December 4, 2019
California’s landmark privacy law is set to go into effect on January 1. Ready or not, virtually all companies will need to comply with the new law if they want to do business in a state that — if it were a nation — would have the fifth largest GDP in the world.
But even its primary backers acknowledge the state’s rules are far from perfect. Plus, there’s the fact that roughly 290 million Americans don’t live in the state of California.
In its recent announcement that it would abide by California’s rules nationally, Microsoft declared privacy “a fundamental human right.” They’re right. But human rights aren’t any different in California than they are in Alabama, New York or New Mexico, Montana or Maine.
That’s a big part of the reason privacy is one of the few issues moving in Washington. It should come as no surprise that tech and telecom are among those clamoring loudest for national rules. The compliance maze of a state-level approach is daunting. Equally compelling, 82% of our customers say they support a national law to protect their privacy.
Summing up the current mood is Senate Majority Whip John Thune (R-SD), who observed in a recent hearing that “the question is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take.”
Members of Congress have been working diligently on proposals, and the Senate Commerce Committee is actively weaving these ideas together into draft legislation.
In terms of translating ideas into outcomes, one key question looms over all parties: will we retreat to our various corners and accomplish nothing — cancel culture at its worst — or will we come together to deliver on the tightly aligned interests of the American people and our innovation economy in one high standard of protection?
In private conversations that reach across the standard battle lines — Republican and Democrat, as well as business and consumer groups — there are broad areas of agreement. One is the preference for strong national protections.
Three states already have enacted laws — California, Nevada and Maine. Two dozen more are in the process of crafting their own approaches. They are far from consistent. For example, in Maine the proposed rules would apply only to broadband providers — leaving untouched the search, shopping and other internet giants that have drawn the lion’s share of scrutiny for their practices.
A Jackson Pollock-style approach to consumer privacy protections serves no one. It’s a virtually unsolvable compliance puzzle for borderless networks and services, with a burden that falls heaviest on those businesses that can’t afford armies of in-house attorneys and white shoe law firms.
A hodge-podge of swiss cheese protections also risks leaving consumers exposed. We are heading into the busiest travel season of the year. Imagine that road trip in a future where every state has its own rules. In California, you can get pretty far on Pacific Coast Highway. But a similar route on the East Coast’s I-95 will take you through at least 10 states — and the District of Columbia.
Is there a new set of disclosure, transparency and other practices that must be presented, reviewed and approved for each app and with each state line crossed? Who is responsible for making consumers aware what protections they have lost or gained each time they pass a “welcome” sign?
State leaders understandably want to protect their consumers in the absence of federal leadership. But a national privacy law is the only path to one consistent, cohesive and high standard that protects everyone, applies to everyone and puts the U.S. back in the global pole position — where it urgently belongs — defining the contours of a new connected era.