Oct 12, 2021
With Federal privacy regulation leaving much to be desired, it has fallen to individual states to make up the gap and establish their own privacy rules. This approach is problematic for many reasons, which is why Justin Brookman is on the show today.
Correction: The name of the individual Joe referenced in the intro is Alex Stamos, from the Stanford Internet Observatory, not John Stamos as was stated in the episode
Justin Brookman is with Consumer Reports where he's the head of tech policy. He wrote an excellent paper several months ago on state privacy regulation (you can read it here). Justin is the Director, Consumer Privacy and Technology Policy, for Consumers Union, the policy and advocacy arm of Consumer Reports. In this new privacy role at CR, he will help the organization continue its groundbreaking work to shape the digital marketplace in a way that empowers consumers and puts their data privacy and security needs first. This work includes using CR research to identify critical gaps in consumer privacy, data security, and technology law and policy, as well as building strategies to expand the use and influence of the new Digital Standard being developed by CR and partner organizations to evaluate the privacy and security of products and services.
If you keep up with the news of the day, you know that right now, everybody has had it with big tech companies, like Facebook. Consumers, politicians, the media and other businesses have been sounding off about the pitfalls of having big tech intrude into our lives.
It’s brought about a lot of policy proposals, but no comprehensive legislation that is likely to pass at the Federal level. This gaping hole has been filled in by the privacy legislation that is popping up at the state level.
As is often the case, California is one of the first states to come forward with privacy legislation of its own. The California Consumer Privacy Act has already been amended to make the legislation stronger than the original bill.
Virginia also came forward with a bill, and Colorado quickly followed suit. We’re also currently seeing legislative battles in New York and Washington State over privacy, and the proposals are really all over the place.
The Federal government has basically taken a hands off approach to the privacy legislation popping up around the country. Because all of the privacy laws ultimately center around the first amendment, the Federal government is reluctant to play a heavy handed role in the laws that are cropping up throughout the country.
There have been some challenges to legislation around the first amendment and some have been rejected, as the judiciary is reluctant to regulate companies.
Consumers don’t want Facebook or their ISPs to track their every move and collect data on them. At the same time, the government doesn’t want private data collected to be in the hands of these companies and outside of the reach of government agencies.
Many states are willing to take a more aggressive approach to privacy in light of the massive data breaches that consumers have experienced in recent years.
While it’s clear that aggressive action needs to be taken to prevent data breaches, it’s going to take regulatory agencies some time to catch up because Federal legislation moves so slowly.
Much of the existing legislation is unwieldy for the consumer. Whether it relies on a physical opt out by consumers or it goes state by state, it’s just not that easy for consumers to actually protect themselves with the current regulations.
State legislatures do not have the staff or the expertise to create the kind of legislation that is needed for consumers to truly be protected.
We need to find a balance between what can effectively protect consumers, but also allow businesses to function in a way that doesn’t put consumers at risk.
Connect with Justin on Twitter @justinbrookman