This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.nytimes.com/2019/12/10/opinion/congress-privacy-bill.html
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
| Version 0 | Version 1 |
|---|---|
| Will Congress Actually Pass a Privacy Bill? | Will Congress Actually Pass a Privacy Bill? |
| (7 days later) | |
| The holiday season is upon us. The race for the White House is underway in anticipation of its first primaries. And, of course, there’s impeachment. So you could be forgiven for not quite paying attention to the other set of hearings in Washington that are near and dear to this newsletter’s heart: federal privacy legislation. | The holiday season is upon us. The race for the White House is underway in anticipation of its first primaries. And, of course, there’s impeachment. So you could be forgiven for not quite paying attention to the other set of hearings in Washington that are near and dear to this newsletter’s heart: federal privacy legislation. |
| Because this debate is critically important to the future of the internet and because it’s a complicated policy argument, I wanted to attempt a quick run-through of what happened in recent weeks. | Because this debate is critically important to the future of the internet and because it’s a complicated policy argument, I wanted to attempt a quick run-through of what happened in recent weeks. |
| Just before Thanksgiving, Senator Maria Cantwell introduced the Consumer Online Privacy Rights Act. Here’s a bit of what it proposes: | Just before Thanksgiving, Senator Maria Cantwell introduced the Consumer Online Privacy Rights Act. Here’s a bit of what it proposes: |
| Consumers would have the right to view, correct and delete their data. They would also theoretically be able to stop it from being sold by third parties. | Consumers would have the right to view, correct and delete their data. They would also theoretically be able to stop it from being sold by third parties. |
| Companies could face higher fines for data abuse. | Companies could face higher fines for data abuse. |
| Companies could be fined for first-time privacy offenses. | Companies could be fined for first-time privacy offenses. |
| Companies would be forced to obtain special permission to collect sensitive data. This would include location information, biometrics and other information that can’t be easily changed, like a password. | Companies would be forced to obtain special permission to collect sensitive data. This would include location information, biometrics and other information that can’t be easily changed, like a password. |
| The Federal Trade Commission could expand with the creation of a bureau for privacy. | The Federal Trade Commission could expand with the creation of a bureau for privacy. |
| A data security fund would be established, to be run by the Treasury Department. | A data security fund would be established, to be run by the Treasury Department. |
| State attorneys general would be allowed to bring privacy lawsuits under federal law. | State attorneys general would be allowed to bring privacy lawsuits under federal law. |
| Companies would be required to audit their algorithms for bias — especially with regard to financial discrimination or housing. | Companies would be required to audit their algorithms for bias — especially with regard to financial discrimination or housing. |
| There’s a list of the other provisions that you can read here. | There’s a list of the other provisions that you can read here. |
| First, some reactions to the bill. | First, some reactions to the bill. |
| The Electronic Frontier Foundation was generally in favor but had misgivings around one point: | The Electronic Frontier Foundation was generally in favor but had misgivings around one point: |
| COPRA satisfies two of EFF’s three key priorities for federal consumer data privacy legislation: private enforcement by consumers themselves; and no preemption of stronger state laws. COPRA makes a partial step towards EFF’s third priority: no “pay for privacy” schemes. | COPRA satisfies two of EFF’s three key priorities for federal consumer data privacy legislation: private enforcement by consumers themselves; and no preemption of stronger state laws. COPRA makes a partial step towards EFF’s third priority: no “pay for privacy” schemes. |
| In a tweet, Roger McNamee, an investor turned privacy advocate, called the bill a “step in right direction,” arguing that “it does not try to do everything. Key elements: right of private action and allowing states to create their own laws.” | |
| On the Republican side, Senator Roger Wicker responded a few days later with a draft consumer privacy bill. Mr. Wicker said that much of the bill aligns with legislation introduced by Senator Cantwell, who is a Democrat. | |
| There are a few major differences, though. Mr. Wicker’s bill, according to a Reuters report, “would set nationwide rules for handling of personal information online and elsewhere and override state laws, including one in California set to take effect next year.” The other big area of disagreement is over a private right of action — whether individuals can sue companies under the law for violations of their privacy. | |
| Cameron Kerry, a former Department of Commerce general counsel who has written extensively about federal legislation, argues that the private right of action will be particularly difficult to resolve in negotiations because it is “anathema to congressional Republicans and many businesses.” The issues, he writes, may “be resolved only with a committee markup or a floor vote.” | Cameron Kerry, a former Department of Commerce general counsel who has written extensively about federal legislation, argues that the private right of action will be particularly difficult to resolve in negotiations because it is “anathema to congressional Republicans and many businesses.” The issues, he writes, may “be resolved only with a committee markup or a floor vote.” |
| Here’s Mr. Kerry’s sober summary of the two bills: | |
