Greetings from Portsmouth, NH!
As we brace for our first major snowstorm of the year here in New England (here's hoping that snowblower starts up), more calls for a U.S. privacy law continued this week.
Notably, Republican Senator Marco Rubio announced his American Data Dissemination Act in a column for The Hill. Though the bill would empower the Federal Trade Commission "to provide Congress with detailed privacy requirements within six months" and grant it authority "to issue final rulemaking," it would also preempt certain state laws (cough, California, cough). Curiously, though, Rubio says that our "personal data is governed by antiquated laws," but then also bases his bill off the ... um ... Privacy Act of 1974. I'm not sure I follow the logic there, but, that said, he clearly wants the FTC to provide Congress with recommendations that incorporate principles found in the Privacy Act, antiquated or not.
The Information Technology and Innovation Foundation also called for a federal privacy law this week, and, yes, it too counsels preemption. (As an aside, last week, Peter Swire shared a two-part history of preemption in the U.S. that is an interesting and timely read.) Similar to Rubio's proposal, the ITIF's so-called "grand bargain" also backs more enforcement authority for the FTC. Democrats pounced on the proposal, however. Sen. Richard Blumenthal, D-Conn., said, "This proposal would protect no one — it is only a grand bargain for the companies who regularly exploit consumer data for private gain and seek to evade transparency and accountability."
Apple CEO Tim Cook continued to back strong privacy regulation in a column for Time Magazine. His proposal includes an endorsement of data minimization, greater transparency and data subject access to correct or delete personal data. Specifically, though, Cook calls out the data broker industry, arguing that consumers should have the right to not have their data collected by data brokers without their consent.
In response, one of the world's largest data brokers, Acxiom, said the company, "like Mr. Cook, also supports a national privacy law for the U.S., such as the GDPR provides for the European Union." Acxiom continued, saying, "We believe it would be universally beneficial if we were able to work with Apple and other industry leaders to define the best set of laws that maintain the benefits of data in our economy while giving the necessary protections and rights to all people." Of course, like Rubio and the ITIF, Acxiom wants a federal law that would preempt state laws like, you know, the CCPA.
With a host of other draft privacy proposals and the dozens of comments provided to the National Telecommunications and Information Administration, there's a lot to keep track of here. Luckily, IAPP Senior Westin Fellow Müge Fazlioglu compiled comprehensive research on where there is consensus among existing proposals and where there are gaps. For our members, this white paper is free, though you still have to "buy" it in your IAPP shopping cart. It's worth the few extra clicks though.
I'd be remiss not to acknowledge the elephant in the room. The government remains shut down with little hope in sight. How is this affecting federal privacy offices? The IAPP's Angelique Carson explored this question by interviewing former government privacy officials. I know I sound like a broken record, but here's to hoping we get our government up and running soon!
And though some of us are dreading this weekend's snowstorm, the timing couldn't be more perfect: It's slated to hit us Sunday, which means many of us have an excuse to stay in and watch the AFC and NFC Championships. Go Pats!
If you want to comment on this post, you need to login.