‘Privacy horse is sort of out of the barn’: Congress circles closer to federal privacy law
It is looking all but inevitable that Congress will pass a federal privacy law, following Facebook’s Cambridge Analytica scandal, Europe’s roll-out of the General Data Protection Regulation and California’s privacy law that takes effect next year. But the devil is in the details.
For more than a year, Congress has hosted a series of hearings to determine not only whether the legislative body should pass a federal privacy law but what all that law should entail. On May 21, the Senate Judiciary Committee convened the latest of these hearings with a focus on how a federal privacy law would affect the digital advertising industry, especially the duopoly of Facebook and Google.
“We want to do something that is correct the first time around,” said Republican Sen. Marsha Blackburn during Tuesday’s hearing in reference to any potential federal privacy law.
The key points
- Congress appears poised to pass a federal privacy law
- GDPR and California’s privacy laws offer a model for a federal privacy law
- A federal privacy law may preempt state privacy laws
- Congress still needs to determine what privacy controls companies must provide to people
- A federal privacy law will need to deal with the duopoly and may need to be paired with antitrust enforcement
“Do you all agree that the privacy horse is sort of out of the barn? That we’re going to do something on privacy?” Republican Sen. Lindsey Graham asked the panel, which included Brave’s Jonny Ryan, AppNexus’ former CEO Brian O’Kelley, anti trust lawyer Jan Rybnicek and professors Avi Goldfarb from the University of Toronto and Yale economist Fiona Scott Morton.
All members of the panel agreed.
Graham also asked the panel whether GDPR or the California Consumer Privacy Act should serve as a model for a federal privacy law. This time there wasn’t a clear consensus. Ryan, chief policy and industry relations officer at privacy-centric browser company Brave, said that GDPR should be the model, while the other four panelists either chose CCPA or abstained. Democratic Sen. Patrick Leahy suggested that CCPA be the more likely model. “The California Consumer Privacy Act may serve as a model for federal legislation,” he said.
Traditionally, the technology and advertising industries have not been wild about a federal privacy law. But in light of states like California passing their own privacy laws, companies have thrown their support behind a federal privacy law, especially if it would preempt states’ privacy laws. And it appears a federal privacy law would do just that. Graham asked panelists if a federal privacy law should preempt states’ privacy laws, and they all agreed it should. However Ryan had one caveat: A federal privacy law should not undermine states’ privacy laws. Fiona Scott Morton, an economics professor at Yale University, said that states will want to regulate privacy in cases that may not be covered by a federal privacy law.
How to handle consumer control
People’s control over their data would be a centerpiece of any federal privacy legislation. However, it’s yet to be made clear what controls companies would be required to provide to people. Leahy said that companies should be obligated to get people’s consent for the data companies collect and for how they use that data, which suggests a GDPR-like opt-in requirement.
Republican Sen. Joshua Hawley offered an opt-out alternative. During the hearing, he introduced the Do Not Track Act that would give people the option to “make a one-time choice not to be tracked, not to have her data sent to these companies and to stop them from then selling that data to other companies.” Of course, this has been tried before and failed. Hawley acknowledged as much and said that his bill would compel companies to honor people’s do not track requests and would require that companies not discriminate against people who choose to not be tracked, such as by limiting the features or services made available to them.
Dealing with the duopoly
Avi Goldfarb, a marketing professor at the University of Toronto, raised the concern that a federal privacy law could make companies that already dominate the digital advertising market, like Facebook and Google, even more dominant. If people will be asked to consent before allowing a company to collect their information, they may be more likely to give that consent to well-known companies like Facebook and Google than to an upstart platform that would need that information to build up an advertising business in order to compete with the duopoly.
At this point, the absence of a federal privacy law is almost no longer an option, considering the numerous privacy fails at Facebook and other companies.
In order to make sure that a federal privacy law doesn’t give big companies even more of a competitive advantage, it should include a data portability provision, he said, so that people would be able to take their data from a platform like Facebook to another platform that could use that data to grow its business.
The concern that a federal privacy law could be a boon to the duopoly may necessitate increased antitrust enforcement. “My contention is that we need both antitrust enforcement and new privacy protection,” said Democratic Sen. Richard Blumenthal.
‘It took the heat out of people’s situations’: Agencies provide mental health support for employees’ kids
Parents have been anxious about the effect of the pandemic on their kids' mental health and agencies have had to step up their support.
As consumers migrate to e-commerce, marketers are increasing email marketing efforts
Brand marketers say email marketing has steadily been increasing as more and more consumers look to shop online.
Cheat sheet: Twitter experiments with shoppable cards
Twitter is taking another stab at shoppable content, with a new card feature aimed to convince users to follow through with purchases.
SponsoredPeople-based identifiers are driving personalized customer experiences
Marketing teams are now well into 2021, and third-party cookies along with mobile ad IDs are officially on notice, which has implications for all marketers. Soon, cookie- and device-based targeting, frequency capping, measurement and attribution will break. Evolving privacy regulations and policy changes from browsers and device makers have sparked many proposed solutions to replace […]
‘How to telegraph energy’: The coronavirus pandemic has agencies mulling the future of the pitch
Agency execs say elements of the pitch process may have changed forever — the amount of time and financial investment devoted to chasing new business, for example.
‘Gateway to anything a marketer can dream up’: Touchless commerce has normalized the QR code, and brands are giving it a second look
As consumers are more comfortable with using QR codes, so are marketers who are planning to add them to packaging and ads.