Elections, layoffs and Elon Musk. All three have been sowing uncertainty in the technology policy community this week. It’s a good time to come together and focus on the facts we do know.
After Tuesday’s election, control of the U.S. House of Representatives remains undetermined, though Republicans only needs seven more seats among the 30 undecided races to assume the mantle. Until the call is made, it is hard to fully analyze how the results of the midterm elections could impact the future of the American Data Privacy and Protection Act, or other comprehensive consumer privacy bills. If Rep. Kevin McCarthy, R-Calif., takes the gavel, he could make good on his support for data privacy legislation, which also appears in his proposed party platform. Note: the next episode of The Privacy Advisor podcast will feature more insights from D.C. insiders about what to expect after the election.
Thanks to the House Energy and Commerce Committee’s approval, the ADPPA is still able to advance on the House floor until the end of the term. Both possible leaders of the committee, Rep. Frank Pallone, D-N.J., and Cathy McMorris Rodgers, R-Wash., have championed the ADPPA. But membership will shift next year. Since the members of this committee are the only policymakers who have yet publicly voted on ADPPA, it is worth highlighting what we know so far. Five Democrats on the committee are retiring at the end of the term, including one who voted against advancing the ADPPA — Rep. Jerry McNerney, D-Calif. The others, who all supported the bill, are Reps. Bobby Rush, D-Ill., Kathleen Rice, D-N.Y., G. K. Butterfield, D-N.C., and Mike Doyle, D-Pa.
Please allow me a semi-relevant aside about Rep. Mike Doyle. Despite his retirement, the ballot in his home district included his name as an option for his vacant seat. Why? A Republican, also named Mike Doyle, decided to run in the race. This led the original Mike Doyle to re-announce his retirement in an attempt to reduce confusion. Except for names like “Cobun,” I guess a name alone is not enough to uniquely identify an individual. As it happens, neither Mike Doyle will be around because Summer Lee, D-Pa., will serve as the next representative of the state's 12th District.
There are three other House departures that impact E&C, as the committee is affectionately known. Rep. Peter Welch, D-Vt., who joined the California delegation in voting against the ADPPA in its current state, ran and won election as Vermont’s newest senator. The other two, Rep. Kurt Schrader, D-Ore., and Rep. Tom O’Halleran, D-Ariz., lost at the ballot box. Future Senator Welch has been active in privacy topics, co-sponsoring legislation on drones and platform accountability during his House tenure.
Meanwhile, the U.S. Federal Trade Commission took an unusual step yesterday, commenting on a company’s behavior: “We are tracking recent developments at Twitter with deep concern. No CEO or company is above the law, and companies must follow our consent decrees. Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.” An FTC spokesperson sent this statement to reporters covering the continuing turmoil at Twitter, after three top executives responsible for privacy and security at the company resigned in one day. Chief Information Security Officer Lea Kissner, Chief Privacy Officer Damien Kieran and Chief Compliance Officer Marianne Fogarty all appear to have resigned. On their heels was Yoel Roth, who had become a public voice of the trust and safety team during the transition.
Privacy professionals need not be reminded that it was mere months ago when the FTC issued a revised consent order against Twitter, fining the company $150 million and enforcing violations of its 2011 settlement. TechDirt’s Mike Masnick wrote an excellent explainer about the context of FTC oversight of the company during this bizarre time. Riana Pfefferkorn, a research scholar who used to advise Twitter as outside counsel, analyzed the implications of possible miss-steps at the company today, which could include things as simple as failing to file proper documents with the agency or as complex as rolling out new features without properly vetting them through privacy and security controls.
Here's what else I’m thinking about:
- The FTC rolled back its competition guidance. In a revised policy statement regarding the scope of unfair methods of competition under Section 5 of the FTC Act, the FTC reversed its 2015 position that it would limit its antitrust review to be more aligned with other authorities. Instead of applying the Sherman Act’s “rule of reason” test, the FTC will look to its full statutory authority when reviewing competition matters. As Chair Lina Khan put it, “Enforcers have to use discretion, but that doesn’t give us the right to ignore a central part of our mandate. Today’s policy statement reactivates Section 5 and puts us on track to faithfully enforce the law as Congress designed.” Although privacy is not a core component of competition enforcement, regulators have continued to question whether data abuses can fuel anticompetitive conduit.
- The data collection practices of Apple’s first-party apps are the subject of a study covered in Gizmodo.
- The official conference app of Egypt’s COP27 summit was described as a “cyber weapon” by AccessNow.
- The Chinese app WeChat apparently requires handwritten apology letters before reinstating deplatformed users.
- Nov. 13 at 4 p.m. EST, All Tech is Human hosts a Responsible Tech Mixer (Mission Dupont Circle).
- Nov. 15 at 2 p.m. EST, BBB National Programs hosts a discussion about California’s Sephora enforcement (virtual).
- Nov. 16 at 2 p.m. EST, The FCBA Privacy and Data Security Committee and the American Bar Association’s Forum on Communications Law host the 17th annual Privacy & Data Security Symposium (virtual).
- Nov. 16 at 5 p.m. EST, Crowell & Moring and select ABA committees host a networking event for law students interested in privacy and cybersecurity.
- Nov. 17 at 2 p.m. EST, BBB National Programs hosts a discussion on building standards for the metaverse (virtual).
Please send feedback, updates and uncertainty antidotes to firstname.lastname@example.org.
If you want to comment on this post, you need to login.