On July 11 in Washington, D.C., the U.S. Chamber of Commerce hosted Data Done Right, a summit for all things related to data privacy. The conference featured discussions of the policy issues surrounding consumer data and the businesses that use it, the future of tech innovation and ways to protect individual privacy while promoting innovation and certainty. A variety of speakers shared perspectives on data privacy and the many ways in which the United States could implement data privacy laws.
Californians for Consumer Privacy Chairman Alastair Mactaggart highlighted the risks posed to consumers by current technologies, such as geofencing, in home devices and automobiles, as well as the potential to manipulate voting. These risks led Mactaggart to create a ballot initiative resulting in the passage of the California Consumer Privacy Act (CCPA) to protect consumer data from being sold without an individual’s consent. CCPA’s main goals were to establish transparency – letting consumers know what information is collected about them and giving them control over whether it can be sold – and to hold companies accountable for keeping the data safe from theft. Despite significant opposition from large tech companies such as Google, Microsoft, Amazon and Verizon, the initiative passed the California State Assembly and the California State Senate unanimously. CCPA, which only covers big businesses and data brokers, gives consumers the choice to allow a company to collect information but prevent the company from selling it, and it keeps companies from holding and reselling consumer information, which would raise the risk of theft.
Federal Trade Commission (FTC) Commissioner Noah Joshua Phillips highlighted the agency’s consumer privacy protection efforts through its Section 5 authority and statutes such as the Fair Credit Reporting Act and the Children’s Online Privacy Protection Act. Phillips said that the two primary reasons for enacting federal data privacy legislation are that privacy violations can result in serious harm to consumers and that having a national law would provide a uniform framework for regulating the collection and use of data that would be effective for both consumers and companies.
During a Q&A on potential federal privacy legislation, Phillips said he believes that penalties relating to data violations should be on a graduated scale to prevent the hindrance of innovation due to fear of repercussions. He encouraged Congress to focus on specific aspects of data privacy in any proposed legislation, review the European Union’s General Data Protection Regulation to determine which elements of that law could be applied to the United States, and task the FTC with enforcing data regulations.
Tom Wilson, chairman, CEO and president of The Allstate Corporation, gave a presentation on the economic side of data. Wilson noted that companies like Google and Facebook collect and sell consumer data in order to provide their services for free. He proposed a “Digital Bill of Rights” focused on individual ownership of data that would present data policy agreements in understandable terms and give consumers choices in how their data is managed. He highlighted four options for consumer choice: the guest agreement option would limit a service to collecting data related only to the viewing purposes of the user on that service; the closed agreement option would allow the service to collect consumer data but prevent it from being sold; the anonymous agreement option would allow the service to collect consumer data and sell it while keeping the consumers’ personal information anonymous; and the open agreement option would allow the service to collect and sell consumers’ information under any circumstances. Wilson also discussed the importance of digital footprints.
Data Done Right also featured other speakers and discussions related to data privacy. A recording of the event can be viewed here.