Greetings from Portsmouth, New Hampshire!
It’s hard to believe we’re halfway through August. The “back-to-school” advertising is making the rounds, and the NFL is already playing pre-season games. And though much of Europe — generally a major driver of privacy news in our world — is on summer vacation, new developments have not abated. Outside of the U.S., the biggest news came out of Brazil this week, when President Michel Temer signed into law a major new data protection law, coming into force in 2020. With India working on its own legislation, among others, it’s clear that the EU General Data Protection Regulation was not the end-all for privacy regulation, but perhaps just the beginning.
Here in the U.S., talk about a federal privacy law continues. We published this week the final installment of three Privacy Perspectives posts from Washington-based consultant and longtime privacy thought leader Robert Gellman on the winding road to a U.S. privacy law. Gellman once worked on Capitol Hill, serving for 17 years on the staff of a House of Representatives subcommittee with a partial focus on privacy, and he shared some of that expertise in the earlier posts. In his final installment, he focuses on “areas of agreement between business and consumers.” Does he think a comprehensive privacy law is possible? I recommend you check out posts one, two and three to find out.
While much of the talk in the wake of the California Consumer Privacy Act of 2018 has been about a federal privacy law, privacy advocate and researcher Jonathan Mayer wrote an interesting post for The Century Foundation about state-based regulation. In describing what he calls a “federal vacuum,” Mayer contends “the states have become — and foreseeably will remain — the primary venue for regulating cybersecurity and consumer privacy in the United States.” His contention is that, if federal and state privacy legislation is slow or incomplete in coming, “what policy instruments are available to the executive components of state governments?” To answer, he offers three recommendations for states: that state attorneys general strengthen their privacy enforcement; that states “reinstate the FCC’s broadband security and privacy rules, either by conditioning state contracts or by issuing interpretive guidance on state communications privacy law”; and that state executives bolster cybersecurity safeguards for critical infrastructure by implementing “baseline requirements into state contracts and by leveraging sector-specific regulatory agencies.”
Indeed, the thought of more regulation may give you a headache just thinking about it, but it might be worth checking out Mayer’s line of thinking here.
Finally, as Washington continues to battle over documents pertaining to Supreme Court nominee Brett Kavanaugh, Saul Ewing Arnstein & Lehr Partner April Doss, a former attorney for the National Security Agency, offered up a thoughtful analysis of what his appointment could mean for the future of privacy law in the U.S. She keys in on two main prongs involving government surveillance with regard to the Fourth Amendment and the privacy practices of private-sector business and the First Amendment. Though it might be clear where Kavanaugh’s thinking on the Fourth Amendment resides, Doss notes that his thinking on “the privacy of personal data in the hands of technology companies” is “wide open.”
If you want to comment on this post, you need to login.