Although extensive national dialogue over data privacy legislation have yet to yield a tangible Federal policy, data privacy experts who have worked with lawmakers provided insight at the Brookings Institution on Sept. 16 about the evolving nature of data privacy concerns in the country, as well as further challenges and policy areas a Federal law will have to address.
Consumer Technology Association Government Affairs Vice President Jamie Boone said that Democrats flipping the House in 2018 and the general transitions of power in committees that address data privacy have stymied progress in Federal data privacy law as officials adjust into their positions.
At the same time, more stakeholders want to get involved in data privacy legislation discussions, Silicon Flatirons Executive Director Amie Stepanovich said, which she said is great for getting more perspectives, but it also means getting individuals entering the discussion up-to-speed with the conversation.
App Association President Morgan Reed added that stakeholders’ considerations in legislation especially transforms the progress and discussion of Federal privacy legislation as more consumers become more aware of the value and use of their data and as companies make more active decisions to speak to consumers about their privacy and why it’s valuable.
On top of those challenges, the three experts touched upon issues of Federal preemption over state privacy laws, complications of identifying a Federal baseline standard for data privacy protections, how state and Federal laws will impact small and large businesses different, as well as whether or not cybersecurity will be an element of legislation lawmakers form.
“We need to have some indication that, at least one of the questions in security and some of the questions in privacy, [is] we’re going to start to see overlap,” Stepanovich said, adding that even though data breaches have compromised certain information about individuals, “How do you even respond to more personal information getting breached? And we’re going to have to figure out that from a privacy perspective.”
The experts said that based on the work they have done on data privacy so far, they have suggestions for how to progress in drafting legislation. Boone suggested that Federal lawmakers wait to see how the California Consumer Protection Act grows once it goes into effect, while Stepanovich said that a bill should ensure that companies create a legal basis for why they are collecting and processing data – a step that would cement protections beyond gaining consumer consent to data collection.
Stepanovich and Reed also said that moving beyond the rule of “exceptions” for each industry in how they collect, process, and use data would be more productive in drafting legislation.
“We need to concentrate on … getting past needing to have an exception for every single industry or non-industry or sector of size of a company, as opposed to … getting to a place where we have a law that doesn’t need 15,000 exceptions and is workable and will protect people’s privacy into the future,” Stepanovich said.