Brill is also concerned that the lack of a unified domestic approach could hamper the country’s ability to drive global policy and standards in this space. ‘In the absence of a cohesive federal policy that’s spelled out in some kind of a law, the US is going to continue to be missing from the thought leadership table on data protection and privacy issues.’
Jessica Lee, Chair of the IBA Cybersecurity and Surveillance Committee and Co-Chair of the Privacy, Security & Data Innovations at Loeb & Loeb in New York, agrees there’s an urgent need for federal privacy legislation. ‘There is value in having a national standard for privacy,’ she says. ‘Our patchwork approach to privacy leaves gaps in privacy obligations that could be addressed by a comprehensive federal privacy law. These gaps create uncertainty for businesses and leave consumers unprotected.'
In lieu of federal legislation, states have stepped into the breach. In early February, Massachusetts state lawmakers progressed a digital privacy bill that aims to give residents more autonomy over their online personal information. If it passes, it’ll become the fourth state after California, Colorado and Virginia to push through its own comprehensive privacy legislation. Dozens of other states have bills waiting in the wings.
In the absence of a cohesive federal policy […] the US is going to continue to be missing from the thought leadership table on data protection and privacy issues
Chief Privacy Officer and Corporate Vice-President for Global Privacy and Regulatory Affairs, Microsoft
Brill is encouraged by states’ efforts to fill the gap left by the federal government. ‘It’s really noteworthy that what they’re doing is precisely what I think the federal government needs to get better at, which is understanding that they’re not going to get it perfect right away and that this is a process – especially when you’re dealing with something that is so central to the rights that individuals have – which is around privacy.’
She praises the particularly bold moves by Californian lawmakers to experiment and revise legislation. ‘In California, there was actually an iteration improvement upon the California law by enacting a second law before the first one ever became effective,’ says Brill. ‘That’s how quickly the states are thinking and moving and how impactful they will be as they continue to think about iteration. It’s just a great example of the state perspective that this isn’t “one and done”.’
Adam Rose, Chair of the IBA Data Protection Governance and Privacy Subcommittee and a partner at Mishcon de Reya in London, agrees that the moves by California and other states are promising. ‘California has adopted a law, which in some regards is more European than the [GDPR] in terms of giving rights to individuals,’ says Rose. ‘If you think of California, its economy is about as big as Europe and it’s the birthplace for loads of technology companies. California has turned around and said [the GDPR provides] a decent balance and it ought to have something like that.’
However, Lee says the state-by-state approach so far has not been in the best interests of companies or consumers. ‘Your right to privacy and access to privacy rights should not depend on the state that you’re located in,’ she says. ‘Leaving privacy to the states may result in different, varying definitions for personal information, different business obligations, and privacy rights that share common themes, but that differ across states. It’s inefficient and burdensome for businesses that will struggle to create a “one size fits all approach” and it creates confusion for consumers.’
Keen to avoid this compliance patchwork headache, Big Tech has been broadly supportive of recent proposals for a harmonised national approach. Growing concerns over data privacy and security have also swayed public opinion on the matter. In a recent poll by Morning Consult and Politico, 56 per cent of registered voters supported the prospect of federal privacy legislation.
In light of upcoming political events and competing priorities, neither Brill nor Lee hold out much hope of the federal government passing privacy legislation this year. However, Brill is already encouraged by the increased level of bipartisan support in this area. ‘I am seeing more bipartisan collaboration and cooperation in privacy than I’ve really seen in my entire career in this space.’
Image: US Flag and cyber security concept PixelHunter/Shutterstock.com