There seems to be growing consensus on the need for a US federal privacy law along the lines of Europe’s GDPR. There is now bipartisan support in Congress, with Republicans and Democrats alike in favor of legislation.
They don’t, however, agree on the best way to go about it …
Reuters reports on the conflict.
Democratic and Republican lawmakers both stressed the need for bipartisan privacy legislation on Wednesday but seemed divided on how willing they were to strengthen the Federal Trade Commission, which is expected to be tasked with enforcing an eventual law […]
Subcommittee Chairwoman Jan Schakowsky, a Democrat, was one of several people who favored increased funding for the Federal Trade Commission as well as stronger rule-making authority as part of a bill to protect users’ privacy online.
The top Republican on the panel, Cathy McMorris Rodgers, also said that she would support a national standard for data privacy and wanted to hold companies accountable for violations.
But she worried about giving more power to the agency, saying she did not want to the FTC to be converted into “a massive rule-making regime.”
In other words, the Democratic view is that Congress should give the FTC powers to make and enforce privacy rules, while the Republican view is that the legislative branch should create the rules, and the FTC should simply be empowered to enforce them.
The FTC itself just wants its brief to be as clear and specific as possible.
FTC Chairman Simons, backed by Democratic Commissioner Rohit Chopra, urged that any legislation have clear and specific rules.
Simons asked for enhanced rule-making authority for the agency to enforce any privacy legislation but pressed for it to be limited to the one issue.
“Please do not do it. Do not give us broad rule-making authority. Give us targeted rule-making authority,” he said. “The last thing that we want is for you to dump that question on us.”
Passing privacy legislation ought to be simple. It’s not only backed by lawmakers on both sides of the aisle, but also by tech giants like Apple, Google and Facebook. While the latter two companies might be expected to oppose restrictions on their use of personal data, the prevailing view in Silicon Valley appears to be that it’s better to know what they can and can’t do and be able to make plans on that basis.
Apple CEO Tim Cook has praised Europe’s adoption of GDPR – the toughest privacy laws ever created – and said that the US should follow this lead.
We at Apple are in full support of a comprehensive federal privacy law in the United States. There, and everywhere, it should be rooted in four essential rights: First, the right to have personal data minimized. Companies should challenge themselves to de-identify customer data—or not to collect it in the first place. Second, the right to knowledge. Users should always know what data is being collected and what it is being collected for. This is the only way to empower users to decide what collection is legitimate and what isn’t. Anything less is a sham. Third, the right to access. Companies should recognize that data belongs to users, and we should all make it easy for users to get a copy of…correct…and delete their personal data. And fourth, the right to security. Security is foundational to trust and all other privacy rights.