New Data Privacy Laws Needed, Advocates Say
Capitol Hill is divided on possible regulations on data privacy -- one camp believes the U.S. needs a new legal regime on data privacy and another believes regulation could injure the current data environment, said Senate Commerce Committee Senior Counsel Christian Fjeld. The pro-regulation camp, including committee Chairman Jay Rockefeller, D-W.Va., believes any regulations need to include baseline privacy protections based on giving users notice and choice on the collection of their data -- and secure retention of data where necessary, Fjeld said. Rockefeller and Sen. Richard Blumenthal, D-Conn., introduced the Do-Not-Track Online Act (S-418) in March (CD March 4 p6) to create a “legal obligation” for companies to honor consumers’ Do Not Track requests, Fjeld said. Companies have no legal obligation to honor such requests, and the “balance needs to change” so such requests are honored, he said Tuesday during a Future of Privacy Forum and Stanford Center for Internet and Society event.
The Center for Democracy and Technology believes the U.S. should have a “comprehensive” data privacy policy, said Justin Brookman, CDT director-consumer privacy. The U.S. is one of only two Western nations that doesn’t have a comprehensive data privacy policy, he said. CDT has encouraged the FTC to exercise its authority under Section 5 of the FTC Act “as aggressively as it possibly can” to address data privacy issues, Brookman said. A “market for privacy” has developed in recent years, and there are sufficient market incentives for companies to improve their own privacy policies, he said. Any regulatory regime the U.S. enacts now should be “relatively high level” and shouldn’t be prescriptive in nature, Brookman said. New regulations will certainly have a cost in the market, but it will be “worth it to give people some certainty” about the privacy of their data, he said. A “principle-based law” enforced by the FTC would deter some bad uses of that data, Brookman said.
Any new data privacy laws should not only punish bad actors over privacy misuses -- it should also encourage development of new technologies, said Dennis Hirsch, a Capital University Law School professor. Effective incentives could include tax credits for companies that develop “clean data” technologies that don’t endanger users’ privacy, as well as direct government purchasing from those companies, he said. There are “all kinds of ways to create incentives” to encourage better privacy policies, Hirsch said.
The Organisation for Economic Co-operation and Development issued a revised version of its “Guidelines on the Protection of Privacy and Transborder Flows of Personal Data” on Monday, which reflect the consensus views of 34 international governments, said OECD Senior Policy Analyst Michael Donohue. The revised guidelines “have not fully captured” all of the big data challenges, but do reflect how the scale of data use has changed since the OECD first adopted the guidelines in 1980, he said. The guidelines also reflect the need for national privacy strategies and support laws that specifically protect data privacy, he said. Accountability was one of the original principles guiding the OECD’s development of the guidelines, and it’s now clear that privacy laws “are necessary,” Donohue said.