Hello from Portsmouth, New Hampshire.
The power of facial-recognition technology, in the hands of both law enforcement and private companies, was a key driver of privacy news this week. The IAPP’s Angelique Carson covered a Congressional committee hearing where witnesses called for a “pause” on the use of facial-recognition technology and bipartisan support for regulation governing its use. She also snagged an interview with Rep. Alexandria Ocasio-Cortez, D-N.Y., on the threat to democracy posed by surveillance that is definitely worth watching!
California lawmakers are also considering a bill, supported by the ACLU and EFF, that would ban the use of facial-recognition technology in police body cameras, given concerns that the technology disproportionately misidentifies people of color.
In other state legislative news, New Jersey passed an amendment to its data breach notification law that expands the definition of personal information to include “online account information.”
Meetings were also held this week in Congress on what role anti-trust legislation could play in regulating tech giants, such as Facebook and Google. As Angelique also reported, one of the expert witnesses, Johnny Ryan, chief policy and industry relations officer at Brave, countered arguments that government regulation stifles innovation by noting that the GDPR has been a “great leveler” that has allowed young companies to flourish and compete on a more even footing with giant tech companies with a majority share of the market. He pointed specifically to the purpose limitation principle and the ease of withdrawal of consent under the GDPR as tools that enable freedom and can help to “softly” break up big tech companies.
A bill that would enable U.S. consumers to “block all websites from collecting unnecessary data,” the Do-Not-Track Act, was also introduced in Congress this week. The proposal, introduced by Sen. Josh Hawley, R-Mo., would provide consumers a single setting that would allow them to opt out of all data collection that is not “indispensable to the companies’ online service.”
Although much time and attention have been focused this year on the potential passage of a federal privacy law, many questions about it remained unanswered, such as whether it will include a private right of action. In a Privacy Perspectives piece, Attorney Beth Graham argues that a national data privacy law should not contain a mandatory arbitration requirement, as many U.S. state laws currently do, for data breach victims seeking to recover damages through a private right of action. As she so succinctly puts it, “Although arbitration is a useful dispute resolution tool that should not be prohibited, it also should not be required.”
As EU elections continue to play themselves out over the weekend, most U.S. privacy pros will be off on Monday due to the federal holiday. If you have time to spare after casting your ballot or celebrating Memorial Day, please take the IAPP-EY governance survey, which serves as an authoritative source of benchmarking for the privacy industry. This year’s survey focuses on firm’s budgeting, staffing, priorities and best practices, as well as how privacy teams are preparing for Brexit, and we would value your input on these issues.
And if you have some extra time to read over the long weekend, check out this study on what properties of technology children think are the creepiest and most fear-provoking! The research also provides some practical tips for parents who want to converse with — as well as tools for designers who want to create technology for — kids.
If you want to comment on this post, you need to login.