reflected in major legislative proposals last term. He called for changes to content moderation rules requiring "Big Tech companies to take responsibility for the content they spread and the algorithms they use." In addition to Section 230 reform, the op-ed calls for increased algorithm transparency in two situations: when matters of economic opportunity are on the line and when companies use algorithms to push "content to children that threatens their mental health and safety." 

The president's final principle highlights the need for increased competition in the tech sector. The Washington Post's Technology 202 broke down how these priorities map onto last term's Congressional proposals.

As we move forward into a split Congress, we can only wait and see whether the incentive to "get the job done" — on privacy or anything else — can outweigh partisan squabbles. As it happens, House Energy and Commerce Chair Cathy McMorris Rodgers, R-Wash., released a statement welcoming Biden's op-ed and highlighting its parallels with the ADPPA. In a not-so-subtle nod to the lack of  consensus on comprehensive privacy law, Rodgers said, "We look forward to President Biden working with us to clear any remaining obstacles standing in the way of a national privacy standard being signed into law."

Here's what else I'm thinking about:

  • The U.S. and U.K. met for their first formal tech dialogue. The U.S.-UK Comprehensive Dialogue on Technology and Data kicked off with its inaugural meeting in D.C. this week. Among the priorities for deliverables in 2023 listed by both the U.K. and U.S. delegations were some developments that could prove important for privacy professionals:
    • Collaborate to facilitate global trusted data flows, including multilateral discussions with the Global Cross-Border Privacy Rules Forum.
    • Finalize and implement a data bridge for U.S.-U.K. data flows.
    • Champion the new Organisation for Economic Co-operation and Development Global Forum on Technology in support of shared ambition to build a wider community of partners committed to ensuring technology is designed, developed and deployed, in a way that reflects our values.
  • CNN published a profile of Jonathan Kanter, the Justice Department's top antitrust official, highlighting his creative ideas for analyzing tech company's potential anticompetitive conduct. His approach incorporates considerations around dark patterns and personal data, which may be best highlighted in a recent speech
    • "The digital economy has enabled monopoly power of a nature and degree not seen in a century. Without competition to deliver ready access to the connections we seek, we are forced to pay with our time in endless ad-filled scrolls. Algorithms manipulate our psychology to shape our minds and our behavior, without competition for them to do so responsibly. With too little competition over privacy, we find our most intimate data mined and sold with abandon. The digital age is not only characterized by the presence of monopoly power, but by new means of its exploitation more threatening to individual freedom than ever before."

Under scrutiny

    • "Big Tech" companies, and disparities in their behavior between EU and U.S. markets, were analyzed by The Brookings Institution's Tom Wheeler, former Chair of the U.S. Federal Communications Commission.
    • iRobot was investigated by MIT Technology Review, which alleged intimate images of Roomba test users were shared by contractors.

Upcoming happenings

    • Jan. 18 at 11 a.m. EST, IAPP hosts a LinkedIn Live, Privacy in practice: Our top 3 for 2023 (virtual).
    • Jan. 19 at 11 a.m. EST, the FTC hosts its monthly open meeting (virtual).
    • Jan. 24 at 12 p.m. EST, the Center for Democracy & Technology hosts a webinar, Protecting Civil Rights in the World of Automated Employment Decisions (virtual).
    • Jan. 25 at 3 p.m. EST, IAPP hosts a LinkedIn Live, Data Privacy Day and 2023 Predictions virtual).
    • Jan. 26 at 4 p.m. EST, R Street hosts The Future of Data Privacy and Security in the 118th Congress (hybrid).
    • Jan. 28 is Data Privacy Day, or Data Protection Day if you prefer. 
    • Jan. 31 at 10 a.m. EST, the U.S. Equal Employment Opportunity Commission hostshearing, Navigating Employment Discrimination in AI and Automated Systems: A New Civil Rights Frontier (virtual).
    • Jan. 31 at 10 a.m. EST, Social Movement Technologies hostsvirtual training, Mastodon How-To for Activists, Organizations, Movements & Journalists.
    • Feb. 7 at 2 p.m. EST, the Information Technology & Innovation Foundation hosts What Will It Take for Congress to Pass Bipartisan Privacy Legislation? (hybrid).

Please send feedback, updates, and broad principles for reform to cobun@iapp.org.