Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

3/24/2021
01:00 PM
Rob Shavell
Rob Shavell
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

What a Federal Data Privacy Law Would Mean for Consumers

With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.

For better or worse, the United States is an outlier across many global metrics, and its approach to consumer privacy is no exception. While most nations are in the process of enacting or strengthening federal privacy laws, the United States is set to become one of the few major global economies without federal online privacy protection. For consumers whose personal information is frequently blatantly abused, this situation needs to change.

Fortunately, in 2021, we are likely to see the first significant push toward a true federal data privacy law in our nation's history. While the adoption of the GDPR in the European Union, the world's largest trading bloc, in 2016 may have made a US equivalent historically inevitable, this push is also driven by tailwinds coming from the state level.

Related Content:

What Can Your Connected Car Reveal About You?

Special Report: Building an Effective Cybersecurity Incident Response Team

New From The Edge: DDoS's Evolution Doesn't Require a Security Evolution

Over the past year, privacy legislation achieved widespread political and public support in a diverse range of states. In California, the most populous state by far, the California Privacy Rights Act's (CPRA) landslide victory in November highlights the public's growing appetite for privacy protection. However, with 75% of Americans saying they want more privacy protection online, it's clearly not just Californians who feel strongly about their online privacy.

What a Federal Privacy Law Might Look Like
With an array of serious proposals from both sides of the political divide, some form of federal privacy law now looks like an inevitability. While far from the only privacy-focused bills currently under consideration, the COPRA and the SAFE Data Act show two different views of what a federal privacy landscape might look like.

On one side of the political debate over privacy, the Consumer Online Privacy Rights Act (COPRA), sponsored in late 2019 by Democratic Sen. Maria Cantwell of Washington, outlines a GDPR-esque privacy environment for the United States. Much to the chagrin of big tech, COPRA would allow consumers to opt out of their data being collected and shared and give individuals the right to sue any organizations that violate their data privacy rights directly. If adopted, the COPRA would also stand in addition to any existing state legislation. This provision means that laws like CPRA would still stand, and the COPRA would not preempt further state-level privacy legislation.

An alternative, more "business-friendly" version of what a federal privacy law might look like can be seen in the SAFE DATA Act. Proposed by a group of GOP senators led by Mississippi Sen. Roger Wicker, SAFE DATA outlines a less stringent vision for federal privacy legislation. Under the SAFE DATA Act, each state's attorney general would enforce online privacy legislation alongside the Federal Trade Commission. The SAFE DATA Act would also make federal legislation take precedence over any existing and future state-level laws and not allow individuals to take action against companies directly.

What Federal Privacy Legislation Needs to Deliver for Consumers
While the two acts mentioned above highlight differences in political opinion about federal legislation, a pragmatic approach to privacy is wise. In my opinion, the best privacy act under consideration is the one that can pass into law. Although what our nation needs now is a strong precedent for federal privacy protection, future amendments and improvements are what will deliver both greater consumer privacy and other benefits like the following.

1. A More Streamlined Online Experience
Americans have an average of 27 online accounts that require different passwords and share users' email addresses and personal info with hundreds of third parties. A federal privacy law would provide the ability to opt out of many of these by removing the need to form a long-term relationship for a one-off transaction.

By requiring a smaller number of online accounts to access the same services, a comprehensive piece of federal privacy legislation would create a far more streamlined online experience. The fewer online accounts you need to access online services, the safer your personal information is.

2. More Choice of Services and Providers
As any federal law is likely to result in a uniform regulatory environment around privacy, businesses would not have to treat customers differently based on their location.

If American privacy laws harmonize with the European GDPR standard, it would also enable greater ability to exchange data internationally. With a single data-privacy standard, Americans could shop more confidently with a broader range of vendors, knowing that every service is subject to the same regulatory regime.

3. Leveraging Your Privacy Preferences
By choosing to "opt in" or "opt out," consumers would be able to leverage the value of their personal information when dealing with businesses. This new freedom could open up new business models and offerings for customers willing to allow companies to use their data.

Final Thoughts
In 2021, privacy is going to be high on the agenda for both the Biden administration and its political opponents. However, while the details of any potential federal legislation are important, the precedent may be more vital. While the first instance of any law will undoubtedly be imperfect, any federal regulatory framework is better than none at all.

Rob Shavell is CEO of Abine/DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Richard F.
100%
0%
Richard F.,
User Rank: Strategist
3/25/2021 | 2:41:48 PM
Federal Privacy Law - State AGs & FTC Ineffective - More Important Priorities
I am a Conservative, but I have also been a Judge, Prosecutor and Deputy AG.  The AGs are primarily state CRIMINAL LAW ENFORCEMENT agencies.  The "Civil Departments" and civil litigation are low priority.

Consumers must have the right to individually enforce their stautory rights for them to be real, effective and actually enforced.  Otherwise those "rights" inevitably go into the black hole of the bureaucracy to die.  Rare, occassional, if and when the bureaucratic timeservers feel like it, enforcement is worthless. 

We would all welcome any AG that would actually join into litigation.  FTC action is so rare and unhelpful to consumers that complaining to it is a complete waste of time, ink and electrons. Consider how effective the FTC is for "Do NOT Call" law "enforcement"?  

Conditioning enforcement on action by the bureaucracy is useless and will eviscerate any supposed "rights."  That is no doubt an unspoken, unacknowledged aspect of the "SAFE DATA Act" that makes it desirable from the tech and advertising companies viewpoint. Their "affiliates" have NO legitimate reason to have my data. Period!!! 

Many consumers, Conservative, Moderate and Liberal all agree that we LOATHE advertising and detest "data aggregators."  Restoring personal control over our own information and the ability to individually litigate to enforce our rights will compel compliance.  Vesting exclusive enforcement in the bureaucracies is what Rush Limbaugh used to call, "an exercise in self entertainment."  

 

 
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35519
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel i...
CVE-2021-20204
PUBLISHED: 2021-05-06
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbi...
CVE-2021-30473
PUBLISHED: 2021-05-06
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
CVE-2021-32030
PUBLISHED: 2021-05-06
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_chec...
CVE-2021-22209
PUBLISHED: 2021-05-06
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.