If you want to take the privacy pulse of the nation, there are few better venues than a Senate Commerce Committee hearing in which to do so.
If you want to take the privacy pulse of the nation, there are few better venues than a Senate Commerce Committee hearing in which to do so. Yesterday, the Committee that will be the source of a federal US privacy law – if there ever is one! – convened a hearing called “Revisiting the Need for Federal Data Privacy Legislation.” It’s fair to say they had an all-star cast of privacy experts as witnesses:
Pretty impressive! That’s four FTC Commissioners and the point person for the US’s most groundbreaking privacy legislation, the CCPA. So what, with all this firepower gathered in a room, can we learn about the state of privacy in the US -particularly as it relates to a federal law?
Between the witnesses and the Senate Committee, a wide range of opinion on pre-emption was evident. AG Becerra and Ranking Member Senator Cantwell put up forceful arguments that a federal privacy law must not be allowed to place a ceiling on privacy protections afforded by a given state.
The clear issue here, as noted by Committee Chairman Wicker, is that positioning federal privacy law as a “floor” negates the efficiencies that can come with nationwide harmonization of privacy regulation. This question is essentially a zero-sum game; there’s no easy way to meet in the middle. But until one side bends on this, chances of passing bipartisan legislation are remote.
Right out of the gate, CA-AG Becerra was adamant that letting privacy victims have their day in court is an essential enforcement tool for any federal privacy law. Throughout the hearing he repeated the line that:
A right without a remedy is no right at all.
But his sentiments didn’t seem to be echoed by other key figures in the hearing. It’s notable that the most recent privacy bill introduced by Committee Chair Wicker, the SAFE DATA act, lacks any private right to action, and it seems as though Republican legislators are adamantly opposed to including one.
Here was an area where there was unanimous agreement. Those in the privacy space and lawmakers tasked with studying it understand the poor optics of no nationwide privacy consensus.
That doesn’t just mean a bad political look, it means that the US and US businesses risk being subject to activist regulators from other parts of the world rather than helping to define the privacy conversation.
Said former FTC Chair Kovacic:
It causes us to be dismissed…if we do not adopt a national privacy law of our own that reflects the deliberations of this committee, we will get a national privacy law; it will be called the GDPR.
Despite the sticking points mentioned above, there’s no doubt that understanding and sophistication of privacy discourse at the federal level is increasing. Almost every member of the Commerce Committee has put their name to a proposed privacy bill over the course of the last year, and Committee Chair Wicker’s latest, the SAFE DATA Act, goes into granular detail on complicated topics like algorithmic bias and filter bubble transparency.
This high level of expertise was also reflected in the sharpness of all 5 witnesses. Chairman Wicker acknowledged their contributions at the end of the hearing, saying: “I’ve participated in many hearings in this Committee and I don’t think I’ve ever heard a more knowledgeable or articulate panel.”
The question that remains is whether this accumulation of expertise can actually move the needle on getting a bill passed into law. My observation – purely personal, is that the “ceiling vs floor” argument is pretty intractable, and it splits along partisan lines. It remains difficult for me to see a path towards meaningful federal privacy protection without a significant partisan shift on this issue.
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo