Skip to main content

“The State of the Net Conference is America’s premier Internet policy conference series. Each year it brings together Internet stakeholders in government and in the private sector to explore the potential of a decentralized global internet to promote communications, commerce, and democracy.”

At this year’s State of the Net, Internet Association Vice President and Associate General Counsel Elizabeth Banker participated in the panel “Cloudy with a Chance of Legislation The Past, Present, and Future of U.S. Privacy Policy.” The Editor of The Privacy Advisor at the International Association of Privacy Professionals Angelique Carson moderated the group of diverse panelists, which included Partner at Baker Botts LLP Maureen K. Ohlhausen, Vice President for Policy at the Center for Democracy & Technology Chris Calabrese, Deputy General Counsel at Workday Jason Albert, and Partner at Covington Terrell McSweeny.

The panel started with a discussion of the current privacy landscape in the U.S. States across the country have passed their own laws, with a variety of scale, regulations, and compliance requirements, but Congress has yet to introduce comprehensive federal legislation that addresses internet privacy concerns for all Americans. A federal law is critical to establishing consistent expectations for consumers across state lines in today’s digital age. The U.S. needs a law that gives consumers full control over the data they provide to companies, including the ability to access, delete, correct, and to move their data from one provider to another. 

The idea of notice and choice was mentioned in the panel, and Elizabeth highlighted flaws with the outdated regime. There are certain types of activity where consumers request a product or service and shouldn’t be asked to consent to each data processing activity that is required to deliver that product or service. If someone requests a ride-share service, for example, it’s reasonable for a consumer to expect that the service will share the user’s location with the driver in order to get picked up — and additional consent from the consumer isn’t necessary. Elizabeth noted that consent should be reserved for situations where a use of data is not consistent with a consumer’s expectation and they need to make informed decisions about how their data will be used. 

Meaningful enforcement is another critical component of any federal privacy legislation. Elizabeth spoke to the industry’s support for a unified, well-funded regulator like the FTC to ensure consistent application and interpretation of the law. The FTC has the necessary expertise to be the lead enforcement agency to protect consumers, enforce any new privacy law consistently, and provide small and large businesses across industries the guidance they need to comply.

The panel shifted to discuss the various privacy models U.S. policymakers can consider when drafting comprehensive legislation, such as Europe’s General Data Protection Regulation (GDPR). Elizabeth made the point that we should be mindful of the need for interoperability with GDPR, but Congress should adopt a uniquely American approach to privacy that is consistent with U.S. sensibilities and expectations. An American approach to privacy legislation should prioritize protecting people’s privacy while allowing for continued U.S. leadership in technology. 

The discussion concluded with the panelists’ predictions regarding the likelihood of seeing meaningful federal privacy legislation in 2020. The panel universally agreed that there should be a uniform, national standard implemented in the near future. Elizabeth added that high-level of engagement is happening across all levels of government, which is building momentum to move forward legislation at the federal level. There was broad agreement among panelists that Congress needs to introduce comprehensive federal legislation to ensure all Americans have strong privacy protections, regardless of where they live or the type of company they interact with.

 IA’s Privacy Principles For A Modern National Regulatory Framework can be found here.