This week, seemingly every technology policy hot-take focused on one billionaire’s pending takeover of a bird-themed social site. It is hard not to notice a certain parallel between the underlying debate about preserving free speech while combating disinformation and the ongoing evolution of data practices. Does the law serve as a floor or a ceiling in guiding corporate policies and practices? Axios has a helpful breakdown of Twitter’s current content policies that go beyond legal compliance. Will such protections be enshrined in law in the U.S. or be left to individual platforms to implement? It’s a similar question we ask about data protection practices — though the eventual answers may diverge.

Here's what’s happened since the last roundup:

• The U.S. led 60 other countries in endorsing a “Declaration for the Future of the Internet.” As the White House fact sheet explains, the declaration reaffirms a shared commitment to an internet that is “open, free, global, interoperable, reliable, and secure.” The launch ceremony included remarks from the President of Argentina, as well as representatives from Australia, Canada, Japan, the U.K., the European Commission, Jamaica, the Marshall Islands, New Zealand, and Colombia. No remarks were quite so timely as those of Mykhailo Fedorov, Ukraine’s Minister of Digital Transformation, who reminded listeners that ensuring free access to information is a core antidote to Russia’s war efforts: “Free access to information and new technologies will be a bedrock for future development of the internet based on principles of liberty and democracy.”
• The CFPB is “preparing for the era of big tech and big data in banking.” In Congressional testimony, Rohit Chopra, director of the Consumer Financial Protection Bureau, described the agency’s focus on certain emerging trends in the financial sector. “Currently, the United States is lurching toward a consolidated market structure where finance and commerce co-mingle fueled by uncontrolled flows of consumer data. ... The outsized influence of such dominant tech conglomerates over the financial services ecosystem comes with risks and raises a host of questions about privacy, fraud, discrimination, and more. The CFPB is currently studying these issues first as part of our inquiry into Big Tech’s entry into consumer payments in the United States.”
• Is a privacy law “gaining traction” with U.S. lawmakers? Yes, according to The Wall Street Journal, which reported that “Congressional leaders are negotiating in earnest” as tech companies redouble their own calls for comprehensive data privacy legislation (in what is, as Google’s Kent Walker described it, an “all-hands-on-deck moment for privacy”). Even so, key issues remain. The WSJ reports on one sticking point that has emerged from the effort to find a middle ground on the question of a private right of action. Though “there is potential agreement on allowing individuals to file lawsuits over violations,” disagreement may remain as to the types of violations that would be subject to individual actions and whether to restrict the use of arbitration clauses.
• Well, there is plenty of traction in our state “laboratories of democracy.” In the absence of a federal law, states continue to fill the void. To wit, Connecticut’s governor is expected to sign what will be the fifth comprehensive data privacy law in a U.S. state. It’s worth checking out the early analysis of the unique features of this law from the IAPP, FPF, and WilmerHale, but the details are still being analyzed — including how to refer to the law by acronym. (Some had asked for more creative privacy law titles — well, we got one. Its official title is the “Act concerning Personal Data Privacy and Online Monitoring.” Though some propose a short form of “CTDPA,” it would seem more accurate to incorporate “PDPOM” somehow. CACPDPOM? CT-PDPOM?)
• The Federal Trade Commission still wants its 13(b) authority back. During the monthly open meeting, FTC Acting Deputy Director for the Bureau of Consumer Protection Audrey Austin gave an engaging presentation (starting at around 46:08 in the recording) on the loss of the Commission’s 13(b) authority to collect monetary redress for consumers due to the Supreme Court’s AMG Capital Management decision last year. While demonstrating the impact this loss has had on the FTC’s work, Austin also explained the alternative tools the agency is using to hold businesses accountable. All Commissioners added remarks agreeing that this important tool for delivering direct redress to consumers should be returned to the FTC through legislative action.

Upcoming happenings:

• May 4 at 1 p.m. EDT, NIST’s National Artificial Intelligence Advisory Committee will host its first open meeting (virtual, registration required).
• May 5 at 1 p.m. EDT, Protocol hosts Tech Regulation Beyond Big Tech (virtual).
• May 5 at 5 p.m. EDT, Georgetown’s Institute for Technology Law & Policy hosts AI and The Future of Facial Recognition: Regulation, Moratoriums and Cross-border Dialogues (virtual).
• May 6, University of Maryland hosts an all-day workshop on AI and Analytics for Social Good (in-person).

Please send feedback, updates and acronym suggestions to cobun@iapp.org.