Data collection makes the internet run. Data are collected when internet users interact with search engines, social media, news or retail websites, streaming services, and mobile apps for everything from payments to dating. There are two potential levels of data collection in the average interaction with a website or mobile app: an initial point of information collection (sometimes a point of sale) and a second level where third parties can receive user information.
These types of data collection are not malicious actions. They’re the reason information can flow seamlessly online. To improve their businesses and services, companies everywhere learn about and aggregate data on their customers. Often, user data are made available for sale to third parties for their own commercial purposes, but data collectors are not always transparent about this practice. That’s why the current “privacy” debate is really about data collection. What data are collected, how they’re shared, and how long they’re kept are all important parts of the data privacy discussion.
Current US data collection and protection requirements are not clearly defined and differ across state and federal jurisdictions. But privacy — especially as it relates to the internet and data collected online — is difficult for legislative bodies to define because so much information is gathered and shared to make the technology function. The best thing policymakers can do for end users is to establish clarity and parity between the laws and regulations relating to data collection on consumers.
At a recent Senate Commerce Committee hearing on legislative proposals for consumer data privacy, Maureen Ohlhausen, formerly a commissioner and acting chair of the Federal Trade Commission, testified in favor of enacting a comprehensive federal privacy law. She noted that inconsistency, complexity, and confusion around data privacy regulation is at an all-time high in the US, which is a burden to consumers. She described the looming patchwork of inconsistent regulation as states move to enact their own privacy regulations, which could make consumers’ information subject to different protections in different jurisdictions. As state legislators take action in this space, Ohlhausen made an important point.
Data (and, increasingly, commerce) knows no state boundaries. For this reason, state intervention in this quintessentially interstate issue is problematic, no matter how well intentioned it may be. A proliferation of different state privacy requirements would create inconsistent privacy protections for consumers, as well as significant compliance and operational challenges for businesses of all sizes. It also erects barriers to the kind of innovation and investment that is a lifeblood of our nation’s economy and to many beneficial and consumer-friendly uses of information. Indeed, even the authors of California’s 2018 privacy law recognized the wisdom of preempting municipal privacy laws.
Ohlhausen gets it right: Federal action preempting state laws is necessary to eliminate confusion and help both consumers and businesses have a clear understanding of data collection. As policymakers explore creating federal privacy legislation, the questions they need to be asking are how data are collected (by including by third parties), who data are shared with once they’re collected, and whether data collectors are transparent about these relationships.
How data are stored and the level of security that protects data should be part of the data collectors’ responsibilities as well. Data collection, maintenance, and protection are part of a process that businesses or the government can define and then be accountable to. A federal data protection law is only as good as the level of clarity it provides on data collection, maintenance, protection, and disposal. Congress is well positioned to provide guidelines that will serve as a good first step for giving consumers greater clarity and control over the process by which their data is collected and transferred.
The post The privacy debate is really about data collection and federalism appeared first on American Enterprise Institute – AEI.