The private sector is the prime driver for Congress to take up data privacy legislation in 2019, industry panelists said Thursday at an event organized by Bloomberg Government.
In the run-up to this fall’s midterm elections, numerous big-tech firms–and/or the D.C.-savvy trade associations that represent them–published policy and legislative wish lists for action on data privacy, while several members of Congress floated policy positions on the merits of consumer opt-in and opt-out regimes for collection of personal data, and regulations on data collectors and sellers.
Up for grabs in the debate thus far are relatively industry-friendly provisions that would preempt state regulation, create legal safe harbors for adequate performance on security measures, and appoint the Federal Trade Commission as a data privacy regulator.
While any conclusive congressional action on data privacy next year is very far from a sure bet, it appears to be game-on for a serious run at a new law.
Josh Kallmer, executive vice president-policy at the Information Technology Industry Council, said at Thursday’s event that industry’s desire for the certainty that Federal legislation can provide is rooted in the increasingly accepted principle that “data is indispensable” to many businesses, along with a “qualitative shift on economic globalization…that relies on data.”
As a result, “there is a shared interest in developing rules of the road [for data use] that are up to date and contextual,” he said.
“The question is how do policymakers catch up with a world that is awash in data,” said Tom Gann, chief public policy officer and head of government relations at McAfee. “We are hitting a crisis” where existing regulations governing data privacy and security “are starting to break down,” he asserted.
Charles Romine, director of the National Institute of Standards and Technology’s Information Technology Laboratory, agreed that industry has “a hunger for standards on privacy”–an opinion informed by NIST’s close work with industry on a range of standards including cybersecurity.
Gann said, “there may be just enough pressure in the system to pass legislation…It’s always hard to pass legislation.” He said that a definition of “minimal success” in the data privacy area could be adoption by industry of a set of data privacy principles offered up by the White House earlier this year.
“It’s very much going to be a focus of discussion,” in Congress in 2019, Kallmer said of data privacy. Shepherding legislation through both houses of Congress and then to the White House “will be hard–it should be hard,” he said, adding, “it’s important to get it right.”