No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

U.S. Privacy Law in the Making

Ongoing Republican and Democratic Efforts to Enact Privacy Legislation

by Logan Finucan
April 9, 2020
in Data Privacy, Featured
young plant growing from law book

Access Partnerships’ Logan Finucan addresses nascent U.S. privacy laws and what a comprehensive federal privacy law might look like.

2020 is unlikely to be the year that a U.S. comprehensive privacy law is passed, although developments in the coming months may generate traction and set the direction of travel toward an eventual law that will have impacts at least as consequential as the EU’s GDPR.

The Congressional Grind

Debates in the U.S. Congress regarding comprehensive privacy legislation have been underway for some time. Long championed by consumer advocates and supportive members of Congress, it took high-profile scandals like Cambridge Analytica, as well as a major looming state-level measure – the California Consumer Privacy Act (CCPA) – to force Congress to finally take action.

Privacy is one of the few issues in Congress where there is a bipartisan consensus that something must be done, as well as – surprisingly – a bridgeable gulf between the two parties. While taking aim at the technology industry, Republicans also want to shield business from the burdens of CCPA compliance in addition to the EU’s GDPR, as well as put a stop to possible state-level requirements that would prove unmanageable for business. Many Democrats are also happy to join in the with the tech-bashing and are using political momentum to stir demands for individual protections.

Congressional discussions took place largely behind closed doors throughout 2019, as committee staff negotiated and built support within the House and Senate for several measures. Toward the end of 2019, some of this effort began to materialize, with drafts representing the Democratic (Consumer Online Privacy Rights Act) and Republican (U.S. Consumer Data Privacy Act) positions at the Senate Commerce Committee, as well as a bipartisan draft from the House Energy and Commerce Committee.

The CCPA Effect

The primary motivator for Congress to act on privacy was the passage of the progressive California Consumer Privacy Act (CCPA). Its strict provisions – not fully aligned with the GDPR – are rapidly becoming a de facto national standard as companies work to comply with provisions that allow them to operate on a national scale and other states are set to adopt a similar model. Despite the costs, many businesses have committed significant resources to comply with the CCPA rather than jeopardize their access to the largest digital market in the United States.

Congress has now missed its deadline to introduce a federal law to preempt the application of the CCPA, which came into effect on January 1, 2020. Despite large businesses initially pressing Congress to intervene, as many companies have worked to comply, the urgency of undoing the CCPA diminished. However, this doesn’t necessarily remove the need for a federal law. Other states have followed or will soon follow in California’s footsteps and are likely to do so in ways that make it more complicated for business. Given the trajectory of debates in Congress, the CCPA is increasingly looking more like a floor for federal protections that may pass the current Congress, not a ceiling the left is reaching for.

Reading Between the Bills

Different visions for what a comprehensive federal privacy law should look like have been put forward. Some fairly stripped down, principle-based bills have already been presented, such as Senator Brian Schatz’s Data Care Act and Representative Suzan DelBene’s Information Transparency and Personal Data Control Act.

However, the most recent drafts are much more detailed, elaborating more on obligations, roles and responsibilities. This presents interesting trade-offs for businesses: stripped down measures that provide non-prescriptive but sometimes vague standards, or more articulated approaches that in some ways may be more stringent but provide greater clarity and certainty for business on what their obligations will be. Regardless of what business might prefer, the choice between the two approaches may now be out of industry’s hands, as both Republicans and Democrats seem to be leaning toward bills that are more detailed and comprehensive.

Perhaps to the disappointment of Europe, this doesn’t necessarily mean that resulting legislation will be a flavor of the GDPR. U.S. lawmakers are finding new and creative ways of structuring rigorous privacy obligations. Democratic Senator Brian Schatz’s bill would create novel duties of “care,” “loyalty” and “confidentiality” for online businesses gathering and processing personal data, for example. Several other bills contain protections or heightened scrutiny related to algorithmic decision-making. The Democratic Eshoo-Lofgren Online Privacy Act in the House would even enshrine a “right to human review of automated decisions” and a “right to individual autonomy,” requiring affirmative express consent for algorithmic personalization based on behavior. Republicans are also experimenting with novel approaches in this area; Senator John Thune’s “Filter Bubble Transparency Act” would require companies to provide mechanisms to access “non-personalized” versions of services.

