The Messy Progress on Data Privacy

The latest attempt to create the first broad national data privacy law in the United States is causing typical nonsense in Washington. But from the mess in Congress and elsewhere in the US, we’re finally seeing progress in defending Americans from the unrestrained information-harvesting economy.

What is emerging is a growing consensus and a body of (imperfect) laws that give people real control and companies more responsibility to tame the almost limitless harvesting of our data. Given all the bickering, tacky lobbying tactics and gridlock, it might not look like winning from up close. But it is.

Let me zoom in on the big picture in the US tech companies like Facebook and Google, recently unknown data middlemen and even the local supermarket harvest any morsel data we could help their businesses.

We benefit from this system, including when businesses find customers more efficiently through targeted ads. But the existence of so much information on virtually everyone, with few restrictions on its use, creates conditions for abuse. It also contributes to public mistrust of technology and tech companies. Even some companies that have benefited from unrestricted data collection now say the system needs reform.

Smarter policy and enforcement are part of the answer, but there are no quick fixes – and there will be downsides. Some consumer privacy advocates have said for years that Americans need a federal data privacy law that protects them no matter where they live. Members of Congress have discussed, but failed to pass, such a law over the past few years.

The weird thing now is that big companies, policymakers in both parties and privacy die-hards seem to agree that a national privacy law is welcome. Their motivations and visions for such a law, though, are different. This is where it gets frustrating.

A consortium that includes corporate and technology trade groups has been kicked off a marketing campaign recently that calls for a federal privacy law – but only under very specific conditions, to minimize the disruption to their businesses.

They want to make sure any federal law will overrule stronger state privacy laws, so businesses can follow a guideline rather than dozens of potentially conflicting ones. Businesses may also hope that a law passed by Congress is less disruptive to anything than the Federal Trade Commission, which now has a Democratic majority, implements.

This is one of those legislative tugs of war that unseemly advocates long-term consumer privacy to watch out and enraging. Evan Greer, director of the digital rights group Fight for the Future, told me that corporate lobbyists are supporting “watered-down, industry-friendly laws that offer privacy in name only.”

Behind the muck, though, there is an emerging agreement on many essential elements of a federal privacy law. Even the biggest sticking points – whether a federal law should override stronger state laws, and whether individuals can sue over privacy violations – now seem to have workable middle ground. One possibility is that federal law would overrule any future state laws but not existing ones. And people may be given the right to sue for privacy breaches under limited circumstances, including for repeat violations.

Laws are not a cure-all for our digital privacy mess. Even smart public policies produce unwanted trade-offs, and sometimes poorly designed or inadequately enforced laws make things worse. Sometimes new laws can feel pointless.

Most people’s experience with Europe’s sweeping 2018 digital privacy regulation, the General Data Protection Regulation or GDPR, is annoying pop-up notices about data tracking cookies. The first two of California’s digital privacy provisions in theory give people control over how their data is used, but in practice often involve filling out onerous forms. And recent data privacy laws in Virginia and Utah have given industry groups what they want.

Is any of that progressing on protecting our data? Kinda, yes!

Some privacy advocates may disagree with this, but even imperfect laws and a shifting mind-set among public and policymakers are profound changes. They show that America’s data-harvesting system of defaults is unraveling and more responsibility is shifting to data-collecting companies, not individuals, to preserve our rights.

“Progress looks like not completely perfect lawsuits; There is no such thing. It looks like fits and starts, “Gennie Gebhart, the Activism Director for the Electronic Frontier Foundation, a privacy advocacy group, told me.

I don’t know if there will ever be a federal privacy law. Gridlock rules, and such regulation is tricky. But behind the lobbying and the indecision, the terms of the debate over data privacy have changed.


  • Yikes in cryptocurrencies: The prices of Bitcoin and other cryptocurrencies have been steadily declining, which my colleague David Yaffe-Bellany said shows that cryptocurrencies are constantly resembling risky tech stocks.

    Also, the virtual currency TerraUSD is supposed to be worth $ 1 each, and it has collapsed far below that level. Here’s why that’s a big deal, from my colleagues at DealBook.

  • The local florist now delivers for Amazon: To speed up deliveries in rural parts of the US, Amazon has been experimenting with paying small businesses a few dollars per package to deliver orders to nearby homes, Recode reported.

  • Instagram believed that a new dad was interested in “disability” and “fear.” A Washington Post columnist explores why disturbing images interrupted his newborn’s Instagram feed and advocates a way to reset social media algorithms when they don’t work for us. (A subscription may be required.)

Puppppppy coming straight for your faceChat Lounge


We want to hear from you. Tell us what you think of this newsletter and what else you like to explore. You can reach us at ontech@nytimes.com.

If you don’t already get this newsletter in your inbox, Please sign up hereGeneral Chat Chat Lounge You can also read past On Tech columnsGeneral Chat Chat Lounge

Leave a Comment