‘Privacy horse is sort of out of the barn’: Congress circles closer to federal privacy law
It is looking all but inevitable that Congress will pass a federal privacy law, following Facebook’s Cambridge Analytica scandal, Europe’s roll-out of the General Data Protection Regulation and California’s privacy law that takes effect next year. But the devil is in the details.
For more than a year, Congress has hosted a series of hearings to determine not only whether the legislative body should pass a federal privacy law but what all that law should entail. On May 21, the Senate Judiciary Committee convened the latest of these hearings with a focus on how a federal privacy law would affect the digital advertising industry, especially the duopoly of Facebook and Google.
“We want to do something that is correct the first time around,” said Republican Sen. Marsha Blackburn during Tuesday’s hearing in reference to any potential federal privacy law.
The key points
- Congress appears poised to pass a federal privacy law
- GDPR and California’s privacy laws offer a model for a federal privacy law
- A federal privacy law may preempt state privacy laws
- Congress still needs to determine what privacy controls companies must provide to people
- A federal privacy law will need to deal with the duopoly and may need to be paired with antitrust enforcement
“Do you all agree that the privacy horse is sort of out of the barn? That we’re going to do something on privacy?” Republican Sen. Lindsey Graham asked the panel, which included Brave’s Jonny Ryan, AppNexus’ former CEO Brian O’Kelley, anti trust lawyer Jan Rybnicek and professors Avi Goldfarb from the University of Toronto and Yale economist Fiona Scott Morton.
All members of the panel agreed.
Graham also asked the panel whether GDPR or the California Consumer Privacy Act should serve as a model for a federal privacy law. This time there wasn’t a clear consensus. Ryan, chief policy and industry relations officer at privacy-centric browser company Brave, said that GDPR should be the model, while the other four panelists either chose CCPA or abstained. Democratic Sen. Patrick Leahy suggested that CCPA be the more likely model. “The California Consumer Privacy Act may serve as a model for federal legislation,” he said.
Traditionally, the technology and advertising industries have not been wild about a federal privacy law. But in light of states like California passing their own privacy laws, companies have thrown their support behind a federal privacy law, especially if it would preempt states’ privacy laws. And it appears a federal privacy law would do just that. Graham asked panelists if a federal privacy law should preempt states’ privacy laws, and they all agreed it should. However Ryan had one caveat: A federal privacy law should not undermine states’ privacy laws. Fiona Scott Morton, an economics professor at Yale University, said that states will want to regulate privacy in cases that may not be covered by a federal privacy law.
How to handle consumer control
People’s control over their data would be a centerpiece of any federal privacy legislation. However, it’s yet to be made clear what controls companies would be required to provide to people. Leahy said that companies should be obligated to get people’s consent for the data companies collect and for how they use that data, which suggests a GDPR-like opt-in requirement.
Republican Sen. Joshua Hawley offered an opt-out alternative. During the hearing, he introduced the Do Not Track Act that would give people the option to “make a one-time choice not to be tracked, not to have her data sent to these companies and to stop them from then selling that data to other companies.” Of course, this has been tried before and failed. Hawley acknowledged as much and said that his bill would compel companies to honor people’s do not track requests and would require that companies not discriminate against people who choose to not be tracked, such as by limiting the features or services made available to them.
Dealing with the duopoly
Avi Goldfarb, a marketing professor at the University of Toronto, raised the concern that a federal privacy law could make companies that already dominate the digital advertising market, like Facebook and Google, even more dominant. If people will be asked to consent before allowing a company to collect their information, they may be more likely to give that consent to well-known companies like Facebook and Google than to an upstart platform that would need that information to build up an advertising business in order to compete with the duopoly.
At this point, the absence of a federal privacy law is almost no longer an option, considering the numerous privacy fails at Facebook and other companies.
In order to make sure that a federal privacy law doesn’t give big companies even more of a competitive advantage, it should include a data portability provision, he said, so that people would be able to take their data from a platform like Facebook to another platform that could use that data to grow its business.
The concern that a federal privacy law could be a boon to the duopoly may necessitate increased antitrust enforcement. “My contention is that we need both antitrust enforcement and new privacy protection,” said Democratic Sen. Richard Blumenthal.
Member ExclusiveMarketing Briefing: Ad execs and marketers say this Olympics has ‘lost its luster’
The typical global fervor for the Olympics is lacking this year, making it less of a marketing must than in years previous. More in this week's Digiday+ Marketing Briefing.
Member ExclusiveCMO Summit Recap: How marketers are adjusting to the delayed phase-out of third-party cookies
Digiday’s CMO Summit on July 19-20 covered some of the big issues facing marketers in this pivotal year, including the new timeline for the phase-out of third party cookies.
Cheat sheet: Comscore hopes to ease advertisers off cookies with new contextual targeting play
Comscore is hoping a series of data partnerships will help accelerate a pivot to contextual targeting, as ad buyers prepare for the end of third party cookies.
SponsoredHow the ad industry can use its borrowed time to future-proof first-party data solutions
Trent Lloyd, co-founder and head of brand solutions, Eyeota Google’s updated timeline for its Privacy Sandbox rollout, including its two-year delay of third-party cookie deprecation on Chrome, didn’t come as a surprise to many industry observers, given the limited utility of Google’s FLoC and the slow momentum of the Privacy Sandbox in the World Wide […]
Netflix’s new vp of game development Mike Verdu brings much-needed skillsets
Earlier this month, Netflix doubled down on its commitment to gaming by hiring Mike Verdu to head up its game-development department.
Stagwell bets on organic growth to power its merger with MDC Partners, as it retires the MDC name
Stagwell Group's merger with MDC Partners will close next week, and the new company expects major organic growth.