The last attempt creating the first comprehensive national data privacy law in the United States is causing the typical nonsense in Washington. But through the mess in Congress and elsewhere in the US, we are finally seeing progress in defending Americans against the rampant information-gathering economy.
What emerges is a growing consensus and a set of (imperfect) laws that give people real control and companies more responsibility to tame the near-unlimited collection of our data. Given all the bickering, tacky lobbying tactics and… stalemate, it may not seem to win up close. But it is.
Let me zoom in on the big picture in the US tech companies like Facebook and Google, mostly unknown data brokers and even the local grocery store collecting a piece of data about us that could help their businesses.
We benefit from this system in some ways, including when businesses find customers more efficiently through targeted advertising. But the existence of so much information about virtually everyone, with few restrictions on its use, creates conditions for abuse† It also contributes to the public distrust of tech and technology companies. Even some companies that have benefited from unlimited data collection are now saying that the system needs reform.
Smarter policies and enforcement are part of the answer, but there are no quick fixes — and there will be drawbacks. For years, some consumer privacy advocates have argued that Americans need a federal data privacy law that protects them wherever they live. Members of Congress have discussedbut failed to pass such a law in recent years.
The weird thing is that big companies, policy makers on both sides and privacy die-hards seem to agree that a national privacy law is welcome. However, their motivations and visions for such a law are different. This is where it gets frustrating.
A consortium including business and technology trading groups was launched Marketing campaign recently required a federal privacy law — but only under very specific conditions, to minimize disruption to their business.
They want to make sure every federal law would do that ignoring stronger state privacy laws, so companies can follow one guideline instead of dozens of potentially conflicting guidelines. Companies can also hope that a law passed by Congress is less disruptive to them than the Federal Trade Commission, who now has a Democratic majoritytools.
This is one of those legislative tug-of-war that is inappropriate from the outside and enrages longstanding consumer privacy advocates. Evan Greer, director of digital rights group Fight for the Future, told me she sees what corporate lobbyists support as “watered down, industry-friendly laws that provide privacy in name only.”
Behind the mud, however, there is a rise agreement on many essential elements of a federal privacy law. Even the biggest sticking points — whether a federal law should override stronger state laws, and whether individuals can sue for privacy violations — now seem to have workable middle ground. One possibility is that federal law would override future state laws, but not existing ones. And people can get the right to sue for privacy violations under limited circumstancesalso for repeated violations.
Laws are not a panacea for our digital privacy mess. Even smart government policies lead to unwanted trade-offs, and sometimes poorly designed or inadequately enforced laws make matters worse. Sometimes new laws can feel pointless.
Most people’s experience with Europe’s far-reaching digital privacy regulations 2018, the General Data Protection Regulation or GDPR, are annoying pop-up notifications about data tracking cookies. The first of two of California Digital Privacy Notices theoretically gives people control over how their data is used, but in practice it often involves fill in heavy forms† And recent data privacy laws in Virginia and Utah usually gave industry groups what they wanted†
Is there any of that progress in protecting our data? A little bit yes!
Some privacy advocates may disagree, but even imperfect laws and shifting mindsets among the public and policymakers are profound changes. They show that the flaws of America’s data-harvesting system are unraveling and that more responsibility is shifting to data-gathering companies, not individuals, to preserve our rights.
“Progress doesn’t seem like quite perfect laws; there is no such thing. It looks like fits and starts,” Gennie Gebhart, the activism director for the Electronic Frontier Foundation, a privacy advocacy group, told me.
I don’t know if there will ever be a federal privacy law. Gridlock Rules, and such regulation is difficult. But behind the lobbying and indecision, the terms of the data privacy debate have changed.
Before we go…
-
Yikes in cryptocurrencies: The prices of Bitcoin and other cryptocurrencies have fallen steadily, which according to my colleague David Yaffe-Bellany shows that cryptocurrencies increasingly resemble risky tech stocks†
Also, the TerraUSD virtual currency is believed to be worth $1 each, and has collapsed far below that level. This is why it’s so importantfrom my colleagues at DealBook.
-
The local florist now delivers for Amazon: To speed up deliveries in rural parts of the US, Amazon has been experimenting with paying a few dollars per package to small businesses to deliver orders to nearby homes. reported†
-
Instagram believed that a new dad was interested in “disability” and “anxiety.” A Washington Post columnist examines why disturbing images interrupted his newborn baby’s Instagram feed and advocates a way to reset social media algorithms when they don’t work for us† (A subscription may be required.)
Hug for this
puppyppppy come right to your face†
We want to hear from you. Tell us what you think of this newsletter and what else you want us to discover. You can reach us at ontech@nytimes.com.
If you have not yet received this newsletter in your inbox, then sign up here† You can also read previous On Tech columns†
