In the absence of a cohesive federal policy […] the US is going to continue to be missing from the thought leadership table on data protection and privacy issues
Julie Brill
Chief Privacy Officer and Corporate Vice-President for Global Privacy and Regulatory Affairs, Microsoft
Brill is encouraged by states’ efforts to fill the gap left by the federal government. ‘It’s really noteworthy that what they’re doing is precisely what I think the federal government needs to get better at, which is understanding that they’re not going to get it perfect right away and that this is a process – especially when you’re dealing with something that is so central to the rights that individuals have – which is around privacy.’
She praises the particularly bold moves by Californian lawmakers to experiment and revise legislation. ‘In California, there was actually an iteration improvement upon the California law by enacting a second law before the first one ever became effective,’ says Brill. ‘That’s how quickly the states are thinking and moving and how impactful they will be as they continue to think about iteration. It’s just a great example of the state perspective that this isn’t “one and done”.’
Adam Rose, Chair of the IBA Data Protection Governance and Privacy Subcommittee and a partner at Mishcon de Reya in London, agrees that the moves by California and other states are promising. ‘California has adopted a law, which in some regards is more European than the [GDPR] in terms of giving rights to individuals,’ says Rose. ‘If you think of California, its economy is about as big as Europe and it’s the birthplace for loads of technology companies. California has turned around and said [the GDPR provides] a decent balance and it ought to have something like that.’
However, Lee says the state-by-state approach so far has not been in the best interests of companies or consumers. ‘Your right to privacy and access to privacy rights should not depend on the state that you’re located in,’ she says. ‘Leaving privacy to the states may result in different, varying definitions for personal information, different business obligations, and privacy rights that share common themes, but that differ across states. It’s inefficient and burdensome for businesses that will struggle to create a “one size fits all approach” and it creates confusion for consumers.’
Keen to avoid this compliance patchwork headache, Big Tech has been broadly supportive of recent proposals for a harmonised national approach. Growing concerns over data privacy and security have also swayed public opinion on the matter. In a recent poll by Morning Consult and Politico, 56 per cent of registered voters supported the prospect of federal privacy legislation.
In light of upcoming political events and competing priorities, neither Brill nor Lee hold out much hope of the federal government passing privacy legislation this year. However, Brill is already encouraged by the increased level of bipartisan support in this area. ‘I am seeing more bipartisan collaboration and cooperation in privacy than I’ve really seen in my entire career in this space.’
Image: US Flag and cyber security concept PixelHunter/Shutterstock.com