As Congress considers several online privacy and data security bills, market-oriented experts are cautioning against over-regulation.
An all-out effort to protect individual privacy sounds good, the experts said, but onerous regulations could stifle innovative start-ups and have the unintended effect of further entrenching large internet technology companies such as Facebook and Google.
Bills filed by Sens. Brian Schatz (D-Hawaii), Ron Wyden (D-Ore.), Amy Klobuchar (D-Minn.) and John Neely Kennedy (R-La.) would address various consumer-privacy concerns, such as expanding the definition of “sensitive data” and simplifying online user agreements.
But the heavy-handed General Data Protection Regulation, implemented in Europe in May last year, and California’s Consumer Privacy Act, scheduled to take effect on Jan. 1, 2020, are also influencing the nascent congressional debate.
“Stringent data-privacy regulations like the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act require significant compliance costs on companies, even those that are rather small,” said Jennifer Huddleston Skees, a research fellow at the Mercatus Center at George Mason University.
“Larger companies are more likely to be able to absorb these costs or reallocate resources to compliance,” Skees said in an email, adding that a variety of businesses, from newspapers to video games, have already opted out of the EU market, due to hefty new regulatory costs.
That means companies such as Facebook, Apple, Amazon, Netflix, and Google, or the so-called FAANG, would have a substantial advantage over their competition, even before wielding their immense networks of lobbyists and paid political influencers.
Roslyn Layton, a visiting scholar at the American Enterprise Institute, acknowledges congressional lawmakers’ genuine concern for internet consumers, but calls it a “mistake” to equate consumer protection with increased government control.
“In Europe, the GDPR is driving the opposite of its promised results. Users report less trust in online systems as regulation has increased, and Google, Facebook, and Amazon have gained market share since GDPR took effect,” Layton wrote.
Data Dissemination Act
A possible solution is the American Data Dissemination Act, introduced by Sen. Marco Rubio (R-Fla.), on Jan. 16.“Your data is incredibly valuable, and for the most part, it is not even yours,” Rubio said.
The proposal would require the Federal Trade Commission to develop rules for tech companies to follow based on the Privacy Act of 1974.
It would also prohibit most disclosures of private records unless individuals give written consent, and further calls for consumers to be able to correct inaccurate records.
‘Question Who Has Access’
In March 2018, a major political scandal erupted when it was revealed that Cambridge Analytica, a British consulting firm, had harvested the personal data of 87 million Facebook users without their consent. Much of the data was used in paid political targeting efforts.Facebook initially refused to comment, but Facebook CEO Mark Zuckerberg would eventually testify in a series of contentious congressional hearings. The scandal became symbolic of a larger problem and the urgent need for consumer protections.
“While this individual incident was sufficiently troublesome,” Rubio said, “consumers have plenty of reasons to question who has access to their data when they provide it to an online entity” and whether their data is secure.
State Pre-emption
Key to Rubio’s proposal is a pre-emption feature that “shall supersede” any state laws or relevant provisions.Although he never mentions the California Consumer Privacy Act in his op-ed or bill press release, the Florida Republican seems committed to overriding it. The California law was approved by the Democratic-controlled state legislature and signed into law by former Gov. Jerry Brown.
It includes harsh penalties of up to $7,500 per data violation, something the pro-market conservative naturally opposes.
“My bill also takes important precautions to ensure it does not entrench large, incumbent corporations. Facebook, Apple, Amazon, Netflix, Google, and others would welcome cumbersome regulations that prevent start-ups and smaller competitors from challenging the FAANG’s current dominance,” Rubio said, appearing to draw congressional battle-lines for impending negotiations.
More impartially, Mercatus Center researcher Skees said a pre-emption feature makes practical sense.
“Federal preemption of state laws concerning data privacy could prevent the development of a patchwork of state laws that place burdens on speech and interstate commerce and potentially stifle innovation,” she said.
Friends Read Free