What will a national data privacy law look like?

Machine language of 1s and 0s 

Lawmakers and industry are increasingly supportive of a federal data privacy law, but Republican and companies are not interested in the kind of proscriptive policies in the European Union's new data rules.

At a Sept. 26 Senate Commerce, Science and Transportation Committee hearing, chairman John Thune (R-S.D.) made the case national legislation to protect user data is necessary, but “the question is what shape that law should take.”

Representatives from AT&T, Amazon, Twitter, Apple and Charter Communications testified they were open to federal legislation, and said that they already take steps to protect consumers, do not sell user data and generally agreed they would support a law requiring clear explanations of how user information is used.

Len Cali, senior vice president for Global Public Policy at AT&T, made the case that the federal government should take the lead before individual states pass disparate privacy laws.

"Federal legislation will be of very little help if it becomes the 51st layer on top of 50 state rules," he said. "We need a comprehensive but singular privacy framework, and it should be a federal, preemptive framework."

Keith Enright, Google’s chief privacy officer, testified that his company’s definition of personal information, in the context of data privacy, is "data that directly identifies an individual user," such as a user's name or email address. The European definition includes "information relating to someone who could be identified based on a variety of identifiers," which Enright and Amazon’s vice president and associate general counsel Andrew DeVore argued doesn't meet the case.

Sen. Richard Blumenthal (D-Conn.) asked why America's stance towards consumer data privacy should differ from Europe’s, and pointed out that none of these companies were pulling out of Europe or out of California, which passed its own strict data privacy law.

"What that tells me is the opposition that you’ve expressed to these rules… is one that can nonetheless accommodate," stricter regulation, Blumenthal said.

The Trump administration has also planted a flag on data privacy. The National Telecommunications and Information Agency put out a request for comment on a new data privacy policy that "reduces fragmentation nationally and increases harmonization and interoperability nationally and globally." In a Sept. 26 Federal Register notice, the NTIA laid out a series of federal policy goals, including harmonizing regulation nationwide, policy interoperability with non-U.S. legal systems and providing incentives for privacy research.

"The Trump administration is beginning this conversation to solicit ideas on a path for adapting privacy to today's data-driven world," said David Redl, who heads the NTIA.

After the hearing, Thune said the bill would probably be introduced next year. By that time, he acknowledged, Democrats could flip control of the Senate, and they would likely push for stronger regulations on tech companies.

The main themes from the testimony, he added, were that industry wants a single national regulation rather than individual state laws, for that law to apply to “all the players in this space,” and they want the Federal Trade Commission to be the primary enforcement body.

Caitriona Fitzgerald, chief technology officer and policy director at the Electronic Privacy Information Center, said, “giving the FTC more authority is not the answer.”

"It is not a data protection agency and has repeatedly failed to enforce its own consent orders," she said, arguing instead "the US needs a dedicated data protection agency."

Sen. Brian Schatz (D-Hawaii) made a similar case against the FTC, in its current form, as the primary regulator, and said that industry’s goal of a preemptive federal law is "only going to get there if this is meaningfully done."

"We're not going to… replace a progressive California law, however flawed you may think it is, with a non-progressive federal law," Schatz said.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.