Federal Privacy Legislation Needed As State Legislation Could Harm Smaller Players, Event Hears
Different state privacy laws stifle competition and places burdens on small companies, experts say.
Benjamin Kahn
WASHINGTON, April 25, 2022 – While experts agreed that federal legislators need to take action on comprehensive privacy legislation, they disagreed on the specifics of how such regulation should be enforced.
Though some states have begun to establish their own frameworks for consumer privacy regulation, each framework puts forth different standards that online platforms would have to adhere to. These varied frameworks have raised concerns among many experts who consider a patchwork of legislation to raise the bar of compliance – a bar that could be lowered by federal legislation.
During an R Street panel on Monday, experts from the technology industry weighed in on the matter with their perspectives.
In March, Utah joined California, Colorado, and Virginia and became the fourth state to successfully pass consumer privacy legislation. Several additional states, including Florida, Massachusetts, New York, and Connecticut have experienced mixed success with their bills and have not yet signed anything into law.
Lartease Tiffith, executive vice president for public policy at the Interactive Advertising Bureau, said that the US is an outlier among developed countries. “We are one of the few developed countries that [does not have a federal privacy law],” he said. “I think that in order to reflect the same common values as our colleagues who are in Europe and elsewhere around the world, we need [to make] one.”
Beyond the international perspective, Tiffith also emphasized domestic justifications for federal legislation. “I cannot think of a subject matter that is not more under the purview of Congress than interstate commerce,” he said. “The internet is everywhere – it is not limited by borders. So, we need to have one standard, one set of laws. It should not matter where you live – California, Utah, Virginia, Colorado – you should have the same basic privacy rights as anyone, anywhere.”
Various state legislation harder for smaller companies
Tiffith also explained that a patchwork of regulation would hit smaller businesses the hardest. “If you are a small or medium sized business and you are looking at investing more money into your products and service and delivering and reaching customers – you want to do that rather than spending time on hiring more lawyers to deal with ever complicating regulations.
“We need this for the next set of Amazons and Googles of the world to exists,” he said.
While the panelists were able to agree on the fact that current patchwork of laws is not sustainable, they did not agree on how to enforce a federal framework.
A federal body for consumer data protection
Sara Collins, senior policy counsel for internet advocacy group Public Knowledge, voiced benefits to creating a new data protection authority in the US – a body distinct from the Federal Trade Commission – that would focus expressly on matters related to consumer data protection.
Tiffith pushed back, however, arguing that the FTC already does a good job at handling these issues, and is only held back by what he views as under-resourcing. “If you compare the FTC to other protection authorities, they are very under-resourced,” he said. “So, I think instead of us standing up a whole new data protection authority, I think instead, let’s invest that money in the FTC, give them some rules, some limited rulemaking authority, and let’s give them a lot more staff and a lot more money.
“Let them be the cop on the beat,” he said.