Data privacy is in the news again—not that it ever really left. With each news story revealing ways that social media companies are misusing information collected from internet users, the level of concern grows.
While most people understand and have accepted the practice of companies learning from customer use of their websites and the targeted advertising that is directed at return users, recent revelations point to practices that are far more intrusive.
We have now learned that some websites are effectively brokers of personal information, selling it to the highest bidder so that it winds up in the hands of companies that have no relation to the website that collects it. Data misuse is rapidly building a lack of confidence in the integrity of the internet experience.
With the internet becoming the foundation of the modern American economy, it’s time for Congress to adopt a national data privacy standard applicable to everyone in the internet ecosystem. There’s no better way to restore trust.
A subcommittee of the House Energy and Commerce Committee found broad agreement that passage of privacy legislation is timely during its recent hearing on the subject. As one would expect, there are disagreements about what a national data privacy framework should contain, but across the board, both members of the subcommittee and witnesses urged that action be taken.
‘Reasonable Collection’ Benefits All
Let’s start with the words of new committee chairman Frank Pallone Jr. (D-N.J.): “Reasonable collection and use of consumers’ information benefits businesses and consumers. In addition, marketing databases help companies identify new sales leads, improve customer service, develop new lines of products, and make marketing more efficient.”
Whether we like it or not, advertising is part of the internet and can help consumers make informed choices based on their preferences or location. But there have to be limits, as well, particularly as regards personally identifiable information.
Until now, as Rep. Jan Schakowsky (D-Il.) said in her opening statement, “the burden [of privacy protection] has fallen completely on consumers, and that has to end.”
Confusing, Mystifying Notices
Consumers have to run through a bewildering and frequently obscure array of notices that make it difficult to learn exactly how their data is being used or what third parties may have access to it. At best, it’s simply confusing; at worst, it harms the foundations of trust on which the internet, and e-commerce, rest.
The solution is to develop a new uniform national framework for privacy codified in legislation assuring that consumers have a clear understanding of what data is collected from them and how it is used, and have an opportunity to consent or withhold consent from the data collection and use practices. Consumers should also have the right to review the data that has been collected and make edits to data that is inaccurate.
Some argue that more intrusive regulations based on European law are the way forward. I disagree.
There are ways to protect data privacy without undermining the targeted advertising that enables websites to offer news and other information free or at very reasonable prices. The “opt in” regime of the European General Data Protection Regulation also had the curious effect of raising compliance costs beyond the reach of small business and, as Rep. Kathy McMorris Rodgers (R-Wash.) pointed out, actually increased the market share of the largest technology companies—certainly not the result most Europeans were probably expecting and clearly not what America needs as we encourage smaller businesses to compete with the Giants.
Need to Avoid State-Based Patchwork Rules
Also essential is the avoidance of a patchwork of state-based rules that is fundamentally at odds with the nature of the internet, which crosses borders at the speed of light and makes e-commerce across borders natural and routine. The new privacy law needs to be exclusively national.
Conveniently, we already have an agency with consumer protection and privacy oversight expertise that is well-positioned to implement and oversee a new privacy protection law: the Federal Trade Commission.
The most important area of agreement that came out at the recent hearing is that it’s simply time to act. Congress is hearing from the people and should enact a law this year offering one consistent, national framework for data privacy that applies to every company in the internet ecosystem. Doing so will mark a giant leap forward for consumer privacy and for the future growth of the internet and our national economy.
Rick Boucher was a member of the U.S. House for 28 years and chaired the House Energy and Commerce Committee’s Subcommittee on Communications and the Internet. He is honorary chairman of the Internet Innovation Alliance (IIA) and a partner in the Washington, D.C., office of the law firm Sidley Austin.