Hello from Kittery, Maine!

I'm not sure if you happened to see it yet, but earlier this week, we published a Privacy Perspectives piece on what could be an interesting ambiguity in the California Privacy Rights Act. As authors Dominique Shelton Leipzig, Arsen Kourinian, David Biderman and Tommy Tobin point out, the CPRA includes provisions that "prohibit 'revealing' a consumer's racial or ethnic origin, religious or philosophical beliefs, and sex life or sexual orientation." The intent behind the provision, they note, "is unassailable, but regulations need to carefully be tailored to allow digital content providers to provide free content to users interested in issues affecting people of color, LGBTQ communities and other groups. Otherwise, the very groups intended to benefit from these protections will lose access to key content affecting issues of critical importance to them." 

Though I don't want to summarize their entire article here, as it is nuanced and detailed, they suggest that "some consumer rights groups may argue that simply 'revealing' one's interest in certain demographic identities and ideologies will be treated as sensitive information." If this happens, they argue, the CPRA's unintended ambiguity could undermine "this laudable goal to protect sensitive personal information and may result in restrictions in access to digital content of the very groups who the laws were meant to protect." 

Without stealing the thunder of their argument, I suggest you check out their piece here, and whether you agree or disagree, offer your comments at the bottom. 

Another op-ed that caught my attention this week comes from Travis LeBlanc, who serves on the U.S. Privacy and Civil Liberties Board. He contends that, with the new presidential administration in the White House, now is the time "to institutionalize privacy as a top priority across government." The increase in sophisticated surveillance capabilities — from biometric collection programs to artificial intelligence and wider sharing of intelligence data — "exacerbates cybersecurity risks," and, he notes, "privacy and cybersecurity are inextricably intertwined." 

LeBlanc's proposal?

The Biden administration, he says, should consider the "establishment of agency chief privacy officers." These government CPOs would be full time, report directly to the agency lead, and be responsible for the agency's privacy practices. "Each CPO must also be empowered with authority to oversee and address all privacy issues across the agency, including the power to investigate and enforce compliance," he writes. True, some agencies have senior privacy officials, but, he contends, they "often lack the tools to oversee the full range of privacy issues, and many are low on the organization chart." 

Perhaps it's a tall order, but as LeBlanc argues, "The creation or elevation of CPOs reporting to agency heads and empowering those officers to oversee all privacy policies and practices across the agency are first steps towards a whole of government approach for ensuring that privacy gets the attention it rightly deserves."