State Legislators Prioritizing Privacy

Last week, The Council of State Governments (CSG) held its annual conference in Puerto Rico, bringing together bi-partisan state lawmakers from across the country to engage in thoughtful discourse and learn about issues impacting their constituents. Policy Fellow Jeremy Greenberg shares key privacy themes that resonated through the event: 

• State legislators feel the need to “do something” in terms of protecting the right to privacy. Even legislators with no privacy expertise are feeling overwhelming pressure to respond to concerns from the media and their constituents. While states like California, Washington, and New York are well-staffed and well-funded, others do not have the necessary resources to develop privacy legislation. 
• There are poor perceptions of progress on a federal level. Most state legislators are under the impression that there is little or no agreement in Congress in terms of developing comprehensive federal privacy legislation. In actuality, we may be further along than legislators think. Senate Commerce Committee Leaders recently introduced two federal privacy bills that are closer together on most issues than they are apart. Other experts agree that we could see a bipartisan proposal capable of passage in 2020. 
• Policymakers are worried about elections and the microtargeting of political ads. In light of the Cambridge Analytica scandal, legislators are worried about how user data will be used to influence politics. Following the Snowden revelations and increasing data breaches and identity theft, there has been growing public discontent on the state of privacy protection in the U.S., with the Cambridge Analytica scandal seen by many as the “final straw.” The FTC recently issued an Opinion and Final Order against Cambridge Analytica for engaging in “deceptive practices to harvest personal information from tens of millions of Facebook users for voter profiling and targeting.” However, by focusing on whether the method of data collection was deceptive to consumers, the opinion demonstrates that we currently lack the legal tools to conceptualize that the way data was used was itself harmful. 

Greenberg also shared takeaways from the three panels he spoke on: 

• Securing the Internet of Things – Moderated by John Bowers of the Berkman Klein Center, panelists discussed a range of issues pertaining to internet-connected devices. Cheryl Hiemstra, Assistant Attorney General at the Oregon Department of Justice, provided an overview of the state’s recently-passed IoT security legislation. Going into effect on January 1, the new law requires manufacturers of connected devices to equip them with “reasonable security features.” Greenberg touched on FPF’s work in the IoT space, citing an infographic on microphone use in IoT devices, how IoT devices should deal with privacy impacts for people with disabilities, and more. 
• Lunch: The Landscape of Privacy Legislation – During this panel, Greenberg discussed the history of CCPA, key privacy provisions in the legislation, and The California Privacy Rights Act of 2020 (commonly referred to as CCPA 2.0). Puerto Rico Senator Carmelo Ríos Santiago mentioned that he introduced a similar bill. Although it gained little traction when initially introduced, he expressed an interest in bringing the bill back. Other states such as Washington, Maine, Utah, Nebraska, and Colorado, are also rumored to be working on their own privacy bills. 
• What’s Next? Embracing the Future – Joined by The Aspen Institute’s Shelly Steward, Institute for the Future’s Dylan Hendricks, and John Bowers, Greenberg addressed concerns around 5G cell technology and how it will affect individuals. Hendricks shared insights on how augmented reality and virtual reality technologies will be used for training in the workplace, while Steward discussed the future of employment as related to the gig economy.

In order to provide policy experts with tools and resources to be better informed on data privacy legislation in 2020, FPF recently launched its Privacy Legislation Series. In this series, we are exploring specific legislative aspects of comprehensive privacy laws, in an effort to provide U.S. lawmakers and other policy experts with the resources and tools needed to be prepared to evaluate the range of Federal and State efforts in 2020.