Industry Panel of Observers Argues for Federal Privacy Rules That Preempt State Laws
WASHINGTON, July 15, 2019 – An industry-focused panel of observers of privacy issues argued that a federal approach the topic needs to preempt state-based data protection. At the Monday event hosted by CompTia, these officials went so far as to suggest that federal privacy rules would be more protec
WASHINGTON, July 15, 2019 – An industry-focused panel of observers of privacy issues argued that a federal approach the topic needs to preempt state-based data protection. At the Monday event hosted by CompTia, these officials went so far as to suggest that federal privacy rules would be more protective than those of states.
Because privacy legislation has an impact across all sectors of the economy, regulations need to be uniform nationwide, said Qualcomm Vice President Scott Goss on Monday.
Goss said that state-by-state laws designed to protect privacy do not provide enough clarity for both consumers and companies. In some cases, businesses may need to alter their operations if they perform interstate transactions.
State-by-state laws can also be considered “anti-privacy,” said Yael Weinman, associate general counsel of privacy at Verizon, as they often require more personal data to be effective. Moreover, she said, sale of data is difficult to regulate because it’s defined differently depending on the state.
Hanging in the background of most privacy debates is the California Consumer Privacy Act (PDF), was passed last year, but doesn’t go into effect until 2020, and only if Congress fails to pass privacy legislation.
The U.S. is the only developing economy in the world without comprehensive privacy legislation, said Goss. In some respects, CCPA follows the European Union’s General Data Protection Regulation.
The concepts that the CCPA outlines make sense, said Weinman. For instance, the right to access, the right to delete and the right to opt out of the sale of personal data. But these concepts are limited to consumer choice. CCPA also contains technical language which makes it confusing to identify compliance with these laws.
Consumers shouldn’t have to “figure out” on their own when their data is safe and when it is not, said Chris Calabrese, vice president of policy at the Center for Democracy and Technology.
An ideal comprehensive law would look to not only include consumer control but better privacy outcomes, said Goss. It would have to clearly define personal data and ensure that data protection is prioritized to people, not electronic devices.
Companies should also appoint people to take charge of privacy practice, he said, in order to mitigate the risks of technology before it ends up in the consumer’s hands.
People currently feel that they have no power in controlling their data, said Calabrese. By creating “meaningful limitations” on entities using data, consumers will have more ways to protect their information.
The GDPR is a “harmonization” of the various ways EU member states approached privacy issues, said Goss. The U.S. needs to look at other countries as an example to better understand the idea of a comprehensive privacy law.
(Photo by Masha Abarinova.)