After confirmation by US intelligence officials of interference on the part of foreign actors in the 2016 presidential election and the enactment of a groundbreaking state privacy law in California, the issue of data privacy has gotten the attention of Washington. Legislators are now working to understand what shape any federal data privacy regulation might take. A new federal data privacy law would be the first of its kind and has the potential to significantly affect the business models of big tech. But new rules would not impact big tech alone. The influence of new data privacy rules across the broader digital economy is likely to leave no business sector unaffected.
I recently discussed the issue of data privacy – and its seemingly limitless implications – with Fred Eames, partner at the law firm Hunton Andrews Kurth and specialist in privacy and cybersecurity policy and legislation.
Old Rules vs. New Rules
Eames notes that while the US law has many well-established privacy rights and codes of conduct related to business and consumer behavior, the sheer breadth and scope of data ushered in by the digitization of the global economy represents a variety of new challenges to legislators and policymakers. “About 20 years ago or so,” says Eames, “people started thinking about the fact that computing power was creating a whole lot more data, and it was becoming possible to create through data a much more detailed picture of each one of us.” What followed, Eames explains, was attempts by businesses to self-regulate and create guidelines around the best use and protection of consumer data. However, Eames suggests that there is a growing consensus that these efforts aren’t enough. “Now there’s a sense,” he says, “I think not just in Congress but in the public in general, that some businesses just aren’t going to do the right thing, and that data can combine from various sources to become so vivid and so consequential that the risk to consumers is too great, that we need to have something more than voluntary practices.”
The California Effect
The California Consumer Privacy acted will come into effect on New Year’s Day 2020. Eames says California’s new state mandates on data privacy have informed how the issue is being discussed at the federal level. Eames says that Congress recognizes the problems that a patchwork of state privacy laws could cause in a globally-connected economy – and is now motivated to develop a larger legislative framework.
Implications for Business
Eames suggests that one of the biggest challenges to achieving agreement around what shape any federal privacy regulation might take is the need to establish a cross-sector consensus from businesses on data uses cases. What’s more, more work is need to understand what level of data privacy protections are demanded by consumers and what policies can be created to ensure that varying consumer preferences regarding privacy can be met. Any final regulation, according to Eames, will need to satisfy business leaders, have reasonable penalties and enforcement, and meet a minimum of accountability requirements on the part of consumers. A final vote on federal privacy regulation is likely a long-way off, but Congress seems to now recognize the importance of the issue for businesses and consumers. Nearer-term information gathering efforts by legislators are likely to play a big role in shaping the final form of new federal data privacy regulation.
Provided by Natixis Distribution, L.P. 888 Boylston St. Boston, MA 02199. Natixis Investment Managers includes all of the investment management and distribution entities affiliated with Natixis Distribution, L.P. and Natixis Investment Managers S.A.