fbpx

privacy

National privacy bill exempts and empowers gov’t agencies over real consumer privacy

FOR IMMEDIATE RELEASE | April 18, 2024

WASHINGTON, D.C. – A new federal privacy bill has surfaced in Congress that introduces sweeping changes for how the privacy rights of American citizens are regarded and respected.

The bill, known as the American Privacy Rights Act, is the latest serious attempt by a bipartisan cohort of congressional legislators to address Americans’ privacy rights online, as well as the obligation of companies, nonprofits, and organizations that cater to them.

Though the bill addresses important principles for privacy legislation, it also unduly burdens many innovative services that Americans enjoy, as well as totally exempts government agencies from having to follow privacy rules.

Yaël Ossowski, deputy director of the Consumer Choice Center, reacts:

“A national privacy bill that preempts the patchwork of state laws is a necessity in the 21st century. As more leaks, hacks and unauthorized disclosures of American’s personal and financial data make their way online, individuals are left with little recourse to address harms.

“While this new privacy bill addresses important principles, such as requiring transparency of data collected, the ability for consumers to have portable access to their information, and mechanisms for punishing bad actors, it goes too far in granting government agencies power over private contracts and business models while exempting any agency from those same privacy rules,” said Ossowski.

“The particular provision creating a new private right of action, unheard of in any other global privacy bill, would inevitably become a quagmire that will litter our justice system with bogus and outrageous claims, all the while empowering politically connected trial attorneys who stand the most to gain. This would ultimately degrade the quality and raise of the prices of goods and services that consumers depend on and would do nothing to safeguard user privacy.

“In addition, the specific section on universal “opt-outs” for targeted ads amount to a de facto ban on specific algorithms used by any social media service, cutting off the ability for small businesses and entrepreneurs to reach and properly inform consumers of their goods and services.

“The bill also grants extraordinary new powers to the Federal Trade Commission, far beyond its mandate of punishing unfair and deceptive practices, which give the FTC the ability to halt any new algorithmic model if it deems it in violation of any statue, putting innovation in both artificial intelligence and the Internet itself at risk.

“All of these issues, coupled with the outright exemption for all government agencies, who handle most of our sensitive data, demonstrate that this privacy bill needs severe changes if it wishes to protect consumers while also championing American innovation,” Ossowski.

“We look forward to providing additional context and research to the House and Senate Commerce Committees, in the good faith effort to create a much nimbler and more appropriate bill to balance protecting Americans’ privacy and safeguarding innovation that we can all benefit from,” concluded Ossowski.

The Consumer Choice Center has published its own comprehensive analysis of the bill, available here.

The Consumer Choice Center is a nonpartisan consumer advocacy group that champions the benefits of freedom of choice, innovation, and abundance in everyday life.

The CCC represents consumers in over 100 countries across the globe. We closely monitor regulatory trends in Ottawa, Washington, Brussels, Geneva, Lima, Brasilia, and other hotspots of regulation and inform and activate consumers to fight for #ConsumerChoice. Learn more at consumerchoicecenter.org.

A new federal privacy bill overdoses on empowering agencies over helping consumers

Late last week, a discussion draft of a new federal privacy bill was uploaded to the cloud server of the US Senate Commerce Committee and made public.

The bill, known as the American Privacy Rights Act, is the latest serious attempt by a bipartisan cohort of congressional legislators to address Americans’ privacy rights online, as well as the obligation of companies, nonprofits, and organizations that cater to them.

There are been numerous attempts at national privacy bills, but this is the first version that seemingly has bipartisan agreement across both the US House and Senate.

At the Consumer Choice Center, we have long championed the idea of a national privacy law, putting forth what we believe are the important principles such a law should have:

  • Champion Innovation
  • Defend Portability
  • Allow Interoperability
  • Embrace Technological Neutrality
  • Avoid patchwork legislation
  • Promote and allow strong encryption

Now that a serious bill has been put forward, authored by Sen. Maria Cantwell (D-WA) and Rep. Cathy McMorris Rogers (R-WA), both chairs of the Commerce Committee in their respective congressional chambers, we’ll address what we consider to be helpful but perhaps also harmful to both consumer choice and future tech innovation if this bill remains in its current form.

