Image for Federal Consumer Privacy Legislation Still Not Ready for Prime Time

Technology has variously been called savior and doomsday for mankind. Somewhere in between, experts fear personal privacy has been squeezed and compromised by online companies on the hunt for profits.

Federal privacy legislation continues to languish on Capitol Hill, which means the “rules of the road” will be the California Consumer Privacy Act (CCPA), which goes into effect January 1 and applies to any online entity that deals with Californians, which is just anybody. The CCPA is similar to the General Data Protection Regulation (GDPR) that is already in effect in Europe. A number of states are exploring look-alike statutes.

Comprehensive federal privacy legislation has become a political quagmire. It would require preempting state laws like CCPA, which may soon become more numerous. Californians will vote next year on an initiative to strengthen CCPA provisions in the face of industry attempts to water it down. Federal privacy legislation most likely would give citizens the right to sue online companies over how their personal data is handled, which could spark strong opposition from big tech companies fearful of a flood of lawsuits.

Legislative variations range from bills requiring online companies disclose what they do with consumer information to measures directly regulating what online companies can do with consumer information. Specific ideas include establishing ownership rights in personal information, requiring online companies to obtain a license and establishing strict limitations on voter personal information.

Complicating the situation further is what to protect. Large data breaches get lots of attention, but many experts think the focus should be on protecting the privacy of online users.

There is another angle to online regulation as high tech companies grapple with nearly daily scandals, opening the door to questions about their corporate ethics. Emanuel Moss and Jacob Metcalf, writing in Harvard Business Review and distributed by the Portland Business Journal, discuss the external pressures for ethical reform in combat with internal pressures to monetize online resources. They conclude those competing pressures on digital technologies, including artificial intelligence, will influence regulation, accountability and investment.

And then there are the benefits rendered by technological innovation to consider. “As we debate privacy, we shouldn’t forget all of this new tech produces enormous benefits for our society – from curing diseases to easing traffic and reducing pollution,” says Marc Groman, former senior advisor for privacy at the White House. “The question before us is, can we promote innovation and the many benefits of the Fourth Industrial Revolution while limiting the potential harm to society, including the loss of privacy and individual autonomy?”

“There will be no opting out of this data-intensive world. Technology and sharing personal information will be indispensable to participation in modern society. Internet access and use of new digital technologies will be necessary for employment, education, access to benefits and full participation in economic and civic life,” Groman says. “So what happens to our personal data, identity, reputation, and privacy in this digital, connected world? Unclear. Our privacy laws in the United States are based on antiquated notions of notice and choice. They are completely inadequate to address this rapid evolution in technology, computer science and artificial intelligence.” 

One interim option is for online users to protect their data with available security devices. Despite high levels of concern about online privacy, a study conducted in 2018 found relatively few consumers actually take steps to protect their personal information. 

You get the picture. A lot to digest. But, as one observer says, it is best to view federal privacy legislation as resting, not dead. Meanwhile, the debate over savior or doomsday will continue to rage.