Efforts to pass U.S. federal legislation to protect data privacy could be gaining steam as interest continues to build around establishing accountability and containing the ever-expanding power of big tech companies. A recent panel hosted over LinkedIn Live by the International Association of Privacy Professionals (IAPP) considered likely facets of potential federal data privacy legislation.
Since the beginning of this century, several bills have been introduced but consistently failed to gain traction. However, of late both the public and politicians have become increasingly concerned over how data is gathered, stored, used, and even sold.
Other federal data protection legislation, such as the Healthcare Insurance Portability and Accountability Act (HIPAA), reach as far back as 1996, when HIPAA was signed into law. But compliance with the HIPAA Privacy Rule and the HIPAA Security Rule wasn’t required until 2003 and 2005, respectively. In the European Union (EU), the General Data Protection Regulation (GDPR) legislation didn’t come into full effect until 2018.
At the U.S. state level, the California Consumer Privacy Act (CCPA) became law in 2018 and took effect at the beginning of 2020. The CCPA created consumer privacy rights as well as business obligations regarding the collection and sale of personal information.
While discussing the current Congressional environment, the IAPP data privacy panel considered the following factors of possible data privacy legislation:
• What constitutes sensitive covered data?
• What types of entities—such as credit card processors versus data brokers—should be required to comply with data-privacy measures?
• Should legislation apply only to entities that meet an annual revenue floor?
• Should carve-outs be included in federal legislation to allow additional state-level data privacy measures in areas such as student privacy, landlord-tenant relationships, or employer-employee relationships?
• Is consensus currently possible around issues such as biometrics and algorithmic decision-making about data?
Panelist Sara Collins, Senior Policy Counsel at Public Knowledge, wrapped up the LinkedIn Live panel discussion by saying, “All the stakeholders are there; we know what needs to happen. This really is a very opportune moment to have something bipartisan that can move in a [tech accountability] package when everybody wants to do something about big tech.”