Granted, this is a working draft of the bill, and will (hopefully) be updated after feedback. For those who are interested, here’s the latest primer on the bill from the bill authors.

I also provided some additional comments on this bill in a recent Q&A with Reason Magazine, which I’d encourage you to read here if you’re interested.

Off we go.

What’s to like:

A national privacy law is both necessary and welcomed. Not only because it would override the overly stringent state-level privacy laws in places like California and Virginia, but because it would provide uniform policy for consumers and companies that wish to offer them goods and services. 

And also because, as compared to the European Union and other countries, our privacy rights as Americans differ widely depending on the services or sectors we interact with, our IP address, and where we happen to live. And considering the hundreds of privacy policies and terms of service we accept each and everyday, there are vastly different frameworks each of these contracts import.

Here are some positives on the American Privacy Rights Act:

  • Preemption of state privacy laws is a good measure introduced in the bill, particularly when it comes to the strict and overbearing California privacy law, which has become a standard bearer due to California’s huge population and company base.
    • This provides legal stability and regulatory certainty, so that consumers can know their particular rights nationwide, those who interact with these laws can begin to learn and implement them, and there is universality that protects everyone.

  • Data portability is an important principle and could conceivably become an easily enforceable section of privacy legislation. This should be both reasonable and accessible. This would include the exporting of information collected by a particular service or app, as well as any key account details, so that information can be ported over to competing services if consumers want to change things up.
    • Examples: open banking, exportable social profiles, info, etc.
    • Ideally, this information would be exportable using non-proprietary data formats.

  • Transparency on what data is collected and by whom (mostly data brokers) is also a good measure included in the bill. Most tech services and app stores have made this a key feature of what they provide because it’s important to consumers.
    • A registry of data brokers, which would be required, seems inoffensive and would be a good measure of transparency, as would a privacy policy requirement, which most sites already provide and which major app stores require.
    • However, as we’ll mention later, government agencies (particularly law enforcement) are not barred from interacting with data brokers to circumvent warrants, which puts a lot of data of Americans at risk.
      • Sen. Ron Wyden (D-OR) introduced S.2576, the Fourth Amendment Is Not For Sale Act, to deal with this issue and its counterpart in the House successfully passed yesterday.

These three points found throughout the bill do measure up to the principles we’ve outlined in the past. Data portability, avoiding patchwork legislation, and transparency over what data is collected and what isn’t. Most online services already offer this information in privacy policies, and when mediated through cell phone or computer app stores, consumers have direct insight into what is collected.

This is a good starting point, and does demonstrate that the legislators are working in good faith to try to protect Americans’ privacy.

But while those are important, these should also be balanced with consumer access to innovative goods and services, which are cornerstone to our ability to choose the technology we want.

What’s not to like:

While a strong national privacy law is vital, we should also make certain that it is balanced, appropriate, and fair. Consumer protection is an overarching concern, but so should responsible stewardship of data if consumers want it, as well as the ability to access innovation to improve our lives.

These aspects of the bill are more troublesome, as they would likely invite more problems than they would solve.

  • An outright veto on targeted advertising is unworkable and would ultimately work against consumers. It would also basically cut off an important revenue source for most online services that consumers appreciate and use everyday.
    • This algorithmic style of reaching out to willing users implements geo-targeting and personalization, which are key to the consumer experience, and are a willing trade-off for consumers who want to use free or otherwise heavily discounted services.
    • They are also a prime concern for small businesses who rely on targeted ads to reach their customers, whether that be through ads online
    • At the same time, the prohibition on large social media companies offering paid subscription plans to those who don’t want to participate in targeted advertising seems counterintuitive and goes against the spirit of what is trying to be achieved here.
    • A privacy bill is supposed to be about giving consumers ultimate autonomy and decision rights, not outlawing a particular business model.

