In recent months, new privacy rules have gone into effect in the European Union and have been adopted by state of California. Is it time for U.S. privacy legislation at the federal level? On July 26, the Center for Technology Innovation hosted a panel of experts from think tanks, industry, and trade groups to consider this question. CTI Fellow Nicol Turner-Lee moderated a discussion that featured Nuala O’Connor of the Center for Democracy and Technology, Karen Zacharia of Verizon, and Melika Carroll of the Internet Association. The panel covered what they would want to see in federal privacy legislation, why not all data should be treated the same, privacy enforcement mechanisms, and cultural differences in attitudes toward privacy.
All could agree that federal privacy legislation was necessary because consumers should have a baseline level of trust that their data is being used properly. A national approach would apply the same rule to all players, avoiding a patchwork of state laws with different requirements. A patchwork approach would not cover the full breadth of data privacy concerns, given that the internet does not stop at state borders. Legislation should also include some built-in flexibility to adapt to rapidly changing technology. It should build protections around the data that is most important to consumers, since data security is a necessary precursor to privacy. The panelists expressed optimism that educating lawmakers on these issues would lay the groundwork for legislation in the near future.