Greetings from Portsmouth, New Hampshire!
This was a busy week for U.S.-based privacy news, so I'll cut to the chase. Both at the state and federal levels, new privacy laws are being considered or tweaked, as is the case of the California Consumer Privacy Act. On the state level and in part borrowing from the CCPA, Massachusetts state Sen. Cynthia Creem introduced new data privacy legislation that includes a consumer private right of action if their personal or biometric data is improperly collected, shared or used. What's more, the law would not require consumers to demonstrate monetary harm to seek damages.
During his inaugural "state of the state" address, California Gov. Gavin Newsom proposed "a new data dividend" that would allow consumers to get paid for the use of their data. He said the state's "consumers should ... be able to share in the wealth that is created from their data," since tech companies "make billions of dollars collecting, curating and monetizing our personal data ..." If you think data subject access requests are difficult to operationalize, imagine this added requirement.
At a federal level, the U.S. Government Accountability Office officially recommended that Congress "consider developing comprehensive internet privacy legislation to better protect consumers." The recommendation comes after a GAO study that included interviews with industry stakeholders and consumer advocates. In addition to a comprehensive law, the GAO also said that Congress should consider "what authorities agencies should have in order to oversee internet privacy, including appropriate rulemaking authority."
Additionally, civil rights groups, including the ACLU and NAACP called on Congress this week to address discrimination in privacy laws. In a letter, more than 40 advocacy organizations wrote, "Privacy rights are civil rights. ... Protecting privacy in the era of big data means protecting against uses of consumer information that concentrate harms on marginalized communities while concentrating profits elsewhere."
Separately, the Senate Banking Committee hosted a hearing on data collection and security standards for financial institutions. Sens. Mike Crapo, R-Idaho, and Sherrod Brown, D-Ohio, are seeking input on ways for consumers to gain more control over their personal data that is collected by financial institutions.
This was all capped off late Thursday when The Washington Post reported two sources said the Federal Trade Commission is allegedly negotiating a "multibillion-dollar" fine with Facebook over its privacy practices. If true, it will be interesting to see what effect, if any, this will have on the debate for a federal privacy law. If the fine is in the tune of a billion, does that mean there are already enough teeth in federal privacy enforcement? I'd be interested to hear your thoughts.
That said, Senior Westin Research Fellow Müge Fazlioglu wrote a thoughtful piece analyzing various proposals from U.S. lawmakers and comments submitted to the National Telecommunications and Information Administration. In recent months, Müge has diligently shifted through all the proposals but asked, "Which of these provisions, if enacted, would be the most effective at enhancing privacy and data protection?" Be sure to check out the piece to hear her analysis.
Finally, our biennial salary survey is now in the field. This is one of our most popular and significant pieces of research. For more than a decade, we have tracked the salary and overall compensation of in-house privacy pros around the globe. If you haven't already, you can take the survey here. It only takes 10 minutes, and it's done in the aggregate. All the info you provide is anonymous and helps produce an important piece of research for our collective community.
Well, I guess that's about it for now. Is it the weekend yet?
If you want to comment on this post, you need to login.