Hello from cloudy and rainy Portsmouth, New Hampshire, where the weather has dipped into the low 50s °F (or low teens °C). But some of the foliage has started to change, and it is beautiful.
You probably read the major story this week about the whistleblower. No, I’m not referring to the report that the CIA whistleblower, whose complaint has set off an impeachment inquiry of President Donald Trump, requested to submit testimony to Congress in writing rather than appear in person so as not to reveal their identity. Although, come to think of it, that story also has a privacy angle to it.
The whistleblower I’m actually referring to is Christopher Wylie, the former Cambridge Analytica employee who revealed the scandal that catalyzed the FTC’s fine on Facebook for $5 billion. This week, he appeared on CNBC to discuss the release of his memoir centered on the ordeal. While he avoids commenting on the ongoing antitrust probe into Facebook by the FTC, Justice Department and state attorneys general, he suggests social media companies should be regulated like utilities due to “their vital importance to business and people’s lives and the nature of their scale.”
In addition to taking part in the antitrust investigation of Facebook, the FTC continues to review the provisions of the Children’s Online Privacy Protection Act and held a workshop on the topic this week. The workshop aimed to challenge some misconceptions about COPPA, as well as determine whether COPPA’s provisions are due for a revamp, as the IAPP’s Joe Duball and Ryan Chiavetta, CIPP/US, explained. Just prior to the workshop, a bipartisan group of senators sent a letter to the FTC cautioning it “against undertaking a process that ultimately weakens children’s privacy instead of improving it.” While the senators agreed the COPPA rule needs updating, they expressed concern that “the FTC is choosing to update the rule at a time when the commission appears insufficiently appreciative of the threat some giant tech companies pose to children and parents.”
This week’s privacy news cycle ended on a high note with the California attorney general releasing the text of the proposed regulations to implement the California Consumer Privacy Act. The proposed regulations focus on five areas: notice, handling requests, identify verification, rules regarding minors and financial incentives. While CCPA implementation efforts such as these move forward, the law continues to receive pushback from spokespeople in industry and trade groups, which are planning to continue “to make every effort to move [federal legislation] as far and as fast we can.”
For those closely following these debates around a potential federal privacy law, my updated IAPP white paper provides a high-level overview of federal privacy bills that have been introduced in Congress over the past couple of years. It also analyzes the positions of industry groups, privacy advocacy organizations and legislative bodies, including the European Commission, regarding what a federal privacy law should look like. The analysis finds that a consensus seems to be emerging on Capitol Hill about the scope of a federal privacy law: Most bills include the right of access, the right to correct inaccurate information and the right to delete personal data; are based on a model of opt-in consent; and would require companies to issue notifications to consumers in the event of a data breach. The provisions with the least support include the private right of action and right to data portability. Moreover, to what extent, if any, a federal law should resemble the EU General Data Protection Regulation, and whether it should preempt state laws, such as the CCPA, remain controversial issues that have not yet been resolved.
Enjoy your weekend.
If you want to comment on this post, you need to login.