Friday, January 10, 2020

Billy Long: Protecting our privacy online

(From Seventh District Congressman Billy Long)

Today, most Americans have a digital footprint that paints a detailed picture of who they are; from personal thoughts and photos posted on social media to banking information, there remains very little about us that is not easily accessible to those with the proper skillsets. 

While there are benefits to having all of our personal information at our fingertips, the major security breaches we’ve seen in the headlines hint at the darker side of technology. 

Consequently, many countries have implemented laws to protect consumers, and states like California have followed suit, drawing Congress’ attention. 











In an effort to offer vital protections to consumers across the country, Congress must create the framework for commonsense laws that will protect consumers without placing restrictions on companies that are impossible to navigate.

On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect, making California the first state with a comprehensive data privacy law. 

While the law will not be enforceable for another six months, companies are scrambling to figure out how to comply with the new law, which requires them to disclose the personal data they collect and what they do with it. 

This new law is projected to cost companies roughly $55 billion in order to reach initial compliance and has become a huge headache as companies struggle to navigate the law’s ambiguous definition of what constitutes “consumer data.” 

Other provisions include permitting consumers to sue companies if they are in violation of their own privacy agreement, possibly dissuading firms from offering services to out-of-state consumers in order to avoid lawsuits across state lines. This fatal flaw in the CCPA highlights the pressing need for a national standard that extends protections to all Americans and will function as a guideline in an effort to avoid complicated circumstances absent clear solutions.

In August, I participated in a Capital to Capital Exchange Conference in Copenhagen. As part of the conference, I served as a panelist along with my EU counterparts regarding the future of privacy laws in the U.S. 

The discussion focused on what the U.S. can learn from the EU and Danish legislators and companies about the General Data Protection Regulation (GDPR) and its implementation as the U.S. was looking to craft its own federal privacy and data protection legislation.








In addition to discussing the pros and cons of the GDPR framework and other privacy principles and ideas, we discussed whether preemption by Congress is appropriate in this area in order to avert a patchwork of state-level privacy laws. The discussion provided valuable insight on problems inherent in the implementation of the GDPR.

At the end of last year, the Energy and Commerce Committee, of which I am a member, produced a bipartisan draft which borrows from some of CCPA’s strengths, such as allowing users to access, dispute, and delete any personal information companies collect about them. 

It also creates a new privacy bureau within the Federal Trade Commission and bars companies from using data in ways that discriminate against minorities and other protected populations. Notably absent, however, is a stance on pre-empting state laws or whether individuals have the right to sue companies for misusing their data, two of the divisive issues that derailed privacy negotiations in the Senate. 

In an effort to avoid a similar fate, the draft was sent to privacy groups, companies, and trade groups for feedback. While there is much work left to be done before a final bill is brought to a vote, I anticipate that the feedback provided will help us solidify the final language and is a huge step in the right direction.

While we continue to make changes to the preliminary draft, I anticipate that both Democrats and Republicans will continue to act in good faith to create a final product that offers vital protections to the American public without paralyzing future industrial advancements. 

It is ultimately the federal government’s responsibility to ensure all Americans, regardless of their zip code, have the same basic privacy rights, and it is time for us to establish a national standard. As we continue to iron out the details, I am encouraged by the progress we’ve made, and I look forward to seeing the final product.

1 comment:

Anonymous said...

Did you remember to ask Bungalow Bill what he thought about your new law to protect privacy online?