Data privacy discussions in Congress getting hotter!

It’s 2019 already, and the long-awaited privacy and data protection rights ‘discussions’ are looming large in Congress. But the outcome of each-and-every debate will be far from a straightforward rubber-stamp job, as powerful commercial players with a vested interest prepare to join the fray.

Tech titans Facebook and Google, who have already had previous battle experience with Europe’s General Data Protection Regulation (GDPR) have been busy hiring an army of lobbyists and public relations gurus. Their aim? - to pour water on on similar efforts to protect American consumers, while at the same time, looking to pre-empt the new California Consumer Privacy Act (CCPA) before it becomes law in 2020.

So, the question is… will U.S. citizens be awarded similar privacy rights as EU residents, and gain control over our personal information? or will we continue to be ‘milked’ of our precious data? Today, we joined 34 leading groups in issuing shared Public Interest Privacy Principles.

From the group Public Knowledge:

“Irresponsible data practices lead to a broad range of harms, including discrimination in employment, housing, healthcare, and advertising. They also lead to data breaches and loss of individuals’ control over personal information. Existing enforcement mechanisms fail to hold data processors accountable and provide little-to-no relief for privacy violations. The privacy principles below outline four concepts that any meaningful data protection legislation should incorporate as a minimum:

Privacy protections must be strong, meaningful, and comprehensive.

Data practices must protect civil rights, prevent unlawful discrimination, and advance equal opportunity.

Governments at all levels should play a role in protecting and enforcing privacy rights.

Legislation should provide redress for privacy violations.”

Hardly a day goes by without a news story of another data breach, affecting the privacy of consumers who have entrusted their personal information to an online store, bank, even a hospital. Most often, many of these organizations are swift to resolve technical issues that left their data systems vulnerable to attack, processes are revised and improved, financial penalties paid, and lessons learned.

But what of the giant tech players, such as Facebook and Google, who profit from using and sharing our data with paying ‘partners’ eager to exploit marketing opportunities based on our gender, age,
location, demographics, preferences, and income? More importantly, what is their primary goal, in seeking to influence our politicians?

Simply put, they are seeking to prevent Congress from introducing a stronger, more comprehensive privacy law like the European GDPR - affecting not only what happens if they lose your data, but also what they can do with the data they collect.  For example, can they share it? Can they use it to profile
consumers? Can they track consumers? And can they do any of these things and more, without meaningful consent? 

Ed Mierzwinski, Senior Director, Federal Consumer Program at U.S. PIRG recently wrote:

“In the U.S., we have a narrow law that protects the accuracy and use of our data when shared or sold by credit bureaus for credit or employment decisions but when similar data are sold by the broader universe of data brokers for any other reason, no real protections apply. A few other narrow laws protect some of our health information (some of the time) and even the names of videos we've rented or streamed. But no comprehensive U.S. law establishes a true umbrella privacy framework giving all data collectors responsibilities and all data subjects (consumers) rights, as GDPR does.”