AP NEWS

It’s time for an online privacy law

March 24, 2019

People have turned over to the sovereigns of the internet private information about their habits and travels, likes and dislikes, politics and piety, material wants and unmet desires in a fashion unimaginable before the revolution that is the worldwide web and its social media denizens.

That information is sold and traded as a commodity, used to target us for products and force feed our political inclinations. There are no universal standards for how that information is protected or for giving people the power to limit its use or correct mistakes.

This must change.

We learned long ago that we need universal enforceable standards for safe travel, safe buildings, safe restaurants and drinking water supplies and that we need laws assuring privacy protections when we do our banking or apply for health insurance.

So why, then, have we allowed the internet to evolve as this largely unregulated domain? It is a mistake that needs correcting. Congress should pass a national online privacy bill that empowers consumers and requires everyone to play by the same rules.

Big Tech, which has spent years and many millions of lobbying dollars trying to avoid regulation under the guise that it would inhibit the collective creative genius and economic powerhouse that is the internet, is now recognizing it better work with Congress on this. Facebook, Twitter and Google are and will be regulated — it is a matter of whether that regulation is a state-by-state hodge-podge of rules or whether there is a universal federal standard. Big Tech would much prefer a federal standard.

California has already passed a tough data privacy law that is set to kick in next year. It gives Californians the right to know all data collected on them and to see it twice a year. They will be able to say “no” to the sale of their data information, but not face discrimination in accessing an app or website as a result. Californians will have the power to delete data they previously posted, learn which third parties their data was shared with and know the business purpose of collecting their information.

Meanwhile, the European Union’s General Data Protection Regulation offers citizens in the 28 EU countries broad privacy protections.

In the thick of this policy debate is Democratic Sen. Richard Blumenthal, who took to Washington when elected in 2010 the inclinations of the attorney general he was for 20 years in Connecticut.

Blumenthal, when I talked with him last week, said a bipartisan working group consisting of himself, Sen. Brian Schatz, D-Hawaii, and Republican Sens. Jerry Moran of Kansas and Roger Wicker of Mississippi, has been working to draft legislation.

Blumenthal made it clear who he thinks should control the data.

“The point is that it’s our data, it’s not theirs,” Blumenthal said. “The business model involves invading privacy. And if you want your privacy invaded you ought to be given that option, but it should be a conscious, informed choice.”

I also talked with Michelle Richardson of the Center for Democracy & Technology, an advocacy group fighting for passage of a comprehensive federal online consumer privacy law, about what it should include.

Like California, a federal law should allow individuals to access, correct and delete information collected about them, she said. There should be universal standards for securing private data safe from hackers.

Data collected should be restricted to primary marketing. Big Tech has no business tracking and storing information on where we’ve been or who we have been communicating with, she said.

Enforcing any regulations will require a Federal Trade Commission with larger and better trained technical staff and with strong fining authority, Richardson said.

The issue of “preemption” — whether a federal law would preempt state laws — is a possible sticking point. Big Tech wants a single set of federal standards, a position Republicans have backed, while many Democrats, including Blumenthal, are wary of usurping state authority.

Blumenthal said online federal privacy protections should be at least as stringent as existing privacy protection laws. If that were the case, and if state attorneys general were given the authority to enforce federal standards, perhaps a compromise on preemption can be reached, he said.

“Why should people in Connecticut have less privacy protection than Europeans or Californians?” Blumenthal rhetorically asked.

It appears to be a matter of when, not if, federal online privacy regulations become law. The sooner the better.

“The political dynamic here is so powerful because Americans really want privacy protection,” Blumenthal said. “There is strong momentum for a privacy protection bill.”

Paul Choiniere is the editorial page editor.