| The Wicker draft would allow wider latitude for existing data practices of many businesses, while the Cantwell bill is generally more detailed in requirements and broader in application. Nevertheless, there are also some areas where the Wicker draft is more protective of consumers, such as in the scope of exceptions for small businesses, and both proposals would raise individual privacy protection beyond existing federal law and even the CCPA. | The Wicker draft would allow wider latitude for existing data practices of many businesses, while the Cantwell bill is generally more detailed in requirements and broader in application. Nevertheless, there are also some areas where the Wicker draft is more protective of consumers, such as in the scope of exceptions for small businesses, and both proposals would raise individual privacy protection beyond existing federal law and even the CCPA. |
| So, where does that leave us? Last week, there were rumblings that Congress might see December as its best chance to sneak some real legislation through. Wishful thinking. | So, where does that leave us? Last week, there were rumblings that Congress might see December as its best chance to sneak some real legislation through. Wishful thinking. |
| Legislative realities aside, there’s some reason for optimism. The Cantwell and Wicker bills are not really that far apart. While I haven’t seen the full details of the Wicker bill, both lawmakers are looking at data protections much more granularly. Both seem to think the F.T.C. ought to have more power to enforce. This is all a step forward from previous discussions on the Hill, which focused largely on theoretical issues like whether the bill should be modeled after the European Union’s G.D.P.R. Seeing these disagreements feels a bit like progress. | Legislative realities aside, there’s some reason for optimism. The Cantwell and Wicker bills are not really that far apart. While I haven’t seen the full details of the Wicker bill, both lawmakers are looking at data protections much more granularly. Both seem to think the F.T.C. ought to have more power to enforce. This is all a step forward from previous discussions on the Hill, which focused largely on theoretical issues like whether the bill should be modeled after the European Union’s G.D.P.R. Seeing these disagreements feels a bit like progress. |
| That said, the disagreements are too important. While businesses certainly would like a one-size-fits-all federal law to pre-empt state laws, it would offer tech companies safe harbor from more aggressive privacy-legislating states like California. But perhaps most important is the right to action, which could substantially wrest the power over data back from Big Tech to consumers. And there’s some compelling data suggesting that forced arbitration in consumer contracts has outsize benefits for tech companies. According to The American Prospect: | That said, the disagreements are too important. While businesses certainly would like a one-size-fits-all federal law to pre-empt state laws, it would offer tech companies safe harbor from more aggressive privacy-legislating states like California. But perhaps most important is the right to action, which could substantially wrest the power over data back from Big Tech to consumers. And there’s some compelling data suggesting that forced arbitration in consumer contracts has outsize benefits for tech companies. According to The American Prospect: |
| The data, submitted by the tech firms themselves in response to questions from the House Antitrust Subcommittee, are believed to be the first time such arbitration statistics have been provided publicly. They show that a trivial number of employees, customers, and contractors bother to pursue arbitration against the likes of Facebook, Google, Amazon, and Apple. Google contractors, for example, initiated a grand total of three arbitration claims between January 1, 2014 and September 1, 2019, less than one per year. Google employees submitted only 11 arbitration claims during that time period. | The data, submitted by the tech firms themselves in response to questions from the House Antitrust Subcommittee, are believed to be the first time such arbitration statistics have been provided publicly. They show that a trivial number of employees, customers, and contractors bother to pursue arbitration against the likes of Facebook, Google, Amazon, and Apple. Google contractors, for example, initiated a grand total of three arbitration claims between January 1, 2014 and September 1, 2019, less than one per year. Google employees submitted only 11 arbitration claims during that time period. |
| Ultimately, it seems like a mistake for Congress to move forward too quickly to put a compromised bipartisan bill into law. The privacy debate has come a long way, and while there’s certainly urgency on behalf of exploited citizens as well as lawmakers, the issue is far too complex and too important to rush. | Ultimately, it seems like a mistake for Congress to move forward too quickly to put a compromised bipartisan bill into law. The privacy debate has come a long way, and while there’s certainly urgency on behalf of exploited citizens as well as lawmakers, the issue is far too complex and too important to rush. |
| If you’re trying to follow the privacy legislation discussion, you may have noticed that the acronyms lawmakers have adopted are confusing and awful. Tony Romm, the reporter who broke the news of the Cantwell bill, has a handy guide to the madness. | If you’re trying to follow the privacy legislation discussion, you may have noticed that the acronyms lawmakers have adopted are confusing and awful. Tony Romm, the reporter who broke the news of the Cantwell bill, has a handy guide to the madness. |
| Ring’s Hidden Data Let Us Map Amazon’s Sprawling Home Surveillance Network | Ring’s Hidden Data Let Us Map Amazon’s Sprawling Home Surveillance Network |
| Who’s Hacking Your Spotify? | Who’s Hacking Your Spotify? |
| TikTok settles children’s data lawsuit one day after it was filed | TikTok settles children’s data lawsuit one day after it was filed |
| A Billion Surveillance Cameras Forecast to Be Watching Within Two Years | A Billion Surveillance Cameras Forecast to Be Watching Within Two Years |
| iPhone 11 Pro still collects location data even when told not to | iPhone 11 Pro still collects location data even when told not to |
| Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections. | Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections. |
| Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram. | Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram. |
Previous version
1
Next version