Greetings from Portsmouth, NH!
Margaret O'Mara, a professor and author of a forthcoming book on the history of Silicon Valley, wrote an interesting op-ed for The New York Times this week about the evolution of privacy law in the U.S. Though I disagree with the "end-of-privacy" trope in the headline — privacy is not dead, people — she points out that privacy legislation in the 1960s and 1970s focused on transparency, instead of limits on data collection, and regulating data use by government, instead of by private industry.
That lack of limits on data collection and focus on private industry has now lead to a digital world ruled by tech giants, she argues.
And here we are today, in the shadow of another major data breach, pondering an omnibus privacy law. In addition to all the comments submitted to the National Telecommunications and Information Administration, the Washington Post revealed this week that more than 200 companies have joined to call for a federal privacy law. The Business Roundtable coalition, comprising banks, retailers and technology companies (though not Amazon, Google and Facebook), calls for streamlining existing federal data collection law, some self-regulation (particularly around privacy by design) and consumer data rights, a national data breach notification standard, and placing the Federal Trade Commission as lead enforcement agency, all while considering any potential law's impact on small businesses.
Of course, every time there's a massive breach like the one that just hit Marriott, the same call echoes across the headlines: "We need a federal privacy law," which is then followed by the same refrain: Silence.
So, it shouldn't be surprising then that the Marriott incident has prompted lawmakers to once again call for stricter privacy laws. Sen. John Kennedy, a Republican from Louisiana, expressed frustration about the proliferation of data breaches and said he's currently drafting a bill, noting that Congress has "got to start" a conversation about holding companies accountable for such breaches. "Right now there's a lot of chopping, but I don't see any chips flying. Everybody's talking, but nothing's moving in terms of legislation," he said.
With some bipartisan support on Capitol Hill, an incoming class of Democrats who've promised to be tough on the tech giants, and a large swath of companies actually calling for federal legislation, maybe this time will be different. But will Congress make some of the same mistakes pointed out by Professor O'Mara? Will they only focus on transparency? Should there be some limits on data collection? Will history, in effect, repeat itself?
Or will calls like Kennedy's again eventually fade to silence?
If you want to comment on this post, you need to login.