Proposed Internet Privacy Legislative Framework, Backed by US Tech and Marketing Giants, Seeks to Head Off Unfavorable State and Federal Laws – CPO…
A new national data privacy legislative framework proposed by Privacy For America, a lobbying coalition that counts the biggest names of both Silicon Valley and advertising companies among its ranks, reveals exactly which points the broader data collection industry is willing to concede on. The centerpiece of the groups vision for data privacy protection in the United States is a model that mostly limits notices and opt-ins to certain protected groups and circumstances, instead relying on increased regulatory power to the FTC and state governments to protect individuals.
In addition to documenting the points that member companies such as Facebook and Google appear to feel are inevitable, the new privacy legislative framework also shows which practices the industry is hoping to keep in place and avoid being regulated more tightly on.
Americas biggest data companies have heavily involved themselves in the national conversation about federal data privacy protections, even calling for regulation at times. This is not out of altruism or concern for the end user, however, so much as it is an attempt to establish an early outsized influence over the process and steer this seemingly inevitable federal law in a direction that is favorable to them.
This new data privacy legislative framework that Privacy For America has proposed has all of the hallmarks of that approach. It is centrally defined as being in opposition to the notice and choice model, the current general framework under which the end user is expected to be notified of how their data is being used and to tick a box indicating their consent.
Before you continue reading, how about a follow on LinkedIn?
While notice and choice has its issues, including confusing legal-ese end user agreements and lack of control over stored data after it has been given up, most privacy advocates would likely agree that the model is an important component of a data privacy protection strategy and needs to be strengthened and improved rather than disposed of. This proposal would replace notice and choice conventions with a set of norms governing data practices backed by a combination of federal and state enforcement.
The Privacy For America proposal focuses heavily on baked-in regulatory protections to prevent the use of data for the purposes of marginalization. For example, it calls for added prohibitions against the use of data for discriminatory evaluations (job applications and housing, for example) and for selective pricing based on stored demographic information. It also particularly focuses on the protection of tweens (age 12-16) who are heavy internet users but not always subject to parental oversight. The proposed privacy legislative framework also includes provisions for simplifying the language of privacy policies, and rights to greater control of stored data.
Some elements of the groups privacy legislative framework are conspicuous by their absence, however. Most notably, that data considered non-sensitive (which would include the web browsing data that is the bread-and-butter of the targeted advertising industry) would not be subject to opt-in requirements. Also, only the protected tween group would have clear access to a right to be forgotten eraser function allowing them to remove any information volunteered while they were a minor. The proposal only provides the right to request access to or request deletion of data for other groups, the only concrete offering being a once-per-year report of the companys data use similar to an annual free credit report.
The privacy legislative framework would also allow companies to collect sensitive information (financial, biometric, location and health information) on an opt-in basis, potentially circumventing existing state regulations on the collection and storage of these special data categories. It is also important to note that the proposal calls for the simplification of language of privacy policies, but not necessarily the actual opt-in or opt-out notification the end user would be clicking on to communicate their consent.
Other important points of note include:
A cursory examination reveals that these proposed data privacy protection rules appear to be an attempt to head off stronger state laws and future federal bills at the pass, particularly the new California Consumer Privacy Act. The proposals prohibitions mostly address things that are already illegal or enforceable at either the state or federal level, while codifying existing business as usual web-based data collection practices. It does not go nearly as far as European Unions GDPR, which a member letter to Congress dismisses on the basis of regulatory costs and uncertainty.
The proposal goes before Congress as several competing data privacy protection bills are either being drafted or considered; these mostly contain stronger protections for consumers that would put more of a burden on data collectors, up to criminal penalties for CEOs in the case of at least one bill.
Interestingly, a small section of the industrys online privacy protection act proactively addresses the issue of third-party data breaches and the need for improved vendor security.
The proposal would require any company that shares consumer data with vendors to develop a contract governing the data sharing terms and to conduct ongoing due diligence to ensure the data is being used appropriately and lawfully. This would require the originating company to play a greater role and take on greater obligations in policing the transfer, storage and use of customer data by vendors.
While the proposed privacy legislative framework contains useful terms, in some areas it is essentially an even weaker version of the more lax federal data security bills already being considered by Congress. While it may have some influence on the legislative process, as-is this framework seems unlikely to be adopted in a regulatory environment in which consumers are increasingly concerned about data privacy protection and how their personal information is being handled.
See the original post here:
Proposed Internet Privacy Legislative Framework, Backed by US Tech and Marketing Giants, Seeks to Head Off Unfavorable State and Federal Laws - CPO...