  • Inventing a right of “opt-out” would necessarily create several tiers of consumers, and would complicate virtually any business’ attempt to collect necessary information on their consumers. It would be a de-facto ban on targeted advertising, as social media services specifically would also be unable to offer “paid” versions to their users, and small businesses would not be able to use social networks to advertise to consumers who they believe would like to buy their goods or use their services.

  • Data minimization is a good principle, but it’s an unworkable legal standard because it would vary so widely depending on any app, nonprofit, or company.
    • Data needs change depending on how firms and organizations evolve, and whatever standard this law would enforce would likely make it more difficult for companies to scale and offer better and more affordable services to consumers in the future.

  • One of the more offensive parts of the bill would be the private right of action, which would be more encompassing than any privacy bill in the world. It would also not allow suits to be settled in arbitration, meaning every lawsuit – no matter its merits – will have to be reviewed by a judge.
    • Private right of action would empower plaintiff attorneys and deter innovation on the part of firms, vastly bloating our justice system.
    • This wouldn’t be positive for consumers, as it would likely raise the cost of goods and services, and would generally add to the overall litigious nature of the US judicial system.
    • At the Consumer Choice Center, we’ve long campaigned on rolling back the excesses of our tort law system and introducing simple legal reforms to better serve those who are legitimately harmed by companies.

  • 🚨The bill exempts government agencies at every level from any privacy obligations. This is a glaring red flag, especially considering the amount of sensitive data that has been routinely leaked, hacked, or made available to the public when it shouldn’t have been. Exempting government agencies from privacy rules is an egregious mistake.
    • If a state’s database of say, gun owners, is leaked (as happened in California). No crime, no foul. The same if a local or city government leaks your income information, Social Security number, healthcare data, or any other type of information. This should be immediately addressed in the bill to introduce parity.

  • Prior restraint for algorithms, which gives the Federal Trade Commission and other agencies veto power on all “computer processes” before they can be used by the public. This means the FTC would need access to all algorithms and AI innovations before launch, which would absolutely have a chilling effect on innovation and restrict entrepreneurial data projects and development of AI models.
    • This would be a huge VETO on American free enterprise and the future of tech innovation in our country, and risk exporting our best and brightest abroad.

  • The FTC would be responsible for the enforcement of these rules, as well as state attorneys generals, but a lot would be litigated in private rights of action (torts, etc.), which would generally favor incumbents who have the resources to comply. So while much of this bill is aimed at trying to reign in “Big Tech,” they paradoxically will likely be the only firms with the significant power to comply.
    • In addition, the Department of Justice and the FTC have built a reputation as anti-tech forces in our federal government. Would this newfound power lead to better goods and services for consumers, or more limited options that would bode well with regulatory authorities for ideological purposes. This is a difficult pill to swallow in either case.

Is there another way forward?

Assuming most of the glaring issues with this bill are fixed – the soft ban on targeted advertising, exempting of government agencies, empowerment of bogus lawsuits by private right of action, the inability to bring cases to arbitration, FTC’s powerful veto power over algorithmic innovation – there are elements that are favorable to those who want a good balance of consumer choice and innovation in our economy while protecting our privacy.

While all these are measures that a national privacy bill could address, there is still much more that we as individuals can do ourselves, using tools that entrepreneurs, developers, and firms have provided to us to be both more private and free. We hope legislators will take these concerns seriously, and amend some of these provisions in the draft bill.

The normalization of end-to-end encryption in messaging, data, and software has been a great counterbalance to the endless series of leaks, hacks, and unnecessary disclosures of private data that have caused objective harm to citizens and customers. We hope this is encouraged and becomes default for digital services, as well as remains protected for use by both firms and consumers.

For another view, the International Center on Law and Economics has an interesting paper on the idea of “choice of law” as the better approach for privacy rights, opening up selection of a particular privacy regime to market choice rather than top-down legislation, similar to private commercial courts in the United Arab Emirates. This would allow states to compete for business by offering the most balanced privacy law, which could spurn a lot of innovative thinking about better ways to approach this.

That said, this is technically how it has been de facto practiced in the country today, and California has won by default owing to its large population. I’m not sure we would be able to trust too many other states to craft balanced but effective privacy laws that wouldn’t create more trouble than it would solve. But I would be happy to be proven wrong.

While this privacy bill is ambitious, and covers a lot of ground that is vital for privacy concerns, there are still many elements that would require sweeping changes before it should be palatable for consumers who desire choice, prefer innovation, and what to ensure that our society remains both free and prosperous.

FTC Chair Lina Khan’s social media crusade is now just an expensive, taxing grudge against consumers who want cool tech

Red X on all your apps (generated by Midjourney AI)

WASHINGTON, D.C. – Extending its crusade against select social media firms, the Federal Trade Commission proposed several scathing amendments to a 2020-era privacy order with Meta on Wednesday, hoping to issue a blanket ban on “monetizing” youth data, a halt on all new innovations or product upgrades, and key criteria on privacy provisions.

The FTC has already attempted to halt several high-profile acquisitions by tech firms since Lina Khan’s ascension to FTC chair, including Microsoft’s purchase of video game company Activision, and Meta’s acquisition of the VR fitness app Within.

Yaël Ossowski, deputy director of the consumer advocacy group Consumer Choice Center, responds:

“These retaliatory actions prove the FTC is now subsumed by a hyperactive crusade against all mergers and acquisitions – and effectively consumer choice, especially when it comes to new technologies. This has a chilling effect on any and all new innovators and remains incredibly paternalistic to tech-native consumers who want robust competition.

“Business models come and go, and consumers should be the ones rewarding or punishing firms and services they want or don’t want to use, not the federal agencies temporarily in charge of competition policy,” added Ossowski.

The accusations by the competition agency that Meta has failed with respect to privacy also seem a bridge too far, especially considering the convoluted patchwork of state privacy laws and federal agency mandates that exist in lieu of a comprehensive federal law to safeguard consumer privacy.

“As consumer advocates, we regard privacy and data security as the most fundamental elements of a consumer’s online experience. But while there are true bad actors that exist and are actively committing offenses right now, the FTC is dead-set on pursuing an ideological agenda against a handful of American tech innovators, all the while excusing or remaining blind to the real privacy violations committed by foreign apps that have much larger reach and sway among young people.

“The FTC’s social media crusade is now just an expensive, taxing grudge against consumers who want cool tech. Consumers would prefer the agency punish bad actors and bad behavior rather than corner American tech companies into a labyrinth of compliance no one could ever reasonably pass.

“We as consumers deserve a vibrant online marketplace where the winners are chosen by us instead of whichever political faction happens to control a federal agency,” concluded Ossowski.

##

The Consumer Choice Center is an independent, non-partisan consumer advocacy group championing the benefits of freedom of choice, innovation, and abundance in everyday life.

We champion smart policies that are fit for growth, promote lifestyle choice, and embrace tech innovation for tens of thousands of our members and society-at-large, using research and educational outreach to policymakers and the broader public. Learn more at consumerchoicecenter.org.

Fun Police

ConsEUmer Podcast

Consumer Choice Center Cast

Follow us

Facebook-f Twitter Instagram Linkedin Youtube Spotify

Contact Info

712 H St NE PMB 94982
Washington, DC 20002

info@consumerchoicecenter.org

© COPYRIGHT 2024, CONSUMER CHOICE CENTER

Scroll to top
en_USEN
it_ITIT pt_BRPT fr_FRFR es_ESES de_DEDE en_USEN