The need for a federal data privacy standard
The House Energy and Commerce Committee’s Innovation, Data and Commerce subcommittee recently held a hearing on the need to better protect Americans’ data privacy rights in the new artificial intelligence era, particularly from the Big Tech behemoths. The committee is right: Artificial intelligence, while poised to bolster efficiency, innovation, and economic growth, should be allowed to grow only if Americans can maintain their rights and retain control of their sensitive information.
AI is pulling their data — including their sensitive information — from all corners of the web in an attempt to build and refine large corporations’ business models and user profiling algorithms. Facebook’s Cambridge Analytica scandal highlighted this point well. The social media giant allowed Cambridge to collect millions of users’ data without their consent so the company could perfect its political digital advertising modeling. It used AI to make its digital campaigning tools even more targeted and powerful.
Less known but equally problematic is the example of Clearview AI, a U.S. company that collected photographs of children and adults for mass surveillance, facial recognition, and personal sale. This case study demonstrates just how far companies can go in using AI to track our every move.
The problem is not AI, but the lack of privacy protection
One of the testimonies Congress heard last month made a compelling point: The problem isn’t AI. It’s the lack of a comprehensive federal data privacy standard. Even absent AI, for the past decade, unscrupulous companies have used and abused the fact that Congress has yet to define, enact and enforce privacy protections for today’s smart technology. Americans’ personal information is being continuously seized and monetized on too many digital channels as a result.
Drivers are victimized the second they get in their cars, especially their autonomous vehicles. These cars’ built-in sensors, cameras, microphones and GPS trackers are capturing unprecedented data about each user in what could become a $2 trillion revenue stream for the automotive industry. That’s a problem on its own, but it’s especially a concern when many of these car manufacturers have been found to have significant data security vulnerabilities.
Teenagers and families are often affected when they log in to social media websites and apps, where their information has sometimes been found to be tracked and mined without their consent. Because minor privacy rules and statutes have not been updated meaningfully since 2013, even children are seemingly harmed by the absence of a federal privacy standard.
The bipartisan push for a data privacy law
The House Energy and Commerce Committee is styling the new push for federal online privacy law as a means to hold Big Tech accountable and protect consumers from their data being exploited. The committee has introduced a discussion draft of the Consumer Protection and Recovery Act, which would give the Federal Trade Commission (FTC) the authority to seek monetary relief for consumers who have been harmed by unfair or deceptive acts or practices.
The draft bill would also require companies to obtain affirmative express consent from consumers before collecting, processing, or transferring their sensitive personal information, such as biometric data, health information, or geolocation data. Additionally, the bill would give consumers the right to access, correct, delete, or port their personal information, and to opt out of the collection, processing, or transfer of their non-sensitive personal information.
The bill has received support from both Democrats and Republicans, who agree that the current patchwork of state laws is insufficient and inconsistent. They also recognize that the U.S. is falling behind other countries, such as the European Union and Canada, that have already enacted comprehensive data privacy laws.
The challenges and opportunities of data privacy legislation
While there is bipartisan consensus on the need for a federal data privacy law, there are still some challenges and disagreements on how to craft and implement it. Some of the key issues include:
- How to balance the interests of consumers, businesses, and innovation. Some industry groups and advocates argue that a too restrictive or prescriptive data privacy law could stifle innovation and competitiveness, and harm small businesses that rely on data-driven services. They also warn that a too broad or vague data privacy law could create confusion and uncertainty, and lead to excessive litigation and enforcement costs.
- How to ensure the effectiveness and enforcement of the data privacy law. Some consumer groups and experts contend that the FTC lacks the resources, expertise, and authority to adequately enforce the data privacy law, and that consumers need more tools and remedies to protect their rights. They also suggest that the data privacy law should include a private right of action, which would allow consumers to sue companies that violate their privacy, and that states should be able to enact and enforce their own data privacy laws that are more protective than the federal one.
- How to harmonize the data privacy law with other existing or emerging laws and regulations. Some lawmakers and stakeholders point out that the data privacy law should not conflict or overlap with other federal or state laws that regulate specific sectors or types of data, such as health care, financial services, or education. They also note that the data privacy law should be compatible and interoperable with other countries’ data privacy laws, especially those of the U.S.’s major trading partners, to facilitate cross-border data flows and cooperation.
Despite these challenges, there are also opportunities and benefits of enacting a federal data privacy law. Some of the potential advantages include:
- Enhancing consumer trust and confidence in the digital economy. A federal data privacy law could empower consumers to have more control and choice over their personal information, and to hold companies accountable for how they use and protect their data. This could increase consumer satisfaction and loyalty, and encourage more participation and engagement in the online marketplace.
- Promoting innovation and competitiveness in the data-driven economy. A federal data privacy law could create a clear and consistent framework and standards for data collection, processing, and transfer, and reduce the compliance burden and costs for businesses that operate across different states or countries. This could foster innovation and competitiveness, and enable businesses to offer more personalized and customized products and services to consumers.
- Strengthening the U.S.’s global leadership and influence in the data governance arena. A federal data privacy law could enhance the U.S.’s credibility and reputation as a leader and partner in the global data governance arena, and enable the U.S. to shape and advance the norms and values of data privacy and human rights. This could also facilitate the U.S.’s cooperation and coordination with other countries and regions on data privacy and security issues, and address the challenges and threats posed by authoritarian regimes and actors.
