By Olivia Bond, MPP '22
In the recent panel of the Exploring Options: Overcoming Barriers to Comprehensive Federal Privacy Legislation webinar, Professor Chris Hoofnagle presented an interesting perspective: We’re not ready for federal privacy legislation.
He asserted that, “…as long as the innovators see privacy as a historical accident and just as an impediment to them making money, they’re not going to follow [a law], even if you pass one.” He continued, analogizing our current state on federal privacy legislation to, “the point where the tobacco company executives come up and say cigarettes aren’t addictive; they’re not harmful.”
In the 15 years between the tobacco executives’ false assertions and the introduction of tobacco regulations, cigarette smoking caused close to 450,000 premature deaths in the U.S. each year.
The FTC has been advocating for the passage of federal privacy legislation for over 20 years. While the stakes are not quite so life and death in this case, the premise is the same: If lawmakers continue to wait until those who profit from the exploitation of Americans’ privacy rights are “ready,” the United States will continue to fail to build a sustainable digital infrastructure, and Americans will continue to have their personal information stolen without hope of restitution.
The issue is not that the most important people in the technology industry do not recognize what a valuable commodity privacy is, but rather the reverse. Leaders of large technology firms realize exactly how much is at stake for them should the value of privacy be taken seriously and, not dissimilar to the analogous tobacco executives, want to preserve their interests for as long as they can.
I, a non-lawyer, will not pretend to understand the legal intricacies of federal privacy legislation. But in listening closely to the nuanced debate between panelists, the issue seems to be just that: nuanced. Yet, it does not seem that a legitimate, respected argument remains that calls for zero privacy protections. Following that logic, passing a federal privacy law that affords everyone in the country protection from a ubiquitous threat seems like an obvious next step to me.
However, the conversation amongst the panelists made clear that, “passing a federal privacy law” is no longer a sufficient recommendation. It is a complicated matter, and the complexity persists not in what to do, but how. I agree with Commissioner Wilson’s suggestion: federal privacy legislation should be passed as a baseline to ensure consistency in both consumers’ understanding of the rights afforded to them and businesses’ understanding of the standards they must uphold. States can then fill gaps to meet specific needs of their populous or to make certain regulations more stringent.
Panelist Stacey Gray highlighted a valid point of hesitancy to passing preemptive federal privacy legislation. Hundreds of existing state privacy laws would be at risk of being wiped out by preemptive federal legislation, not just the newer, more well-known omnibus privacy laws. If Congress did pass a federal privacy law as a baseline, these laws would need to be addressed through savings clauses, and the federal legislation itself would need to be written so as to allow for continuous evolution to prevent ossification.
If the last 20 years have indicated anything about federal privacy legislation, it is that action may not be expeditious. In the meantime, privacy advocates could push Congress to grant the FTC supervisory capabilities, allowing it to wield stronger oversight over tech platforms’ privacy and competition practices. As Commissioner Wilson asserted, the potential for the FTC to be a high-quality enforcement agency is there. With the proper nourishment and adequate resources, the FTC could be well-equipped to carry out the task. This idea is not an entirely novel or outlandish one. Indeed, President Barack Obama’s Privacy Bill of Rights intended for the FTC to legally enforce codes of conduct based on the outlined protections.
Such legislation would perhaps serve as an intermediary steppingstone on the path to federal privacy legislation. Regardless of what additional steps become necessary, the bottom line remains: we cannot wait until those wielding the most power in the technology industry become suddenly amenable to losing their unfettered access to consumer data. Strengthening the FTC’s supervisory capacity could at least signal to skeptics that privacy is, in fact, a value worth protecting, and that the tide shifting towards more widespread privacy protections is inevitable.
Olivia Bond is a second-year Master of Public Policy candidate at the Sanford School of Public Policy. Prior to attending Duke, Olivia earned a degree in Economics from the University of Nebraska-Lincoln and was a Teach For America corps member.