How Likely is a Compromise?

Despite some challenges, Republican and Democratic sides in the Senate have converged to a significant degree. In the Senate Commerce Committee, there have been signs of accommodation by Republicans, led by Chairman Roger Wicker, on the topic of private rights of action, as well as some movement by Democrats led by Senator Maria Cantwell on partial preemption of state-level measures.

Chairman Wicker himself has indicated that Senate Republicans may be prepared to acquiesce to many Democratic standards to preempt state measures. It’s possible to envision a compromise privacy bill in which the two sides agree on CCPA-like standards, with a limited private right of action.

Ultimately, however, the substance of the bill will not be the determining factor of its realization in 2020, but rather the timing of the political calendar. It is always difficult to tick items off the political agenda during an election year, and the legislative process will soon grind to a halt. Given the impeachment trial of President Trump in the Senate and the even broader coronavirus crisis, this year will be far more challenging to introduce any legislation, including privacy. All the while, businesses will be adjusting to the newly enforced CCPA.

What to Expect Next

The first few months of 2020 will provide a significant indication of the trajectory for a new federal privacy law in the U.S. After a breakdown in bipartisan Senate talks, Commerce Committee Democrats and Republicans decided to stake out their respective positions and decamp for the holidays. While this could create space for quiet talks of compromise, it could just as easily allow the process to wither on the vine. Perhaps Senator Schatz said it best: “Sometimes this is a precursor to a deal, and sometimes it’s a precursor to it all falling apart, and I guess we’ll have to find out which one this is.”

Watch for any new overtures between Chairman Wicker and Senator Cantwell. If such efforts really have run their course, a new bipartisan proposal from Senators Jerry Moran and Richard Blumenthal could inject new momentum into the Senate process if unveiled at the right time. Regardless, if significant steps are not taken in Q1 — even if they avoid being trampled by the health crisis — the initiative is likely to be overwhelmed by the election. After November 3, 2020, what will happen in terms of privacy legislation remains unclear, with potential for a new President or Congressional leadership in 2021 — or perhaps, the current ones again.


The pieces in this series have been extracted from a larger report by Access Partnership on the trajectory of tech policy in 2020. The next installment will discuss how data sharing regulations might “heat up” in 2020.


Tags: California Consumer Privacy Act (CCPA)
Previous Post

Employers Face Tough Pay Decisions Amid the Coronavirus

Next Post

COVID-19 and Working from Home: Enforcement Implications

Logan Finucan

Logan Finucan

Logan Finucan is Senior Policy Manager, Data Policy & Trust at Access Partnership, a global public policy consultancy for the tech sector. Logan supports the implementation of advocacy strategies of several leading ICT clients including device manufacturers, electronic and network service providers and satellite operators. He regularly provides analysis on key markets in the Asia-Pacific region, supports campaigns to shape spectrum management policies and advises on the U.S. legislative process. Areas of expertise include international trade regulations, data protection laws, Internet governance and multilateral processes. Logan holds a master’s in International Relations and Economics, specializing in European and Eurasian Studies, from the Johns Hopkins University School of Advanced International Studies in Washington DC. He also holds a bachelor’s in Political Science and International Studies from Loyola University, Chicago.

Related Posts

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

cpo and ciso

Allies in Privacy, Security & Compliance: Why Closer Collaboration Between CPOs and CISOs Benefits Everyone

by Maria D'Avanzo
September 28, 2022

As a former chief privacy officer (CPO) of a publicly traded commercial real estate services firm, Maria D’Avanzo worked in...

snooping on private data

Survey: Leaders Claim to Be Ready for State Privacy Laws; Few Actually Are.

by Staff and Wire Reports
June 29, 2022

With state laws looming, where do companies actually stand today? A Womble Bond Dickinson survey examined current corporate preparedness along...

Vector of a cybersecurity worker monitoring servers.

Cybersecurity in 2022: More Acceleration, More Sophistication

by Mathieu Gorge
January 19, 2022

In 2022, nations and organizations around the world will continue working to protect customer data against hackers and accidental breaches....

Next Post
illustration of geographically disparate team all working from home

COVID-19 and Working from Home: Enforcement Implications

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT