{"id":16476,"date":"2019-05-16T02:23:01","date_gmt":"2019-05-16T02:23:01","guid":{"rendered":"https:\/\/www.lifeandnews.com\/articles\/?p=16476"},"modified":"2019-05-17T14:29:34","modified_gmt":"2019-05-17T14:29:34","slug":"congress-is-considering-privacy-legislation-be-afraid","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/congress-is-considering-privacy-legislation-be-afraid\/","title":{"rendered":"Congress is considering privacy legislation \u2013 be afraid"},"content":{"rendered":"

Jeff Sovern<\/a>, St. John’s University<\/a><\/em><\/p>\n

Supreme Court Justice Louis Brandeis called privacy the \u201cright to be let alone<\/a>.\u201d Perhaps Congress should give states trying to protect consumer data the same right.<\/p>\n

For years, a gridlocked Congress ignored privacy, apart from occasionally scolding companies such as Equifax<\/a> and Marriott<\/a> after their major data breaches. In its absence, states have taken the lead in experimenting with privacy-related laws.<\/p>\n

California, for example, recently passed legislation<\/a> giving citizens the right to know what data businesses have on them \u2013 and to block the information\u2019s sale to third parties. It\u2019s the first of its kind<\/a> in the U.S. and has prompted lawmakers<\/a> in other states to try to follow suit.<\/p>\n

That\u2019s gotten the attention of businesses, especially in tech, which have been lobbying Congress<\/a> to preempt a possible patchwork of state laws with what could amount to a weaker federal one. Some observers predict<\/a> this could be that rare issue that inspires bipartisan compromise in Congress this year.<\/p>\n

Sounds like great news, right?<\/p>\n

Wrong.<\/p>\n

As someone who has studied privacy for nearly two decades<\/a>, I believe consumers are better off if Congress doesn\u2019t intrude and lets states keep experimenting on how to best protect Americans\u2019 personal data.<\/p>\n

Following California\u2019s lead<\/h2>\n

It may be hard to remember, but there was a time when companies were able to keep data breaches secret, so that consumers didn\u2019t even know hackers had their information and that they needed to take steps to protect themselves.<\/p>\n

Then California\u2019s data breach law<\/a> took effect in 2003. California requires companies that suffer data breaches to notify affected consumers as well as the state\u2019s attorney general.<\/p>\n

As lawmakers elsewhere learned from these notifications just how common data breaches had become, the other 49 states followed suit<\/a>. The result is that more than 8,000 data breaches affecting more than 11 billion records<\/a> have been made public \u2013 and all without Congress doing a thing.<\/p>\n

If states had not acted on their own, Americans might never have learned about the Equifax or Marriott breaches, or about the 1,244 breaches affecting 446 million records that occurred just last year<\/a>.
\nAnd just as other states followed California on breaches, some are attempting to do the same on privacy legislation.<\/p>\n

The California Consumer Privacy Act<\/a>, which will take effect next year, will give Californians the right to learn what companies know about them and the kinds of businesses they sell that information to, as well as the right to block such sales. Consumers will also be able to require companies to delete information on them in some circumstances.<\/p>\n

Legislators in states<\/a> including Massachussetts<\/a>, Washington<\/a> and New York<\/a> have introduced similar privacy bills this year.<\/p>\n

\"\"
California has taken the lead on protecting consumer data.<\/span>
\nAP Photo\/Don Thompson<\/a><\/span><\/figcaption><\/figure>\n

Congressional intrusion<\/h2>\n

But Congress could bring this experimentation to a halt if lawmakers enact a weaker privacy bill that overrides state laws, as industry lobbyists are seeking<\/a>.<\/p>\n

Congress frequently preempts state laws. For example, the federal arbitration law<\/a> prevents states from regulating arbitration agreements, even barring states from merely requiring<\/a> that contracts require arbitration on the first page.<\/p>\n

I don\u2019t mean to say that there\u2019s no room for Congress to get involved. Most Americans still lack important privacy protections, and Congress could help fill that gap.<\/p>\n

But rather than circumventing state laws, a federal privacy law should work in partnership with them \u2013 just as federal laws regulating auto safety such as airbag requirements<\/a> operate in tandem with state regulations that govern related issues such as how fast motorists can drive.<\/p>\n

Industry advocates, however, don\u2019t want federal and state laws to exist side by side because they say companies will have trouble following the rules of different states. Businesses had the same concerns about state data breach laws, and testimony from Marriott\u2019s CEO<\/a> suggests the company didn\u2019t find it too troublesome to comply with them, however different.<\/p>\n

It\u2019s more likely, then, that companies realize that it will be easier for their lobbyists to win a victory in one legislature \u2013 Congress \u2013 than in 50 states.<\/p>\n

Lobbyists have also argued<\/a> consumers would be bewildered by such a patchwork of state privacy laws. They claimed<\/a>, for example, that a consumer driving from Biloxi, Mississippi, to Bellevue, Washington, would be confused by the different privacy regimes she would encounter.<\/p>\n

But that same person \u2013 during that same drive \u2013 copes with a wide variety of traffic laws. Drivers seem to be able to navigate those different laws just fine.<\/p>\n

New tech, new threats to privacy<\/h2>\n

Another concern is that technology is continually improving, with each new advance creating a new privacy challenge for consumers that they cannot now foresee.<\/p>\n

Biometrics is an example of an issue that only in recent years has become a serious privacy concern. It\u2019s one thing to use facial recognition software to unlock your phone, another if companies are able to buy your image so they can tailor the ads<\/a> you see to what you look like.<\/p>\n

Illinois was at the forefront of innovation when in 2008 it passed a statute<\/a> that prevents companies from selling information about consumers\u2019 fingerprints, retina scans, voiceprints and similar items and requires companies to notify consumers before capturing biometric information. Other states, like Texas<\/a> and Washington state<\/a>, have since enacted similar laws.<\/p>\n

\"\"<\/a>
Louis Brandeis dubbed privacy the \u2018right to be left alone.\u2019<\/span>
\nAP Photo<\/a><\/span><\/figcaption><\/figure>\n

But it\u2019s another reason a federal privacy law preventing states from experimenting may be worse than no federal law at all. Federal preemption would mean states could no longer respond to threats to privacy. And consumers would have only Congress to turn to for a remedy. Given that the last major consumer privacy law<\/a> at the federal level is already two decades old, it\u2019s hard to believe the frequently frozen Congress would keep up with the times.<\/p>\n

Worse, consumers would risk losing their only bargaining chip in the fight over their personal data: companies\u2019 fear that states might put a stop to whatever they\u2019re doing.<\/p>\n

Brandeis, a prophet on privacy<\/a>, called<\/a> the states the \u201claboratories of democracy.\u201d Let\u2019s see what results the labs produce before we stop experimenting \u2013 and risk learning the best solutions.\"The<\/p>\n

Jeff Sovern<\/a>, Professor of Law, St. John’s University<\/a><\/em><\/p>\n

This article is republished from The Conversation<\/a> under a Creative Commons license. Read the original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Jeff Sovern, St. John’s University Supreme Court Justice Louis Brandeis called privacy the \u201cright to be let alone.\u201d Perhaps Congress should give states trying to protect consumer data the same right. For years, a gridlocked Congress ignored privacy, apart from occasionally scolding companies such as Equifax and Marriott after their major data breaches. In its […]<\/p>\n","protected":false},"author":44,"featured_media":16470,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[277],"tags":[3793,272,2069,614,612,1870,4257,4317,527,138,3396,166,4240,525,255],"_links":{"self":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/16476"}],"collection":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/comments?post=16476"}],"version-history":[{"count":2,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/16476\/revisions"}],"predecessor-version":[{"id":16481,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/posts\/16476\/revisions\/16481"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media\/16470"}],"wp:attachment":[{"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/media?parent=16476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/categories?post=16476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lifeandnews.com\/articles\/wp-json\/wp\/v2\/tags?post=16476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}