Last month, we published a podcast on data privacy featuring Cam Kerry, senior fellow at the Brookings Institution and former general counsel of the Department of Commerce. In 2012, President Obama tasked Kerry with running an Administration-wide effort to develop a “Consumer Privacy Bill of Rights.” He remains one of America’s leading experts on the need for comprehensive privacy reform and how to pass it.
Kerry’s recommendations sound a lot like the recommendations we’ve heard at the hundreds of briefings we have held with local business leaders on privacy, cyber security, net neutrality, and broadband access. We’ve combined Kerry’s recommendations with those from our briefings in a new issue brief: A Comprehensive Guide to Consumer Data Privacy. We encourage you to use our issue brief and follow Cam at @cam_kerry.
Here are six things to know:
1. Current privacy laws cannot keep up. Thanks to (1) billions of new devices, (2) thousands of new applications, (3) greater bandwidth that moves data faster, and (4) increasingly cheap data storage, the global volume of data doubles every two years.
2. The range of information that companies collect that can uniquely identify you is growing very quickly. Traditionally, laws have focused on “personally identifiable” data (like Social Security numbers) and “sensitive” data (like health records). But as companies track more of your actions online and over your phone, they build ever-richer data “profiles” on you. Privacy laws need to be updated to reflect this new reality. Individual data points that may not be sensitive on their own can be aggregated to form detailed, highly personal profiles. This makes defining “personal information” or “sensitive information” more difficult. When a company that collects your data shares it with a third party, your risk grows even more.
3. Today’s reliance on “consumer notice and consent” is unworkable. The terms and conditions we agree to when we click “accept” are too long to read, difficult to understand, and offer little protection. We must establish affirmative duties that shift responsibility from consumers to the businesses collecting and using their data.
4. A comprehensive approach is critical — and growing more popular. Our network generally prefers a “tech neutral” approach that treats application providers, data brokers, broadband providers, and retailers alike – so that no player gets a free pass. Most also favor a national standard over 50 different state standards. Data doesn’t respect state lines, and even the smallest small business conduct a lot of business across state lines.
5. The “context” under which you share data should govern what companies can do with it. If you share your location with Uber to allow Uber’s driver to find you, Uber should not be able to track and share your location between rides with third parties that have nothing to do with its ride sharing service.
6. As public concern grows, a deal becomes more likely. Privacy advocates are growing more powerful. Tech executives, adapting to privacy regulations in Europe and facing a growing number of state privacy bills, are looking for certainty here in the U.S. Republicans in Congress have grown more open to regulations they blocked during the Obama Administration.
This last point may surprise you, but the fact is efforts by the Obama Administration and decades of work by consumer advocates – combined with headlines about Cambridge Analytica and other dubious businesses – has created an opportunity we must seize.
Listen to the podcast: