Connect with us


Data Privacy Regulation Will Undergo Subtle But Massive Shift Due to the Coronavirus, Experts Say



Screenshot of Technology Policy Institute webcast

April 10, 2020 – Data privacy regulation will undergo a subtle but massive shift due to the coronavirus, according to panelists in a webinar hosted by the Technology Policy Institute on Tuesday.

“The pandemic has revealed ways in which tradeoffs need to be made with privacy,” said Jane Bambaur, a law professor at the University of Arizona. Decisions about data privacy during coronavirus need to be “made with clarity so that [data] can be shared in real time when it’s most needed and most important.”

Whatever decisions are made should also make sense in a post-coronavirus landscape, Bambaur said, since “we are all under house arrest right now.”

Tom Lenard, Senior Fellow and President Emeritus of the TPI, said that data collection regulation should be loosened in a time of crisis since widespread data-tracking has a benefit to society.

He compared mandating data-sharing to the individual decision of parents deciding whether to vaccinate their children, which is a right but one that when exercised can harm society at large.

Liad Wagman, a spokesperson for the Federal Trade Commission, wondered about whether the U.S.’s approach to data privacy following coronavirus will be similar to action following the terrorist attacks of September 11, 2001.

At that time, he said, the country saw a “tradeoff between security and privacy.”

Furthermore, whatever changes made in response to the pandemic will probably “stay on the books” years later.

In fact, the FTC published a report following the 19 states who loosened their data privacy laws following 9/11. It found that those laws largely stayed on the books 18 years later.

Alan Raul, a partner at the privacy and information law practice of  Sidley Austin LLP, said he had seen “a ground shift among the key players” in the data privacy landscape.

European Data Protection Board officials have said that the General Data Protection Regulation, Europe’s precedent-setting data privacy law, “is not going to get in the way” of the continent dealing effectively with COVID-19.

Even the non-profit data privacy advocates have indicated that, “with appropriate safeguards,” they are OK with loosening of data privacy laws that will better help track the spread of disease.

“Privacy is a really important value,” Raul said, “but we need to be reasonable about it.”

Panelists also locked horns over data privacy violations that cause harms that are considered “intangible but still concrete.”

Raul argued in favor of applying cost-benefit analysis to these less easily quantified data violations, examples of which include the Cambridge Analytica scandal. The scandal involved an array of data monitoring measures, including some attempting to American voters in 2016, as well as elsewhere.

Raul argued that intangible but concrete values such as “human dignity” are on the line during those kinds of violations.

But Bambaur shot back that applying cost-benefit analysis to every one of these types of violations “is exceedingly difficult.” Furthermore, she argued that microtargeting itself can’t be a harm because then “the internet will be illegal.”

Raul analogized his background in environmental work to the early problems with conducting a cost-benefit analysis of environmental threats.

However, as technology became feasible, and even sensible, as it developed. “In the privacy realm, they don’t even try” to assess the cost-benefit analysis, he complained.


Experts Wrangle Over Whether Online Children Protection Legislation Needs Overhaul

‘We can’t keep overhauling the regulatory structure.’



WASHINGTON, June 21, 2022 – Observers at an Information Technology and Innovation Foundation event on Wednesday urged Washington not to take legislation protecting children online down the path of congressional overhaul, instead preferring guidance for the existing text to come from its administrator, the Federal Trade Commission.

The Child Online Privacy Protection Act, passed in 1998, includes online data protections for children under 13. In 2013, as designated by Congress, the FTC updated enforcement rules, giving parents more control over the online collection of their children’s personal information.

Since then, new advances in technology and social media has brought COPPA to the attention of many who consider substantive changes are needed, including privacy experts, senators and U.S. President Joe Biden, who addressed it in his State of the Union address earlier this year.

Some lawmakers have long called for an age increase for those protections through legislative reforms, which came before lawmakers this month introduced a proposal for the first federal privacy law, which would include data privacy protections for children under 17.

“We can’t keep overhauling the regulatory structure,” said Julia Tama, partner at law firm Venable LLP. “It takes a big investment for companies to come up to speed.”

Instead, she said, she wants “improvements on what we have rather than replacing it with a completely different framework.”

In May, the FTC issued a policy statement that will guide its enforcement of COPPA. It focused on four provisions: limiting the amount of data collected for children’s access to educational tools; restricting types of data collected and requiring reasons for why they are being collected; prohibiting ed tech companies from holding on to data for speculative purposes; and prohibiting the use of the data for targeted advertising purposes.

