Greetings from Portsmouth, New Hampshire!
Last week, news broke that the Trump administration is engaged in talks with industry and consumer advocates on a potential privacy blueprint. The U.S. has long had a sectoral approach to privacy, so the thought of a federal privacy framework has, for the most part, been a pipe dream. But, as I mentioned last week, the ecosystem has changed: The EU General Data Protection Regulation is in effect, and California — seemingly out of nowhere — has passed a comprehensive, though murky, privacy law.
Enter news this week from Sen. Mark Warner, D-Va.: The ranking member of the Senate Intelligence Committee, which has investigated Russian influence in the 2016 election, issued a draft white paper featuring potential proposals for regulation of social media and other technology companies. “In the course of investigating Russia’s unprecedented interference in the 2016 election,” he writes, “the extent to which many of these technologies have been exploited – and their providers caught repeatedly flat-footed — has been unmistakable.” Though social media and other digital technology “have grown to dominate nearly every aspect of our social, political and economic lives,” these platforms have also proven unable to adroitly anticipate harmful use. Government, Warner also points out, “has been incapable or unwilling to adequately address the impacts of these trends on privacy, competition and public discourse.”
In addition to addressing “fake news,” political advertising, consumer protection, and competition, Warner’s paper includes an entire section on privacy that’s worth exploring. First mention in this section? The concept of “information fiduciaries” — or, as he states, “service providers who, because of the nature of their relationship with users, assume special duties to respect and protect the information they obtain in the course of the relationships.” Whether or not such a concept would be introduced via statute is left open, but it's particularly interesting Warner raises this idea now, given the research put into the draft of an Indian privacy law released last week, which introduced the concept of the “data fiduciary.” Warner also calls for privacy rule-making authority and additional resources for the Federal Trade Commission.
Most notably, however, Warner calls for a “comprehensive (GDPR-like) data protection legislation.” Key features borrowed from the GDPR would include data portability, the right to be forgotten, a 72-hour breach notification standard, and first-party consent. He does leave high fines for violations and the need to establish a centralized data protection authority up in the air. In parallel with a recent U.K Parliamentary report on Cambridge Analytica, Warner also urges the federal government to “set mandatory standards for algorithms to be accountable” so they can be evaluated for fairness and hidden bias. How that would get operationalized is up to the imagination at this point.
Of course, all this is a long shot, especially from a lawmaker who’s currently in the congressional minority. That said, it seems clear that Washington is officially freaked out by the CCPA, and both sides of the aisle are brainstorming a response.
Normally, the summer slows down for us privacy reporters. Not this year.
If you want to comment on this post, you need to login.