The latest attempt to create the first broad national data privacy law in the United States is causing the typical nonsense in Washington. But from the mess in Congress and elsewhere in the U.S., we’re finally seeing progress in defending Americans from the unrestrained information-harvesting economy.
What’s emerging is a growing consensus and a body of (imperfect) laws that give people real control and companies more responsibility to tame the nearly limitless harvesting of our data. Given all the bickering, tacky lobbying tactics and gridlock, it might not look like winning from up close. But it is.
Let me zoom out to the big picture in the U.S. Tech companies like Facebook and Google, mostly unknown data middlemen and even the local supermarket harvest any morsel of data on us that might help their businesses.
We benefit from this system in some ways, including when businesses find customers more efficiently through targeted ads. But the existence of so much information on virtually everyone, with few restrictions on its use, creates conditions for abuse. It also contributes to public mistrust of technology and tech companies. Even some companies that have benefited from unrestricted data collection now say the system needs reform.
Smarter policy and enforcement are part of the answer, but there are no quick fixes — and there will be downsides. Some consumer privacy advocates have said for years that Americans need a federal data privacy law that protects them no matter where they live. Members of Congress have discussed, but failed to pass, such a law over the past few years.
The weird thing now is that big companies, policymakers in both parties and privacy die-hards seem to agree that a national privacy law is welcome. Their motivations and visions for such a law, though, are different. This is where it gets frustrating.
A consortium that includes corporate and technology trade groups kicked off a marketing campaign recently that calls for a federal privacy law — but only under very specific conditions, to minimize the disruption to their businesses.
They want to make sure that any federal law would overrule stronger state privacy laws, so businesses can follow one guideline rather than dozens of potentially conflicting ones. Businesses may also hope that a law passed by Congress is less disruptive to them than anything the Federal Trade Commission, which now has a Democratic majority, implements.
This is one of those legislative tugs of war that is unseemly to watch from the outside and enraging to longtime consumer privacy advocates. Evan Greer, director of the digital rights group Fight for the Future, told me she sees what corporate lobbyists are supporting as “watered down, industry-friendly laws that offer privacy in name only.”
Behind the muck, though, there is emerging agreement on many essential elements of a federal privacy law. Even the biggest sticking points — whether a federal law should override stronger state laws, and whether individuals can sue over privacy violations — now seem to have workable middle grounds. One possibility is that the federal law would overrule any future state laws but not existing ones. And people might be given the right to sue for privacy breaches under limited circumstances, including for repeat violations.
Laws are not a cure-all for our digital privacy mess. Even smart public policies produce unwanted trade-offs, and sometimes poorly designed or inadequately enforced laws make things worse. Sometimes new laws can feel pointless.
Most people’s experience with Europe’s sweeping 2018 digital privacy regulation, the General Data Protection Regulation or G.D.P.R., is annoying pop-up notices about data tracking cookies. The first of two of California’s digital privacy provisions in theory gives people control over how their data is used, but in practice often involves filling out onerous forms. And recent data privacy laws in Virginia and Utah mostly gave industry groups what they wanted.
Is any of that progress on protecting our data? Kinda, yes!
Some privacy advocates may disagree with this, but even imperfect laws and a shifting mind-set among the public and policymakers are profound changes. They show that the defaults of America’s data-harvesting system are unraveling and more responsibility is shifting to data-collecting companies, not individuals, to preserve our rights.
“Progress looks like not completely perfect laws; there is no such thing. It looks like fits and starts,” Gennie Gebhart, the activism director for the Electronic Frontier Foundation, a privacy advocacy group, told me.
I don’t know if there will ever be a federal privacy law. Gridlock rules, and such regulation is tricky. But behind the lobbying and the indecision, the terms of the debate over data privacy have changed.
Before we go …
-
Yikes in cryptocurrencies: The prices of Bitcoin and other cryptocurrencies have been falling steadily, which my colleague David Yaffe-Bellany said shows that cryptocurrencies are increasingly resembling risky tech stocks.
Also, the virtual currency TerraUSD is supposed to be worth $1 each, and it has collapsed far below that level. Here’s why that’s a big deal, from my colleagues at DealBook.
-
The local florist now delivers for Amazon: To speed up deliveries in rural parts of the U.S., Amazon has been experimenting with paying small businesses a few dollars per package to deliver orders to nearby homes, Recode reported.
-
Instagram believed that a new dad was interested in “disability” and “fear.” A Washington Post columnist explores why disturbing images interrupted his newborn’s Instagram feed and advocates for a way to reset social media algorithms when they don’t work for us. (A subscription may be required.)
Hugs to this
Puppppppy coming straight for your face!
We want to hear from you. Tell us what you think of this newsletter and what else you’d like us to explore. You can reach us at ontech@nytimes.com.
If you don’t already get this newsletter in your inbox, please sign up here. You can also read past On Tech columns.