There's No Better Time to Pass Privacy Laws, Experts Say


Tech companies, experts argued, aren’t really going to police themselves.

Tech policy experts urged lawmakers to cash in on the current buzz around data privacy and enact broad, baseline standards for protecting personal information online.

“If there’s ever a moment … to do something about privacy that would protect all Americans and ensure innovation for all Americans that benefits consumers going forward, it’s probably now,” former Federal Trade Commission Chairman Jon Leibowitz said Monday at a panel hosted by the Internet Innovation Alliance.

Panelists joined Leibowitz in calling for legislation that would give consumers more control over the data they share on the internet and force companies to be more transparent about how they use that information, echoing many of the general principles the FTC outlined in a 2012 report on consumer privacy protection.

The panel comes the week after Facebook CEO Mark Zuckerberg appeared before Congress to describe how his company gave Cambridge Analytica access to the personal data of 87 million Americans. Zuckerberg’s testimony shed light on the massive amount of information big tech companies collect on their customers, raised questions about how much collection people knowingly agreed to, and renewed calls for increased consumer protection.

In the past, the vast majority of tech companies advocated for self-regulation over legislation, arguing it’s in their best interest to protect user data because they’d lose customers if they didn’t. But because their money comes from helping advertisers best target users, those incentives aren’t always aligned, said Internet Innovation Alliance co-Chair Kim Keenan.

“It’s not really their job to worry about whether they’re protecting your information or data. Their job is to gather as much data as they can,” she said. “We live in a world where not everybody wants to use your information in a way that’s ultimately good for you.”

While the FTC has brought hundreds of privacy and data protection cases against companies in the past, the agency does not have the “robust rulemaking authority” needed to rein in modern tech giants like Facebook and Google, Leibowitz said. As such, it will likely fall on Congress to take up the torch on personal data issues.

He commended a handful of recent proposals, such as the CONSENT Act, that would enact into law many of the FTC’s privacy best practices, including mandatory opt-in policies for certain types of data collection.

Such legislation would also benefit consumers by laying out basic rules of the road when it comes to online privacy, Keenan said.

As it stands, data protection can vary significantly between different apps and services, and keeping up with the terms and conditions for each online service is onerous if not impossible, Keenan said. Some form of standard protections similar to the European Union’s General Data Privacy Regulation would “make the playing field even” for citizens wherever they go online, she added.

The measure could also prove necessary for keeping states from taking matters into their own hands. A number of states have started taking up data privacy legislation, but despite their good intentions, a patchwork of regulations that vary state-by-state would not only be ineffective for consumers but skyrocket compliance costs for tech companies.