Graham Dufault, senior director for public policy at the App Association, said the FTC should be responsible for potential provisions made to COPPA. “The FTC’s enforcement of COPPA is a really important thing for us.”

But panelist James Cooper, associate professor of law and director of the program on economics and privacy at George Mason University, said COPPA isn’t in need of any major revisions. He said if the legislation requires change, he doesn’t want to see it done through FTC policy statements and instead should come from the crafters in Congress.

“If the FTC feels [the need to] expand COPPA beyond its current boundaries, it should go back to Congress,” Cooper said.

Continue Reading


Expand Online Protections for 17-Year-Olds in Draft Federal Privacy Law, Committee Urged

The draft privacy law includes a provision to enhance privacy protections online for children under 17.



Photo of the hearing held by the subcommittee on consumer protection and commerce

WASHINGTON, June 16, 2022 – Panelists before the subcommittee on consumer protection and commerce recommended Tuesday that a newly-crafted draft for federal privacy legislation introduced earlier this month include online protections for 17-year-olds.

The draft of the American Data Privacy and Protection Act, which would be the first federal privacy law, includes a provision to enhance privacy protections online for children under 17, including restrictions on Big Tech platforms’ data collection and targeted advertisements to those age groups.

But testimony from Jolina Cuaresma, senior counsel on privacy and technology policy at Common Sense Media, suggested that the language include 17-year-olds as well.

If the bill becomes law, she said this would provide a substantial upgrade to the Child Online Protection Privacy Act, which provides online protections for children under 13. “We need to cover all minors under the draft’s protections,” Cuaresma said, adding, “one in four children between the ages of 9 and 17 have had a sexual encounter with an adult online.”

With ongoing discussion about potential changes to COPPA and ensuring children’s privacy online due to increasing use of online educational tools and social media, Rep. Kathy Castor, D-Fl, stated during the hearing, “there is room for improvement in the draft for children’s protections.”

Big Tech regulation

Witnesses also said the draft should make clearer limits for Big Tech companies. Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center, said, “technology companies have too much power” and have been unregulated for too long. She urged the bill to define responsibilities more clearly for big tech companies, individuals, states, and federal entities.

Chairman Frank Pallone Jr. of the energy and commerce committee stated that if the bill passes, “our kids will be protected from abusive advertising and data transfers, and businesses will be required to protect consumer data or face real consequences.

“Comprehensive national privacy legislation is necessary to limit the excesses of Big Tech and ensure Americans can safely navigate the digital world,” said Pallone.

Continue Reading


Draft of Bipartisan ‘Years-in-the-Making’ Privacy Bill Released

The bill is bipartisan, and a joint effort between the House Energy and Commerce Committee and the Senate Commerce Committee.



Photo of Rep. Frank Pallone, D-N.J., from his website.

WASHINGTON, June 3, 2022 – Leaders of the House Committee on Energy and Commerce and the Senate Commerce Committee announced on Friday a discussion draft of a “comprehensive” data privacy bill that they say has been in the making for years.

The bipartisan bill overall addresses a national data privacy framework, a set of consumers’ data privacy rights and appropriate enforcement mechanisms.

The release was announced by the House committee’s Chairman Frank Pallone, D-N.J., its ranking member Rep. Cathy McMorris-Rodgers, R-Wash., and the Senate committee’s ranking member Sen. Roger Wicker, R-Miss.

In the coming weeks, we will be working with our colleagues on both sides of the aisle to build support and finalize this standard to give Americans more control over their personal data,” they said.

“We welcome and encourage all of our colleagues to join us in this effort to enable meaningful privacy protections for Americans and provide businesses with operational certainty. This landmark agreement represents the sum of years of good faith efforts by us, other members, and numerous stakeholders as we work together to provide American consumers with comprehensive data privacy protections.”

They called the release of the draft a “critical milestone.”

The proposed bill would grant Americans protections against discriminatory use of their data, require covered entities to minimize on the front end the data they collect, enforce loyalty duties and prevent customers from needing to pay for privacy, prohibit targeted advertising for covered entities, enhance data protections for children and minors and establish “regulatory parity” across the internet.

Child privacy has been a particular topic of interest on Capitol Hill, with several high profile hearings taking place with social media companies to investigate their practices of catering to teenage users.

Continue Reading


Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field