What will a national data privacy law look like?

Machine language of 1s and 0s 

Lawmakers and industry are increasingly supportive of a federal data privacy law, but Republican and companies are not interested in the kind of proscriptive policies in the European Union's new data rules.

At a Sept. 26 Senate Commerce, Science and Transportation Committee hearing, chairman John Thune (R-S.D.) made the case national legislation to protect user data is necessary, but “the question is what shape that law should take.”

Representatives from AT&T, Amazon, Twitter, Apple and Charter Communications testified they were open to federal legislation, and said that they already take steps to protect consumers, do not sell user data and generally agreed they would support a law requiring clear explanations of how user information is used.

Len Cali, senior vice president for Global Public Policy at AT&T, made the case that the federal government should take the lead before individual states pass disparate privacy laws.

"Federal legislation will be of very little help if it becomes the 51st layer on top of 50 state rules," he said. "We need a comprehensive but singular privacy framework, and it should be a federal, preemptive framework."

Keith Enright, Google’s chief privacy officer, testified that his company’s definition of personal information, in the context of data privacy, is "data that directly identifies an individual user," such as a user's name or email address. The European definition includes "information relating to someone who could be identified based on a variety of identifiers," which Enright and Amazon’s vice president and associate general counsel Andrew DeVore argued doesn't meet the case.

Sen. Richard Blumenthal (D-Conn.) asked why America's stance towards consumer data privacy should differ from Europe’s, and pointed out that none of these companies were pulling out of Europe or out of California, which passed its own strict data privacy law.

"What that tells me is the opposition that you’ve expressed to these rules… is one that can nonetheless accommodate," stricter regulation, Blumenthal said.

The Trump administration has also planted a flag on data privacy. The National Telecommunications and Information Agency put out a request for comment on a new data privacy policy that "reduces fragmentation nationally and increases harmonization and interoperability nationally and globally." In a Sept. 26 Federal Register notice, the NTIA laid out a series of federal policy goals, including harmonizing regulation nationwide, policy interoperability with non-U.S. legal systems and providing incentives for privacy research.

"The Trump administration is beginning this conversation to solicit ideas on a path for adapting privacy to today's data-driven world," said David Redl, who heads the NTIA.

After the hearing, Thune said the bill would probably be introduced next year. By that time, he acknowledged, Democrats could flip control of the Senate, and they would likely push for stronger regulations on tech companies.

The main themes from the testimony, he added, were that industry wants a single national regulation rather than individual state laws, for that law to apply to “all the players in this space,” and they want the Federal Trade Commission to be the primary enforcement body.

Caitriona Fitzgerald, chief technology officer and policy director at the Electronic Privacy Information Center, said, “giving the FTC more authority is not the answer.”

"It is not a data protection agency and has repeatedly failed to enforce its own consent orders," she said, arguing instead "the US needs a dedicated data protection agency."

Sen. Brian Schatz (D-Hawaii) made a similar case against the FTC, in its current form, as the primary regulator, and said that industry’s goal of a preemptive federal law is "only going to get there if this is meaningfully done."

"We're not going to… replace a progressive California law, however flawed you may think it is, with a non-progressive federal law," Schatz said.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.