Following from the Cambridge Analytica scandal to the implementation of the California Consumer Privacy Act, there have been increasingly sophisticated discussions in the U.S. on how to address the virtually unfettered exploitation of our data. Yet it remains unclear how lawmakers will respond at the national level.
The U.S. lacks a comprehensive federal privacy framework. Instead, regulators have embraced a sectoral approach, meaning there is a patchwork of laws that give people in the U.S. only limited protections for certain types of data. This has fostered the development of business models based on extensive data collection and routine data misuse, manipulation, and abuse. There are repeated privacy violations and an endless series of catastrophic data breaches, but often little or no recourse for victims.
With increasing public pressure to take action, members of Congress have introduced or revived data protection proposals, we have been monitoring. Some of these proposals are regressive and may only serve to further entrench the prevailing business models that reward unchecked data collection and exploitation in the dark. Others are a solid starting point for a conversation about what is necessary to provide the data protection people in the U.S. and around the world desperately need.
As part of our effort to move the conversation forward, Access Now convened the Data Privacy Summit to examine data practices and the need for strong, comprehensive data protection in the U.S. Today, we share the Data Privacy Summit Outcomes Report, summarizing the event and its major takeaways. Privacy experts from across different fields engaged in an interactive dialogue, mapping the current data protection and privacy debate, identifying where consensus exists, and highlighting the issues where more clarity is needed.
Here’s a look at the key takeaways, which are explored in more detail in the report:
- Past is prologue: notice-and-consent has failed, and we should not repeat this failure.
- Privacy protections implicate a variety of interests, and Congress should seek to understand all those interests, with particular regard for marginalized communities.
- The U.S. must move beyond notice-and-consent to enact privacy protections that place the primary onus for safeguarding privacy on companies, not individuals.
- There is some agreement on the substance of privacy legislation, but significant disagreements continue to exist (notably, preemption and private right of action).
- Workable solutions will require a deeper understanding of data protection standards and policy.
- Passing a poorly crafted bill in haste would do more harm than good.
Raising the bar for privacy and data protection is vital for protecting human rights online, and it’s at the top of our 2020 U.S. agenda. We stand ready to help lawmakers develop a strong bipartisan federal privacy framework, drawing on the lessons we have learned in our work globally. We encourage you to reach out.