“Sometimes life hits you in the head with a brick. Don’t lose faith.” – Steve Jobs
It took some time for the midterm election results to become clear, but as the results finalized, one thing became crystal clear: there is now a timeframe for U.S. federal privacy regulation to get passed. Many of the new state privacy laws go into effect on January 1, 2023, but enforcement doesn’t begin until July. We’ve missed the chance for anything to happen before January, but that enforcement date is concerning for Congress, because a patchwork of state privacy laws creates more problems than it solves. For marketers, uncertainty will create inefficiency and retreat, rather than any desired benefit to consumers. The winners are more likely to be the litigators looking to cash in on the mistakes of the well-intentioned marketers, increasing costs that will eventually be passed on to the consumers. Congress wants to get ahead of any unease associated with the enforcement of these state laws concerning the internet and interstate commerce. While there isn’t much pressure right now, by June, Congress will feel the need to act, and it will have support from industry as well.
Bloomberg explored how Republican control of Congress might impact data privacy legislation. Republicans have relayed concerns to Congressman Kevin McCarthy about certain restrictions on businesses’ access to data, according to Stu Ingis, counsel to the Privacy for America coalition. Bloomberg reported that even though no Energy and Commerce Republicans voted against the ADPPA in committee, several expressed persisting concerns, signaling their votes on the full House floor were not a guarantee. “People were willing to hold their tongues for the moment,” said IAB’s Lartease Tiffith.
Several industry groups said they believe there will be buy-in from Congresswoman Cathy McMorris Rodgers to rehash some of those issues. “Even though bipartisanship will continue, Republicans have the pen now and will get to make the final decision,” Ingis said. Asked whether she would be open to business-friendly changes to the bill if it does not pass in this Congress, McMorris Rodgers said she is “committed to the strongest protection of privacy we can get. Yes, we’ll keep working on it to make it the best bill possible.”
On a separate note, in comments submitted in response to the FTC’s Advance Notice of Proposed Rulemaking (ANPRM), 33 state attorneys general urged the FTC “to acknowledge the heightened sensitivity around consumers’ medical data, biometric data, and location data, along with the dangers that arise from data brokers and the surveillance of consumers. The coalition also asked that the FTC consider data minimization, which limits the amount of data collected by businesses to only what is required for a specific purpose, to help mitigate concerns surrounding data aggregation.” MediaPost noted the comments.
MediaPost also reported on comments submitted by IAB and NetChoice in response to the FTC’s ANPRM. “The Internet is built on the continuous exchange of data between devices and servers – without these data exchanges, the Internet and its social, cultural, economic, and personal benefits would not exist,” IAB’s Lartease Tiffith said. The Drum also covered IAB’s comments.
Privacy is certainly a concern the legislators need to be aware of and take into consideration. But we are starting to see an understanding from legislators of the down stream impact of regulations that react quickly to public statements of concern. The free flow of data is the life-blood of an open and competitive market in today’s digital ecosystem. Limitations on the flow of data that are not thoughtful will only go to further consolidate power with the largest walled garden tech companies driving the marketplace today. Legislation needs to go after the bad actors and the true negative outcomes to customers. We expect to see legislators take this into consideration in 2023.
The National Restaurant Association asked the FTC to allow “the restaurant industry to continue to be free to voluntarily establish such mutually beneficial business-customer relationships” such as guest loyalty and reward programs, in comments submitted in response to the ANPRM.
Senator Ted Cruz sent a letter to FTC Chair Lina Khan requesting the release of the FTC’s privacy report on social media and video streaming services. “The urgency of this release is more acute given the FTC’s August 2022 Advance Notice of Proposed Rulemaking (ANPRM) on a wide range of privacy and data security issues for online businesses. Because the FTC has extended the comment deadline for its privacy rulemaking until November 21, 2022, I urge you to release this report by November 14, 2022,” Cruz wrote.
Fairplay, the Center for Digital Democracy and 19 other organizations petitioned the FTC to promulgate a rule prohibiting the use of certain types of design practices on individuals under the age of 18 that maximize users’ time and activities online. The New York Times, Bloomberg, MediaPost, and Law360 reported on the petition.
Fairplay also organized a letter signed by parents whose children committed suicide after cyberbullying to encourage passage of the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) and the Kids Online Safety Act (KOSA). Senators Blumenthal, Blackburn and Cantwell support enactment of children’s privacy legislation this year. The House Energy and Commerce Committee reaffirmed its interest in comprehensive privacy legislation. “Chairman Pallone is focused on passing the comprehensive American Data Privacy and Protection Act before the end of the year, which includes historic online privacy protections for kids and teens,” spokesman C.J. Young said. The Washington Post and Bloomberg reviewed the effort.
In a blog post, Cam Kerry of the Brookings Institution outlined how the ADPPA is stronger than California’s privacy law. “While the ADPPA would preempt provisions in the CCPA, it would provide the substance of the protections in most of those provisions, and it would add important protections that are not in the CCPA. And it provides these protections throughout America, including in 45 states that have no comprehensive privacy law,” he wrote.
Marc Rotenberg, founder of the Center for AI and Digital Policy, encouraged Congress to strengthen the ADPPA.
The Open Technology Institute wants Congress to make enacting the ADPPA a priority before the end of the year.
India proposed a new data privacy law that will allow companies to transfer some user data abroad.
And from all of us here at Adstra… HAPPY HOLIDAYS!!!
To learn more about what we do or are interested in previous newsletters, please visit our website at Adstradata.com or follow us on LinkedIn @Adstra, or Facebook @Adstradata.
Welcome to the new ideal!
