Technology policy is a tangled bowl of spaghetti. Digital platforms and social media apps operate at the nexus of a wide range of issues, from content moderation and safety to data security and privacy. And there is nothing quite like a congressional hearing to demonstrate just how complex this Gordian knot of platform regulation has become.
The much-hyped TikTok hearing before the House Energy and Commerce Committee was, if anything, even more complex. Along with elected representatives’ intertwined concerns about data brokers, misinformation and teen mental health was a hearty helping of national security fears sprinkled with alleged xenophobia.
Even as TikTok CEO Shou Zi Chew was asked to painstakingly untangle his company’s policies, commitments and corporate structure, committee leaders focused on the reality that nothing will change without bipartisan solutions. In advance of the hearing, committee chair Cathy McMorris Rodgers, R-Wash., and ranking member Frank Pallone, D-N.J., made a joint appearance on a Fox News segment called “Common Ground.” There both leaders signaled their top-of-mind solution to reign in perceived tech company abuses is federal privacy legislation like the American Data Privacy and Protection Act, which has yet to be reintroduced in the 118th Congress. A variety of voices, from former White House advisors to human rights advocates, seem to agree passing privacy legislation would be a more effective remedy than banning TikTok or forcing its divestiture.
In this light privacy came up time and again throughout the hearing. As Rep. Greg Pence, R-Ind., pointed out, the focus on data privacy marked this as the 32nd congressional hearing on privacy and big tech. For their part, like other scrutinized tech companies before them, TikTok’s written testimony explained they "fully endorse congressional efforts to adopt comprehensive federal privacy legislation.”
So, what would a federal privacy law such as the ADPPA mean for companies like TikTok — and for the concerns voiced by congressional leaders? In a recent blog post, the Electronic Privacy Information Center’s Calli Schroeder, CIPP/C, CIPP/E, CIPP/US, CIPM, FIP, and Caitriona Fitzgerald analyzed the expected impacts of the bill. Their detailed analysis is worth the read, but in summary they explain the ADPPA could:
- Reduce the volume of personal data collected via data minimization requirements.
- Limit the flow of personal data to data brokers via limits on sharing and the novel "Do Not Collect" mechanism.
- Provide heightened protections for kids and teens through strict limits on the collection and use of minors’ personal data.
- Require algorithmic impact assessments that describe potential harms to individuals under 17 years of age and harms to civil rights, which must be submitted to the Federal Trade Commission and Congress when requested.
- Enshrine reasonable data security requirements, including limits on retention.
- Improve transparency regarding data practices with foreign adversaries through required privacy policy provisions disclosing whether any data collected by the entity is accessible to China, Russia, Iran or North Korea.
While the drumbeat of ADPPA’s return grows louder, so too do its critics. In addition to recent lobbying efforts, more nuanced commentary on the drafting of the bill has also appeared, including this analysis from Marc Groman for the Information Accountability Foundation. Groman cautions ADPPA’s supporters should be sure to check the bill for inconsistencies, conflicts and ambiguities, or risk creating a regulatory regime that fails to meet its stated aims.
Whether or not those stated aims include reigning in big tech, TikTok or adtech, it doesn’t look like it will be long before we find out what the next version of a federal privacy proposal looks like.
Here's what else I'm thinking about:
The Office of Civil Liberties, Privacy and Transparency within the Office of the Director of National Intelligence has a new Chief, Rebecca "Becky" Richards. Richards was appointed after a tenure at the National Security Agency, where she served as its first director of civil liberties and privacy and its first transparency officer.
There is inevitable tension between privacy’s focus on data minimization and the need to collect data to test for bias and equity. An article in StateScoop explores this tension in the context of the Biden administration’s implementation of its Evidence Agenda for LGBTQI+ Equity, quoting advocates who question whether sufficient data safeguards will be in place.
Upcoming happenings
- 27 March at 10:00 EDT, Georgetown kicks off its Tech & Society Week with a workshop on Privacy Enhancing Technologies for the Public Interest (Georgetown Law Center).
- 30 March at 10:00 EDT, Georgetown Law’s Institute for Technology Law & Policy hosts A Roundtable with the Chief Technologists: Leveling Up the Government’s Technology Policy Expertise (hybrid).
- 30 March at 17:00 EDT, Tech Policy Happy Hour (Dirty Habit).
- 3 April at 20:00 EDT, the Center for Democracy and Technology hosts its inaugural Spring Fling (Hotel Monaco).
- 3-5 April, IAPP hosts the Global Privacy Summit (Convention Center).
- 6 April at 10:00 EDT, ITIF hosts a virtual webinar, “What are the consequences of backdoors for online privacy?”
Please send feedback, updates and orange TicTacs to cobun@iapp.org.