We should expect some relatively fast action on privacy regulation in the U.S., E.U., and Brasil. All had been working on privacy legislation, but public knowledge that Brazil’s and E.U. leaders’ phones were US-bugged caused those leaders extreme embarrassment. Today, they think privacy regulation is the flame retardant needed to quench burning hair. Strong-sounding privacy regulations might reassure some citizens that their country’s secrets are once again safe. Even before her bugged phone became public knowledge, Dilma Rousseff of Brazil was juggling a restive public and an unhealthy economy. Now, her privacy law demands that Brazilian’s data be stored only in Brazil – a safeguard corporations may follow. But for the criminals and sovereigns who do the most harm, Brasil’s demand is irrelevant.
Suddenly, a lot is riding on a robust-looking consumer privacy law. The US will need to negotiate a set of regulations that harmonize with the E.U.’s data rules. That step could avert pending restrictions on commercial trans-border data flows for US companies, a serious issue in this time of Big Data and Cloud technologies.
In the US, a clutch of privacy regulations had been under discussion at the National Telecommunications and Information Agency, and at the Federal Trade Commission (FTC). It is unclear what those regulations might eventually become, but they should address landline and wireless telephone privacy and Internet privacy. Technologies that intertwine to support highly related functions should not be Balkanized across separate regulatory fiefdoms. Give the topic to the FTC or give it to the Federal Communications Commission, not both. Attention to NSA surveillance is needed, but not under the FTC’s design.
The FTC should assert specific consumer protections and not allow industries to devise their own code of surveillance conduct. The regulations should call for opt-in not op-out, and the FTC should have a clear enforcement authority. If the bill lectures consumers on their duty to use antivirus software like Norton and Lookout, then we’ll know the exercise is vacuous – another arrogant campaign speech. More likely we can expect finishing touches to be quickly applied and the bill released with fanfare as the White House’s “decisive action on consumer privacy.”
American Consumers have shown strong distaste for the unbridled invasions of adware and tracking cookies. If a new federal “consumer privacy law” can be sufficiently hyped, it might divert US voter attention from government’s shameless spying on innocent US citizens and allied leaders. Although they are grateful to hide behind a “classified” stamp, the Administration, Congress, and hundreds of thousands of federal employees and contractors knew in some detail what NSA was up to. A bill that directly reins-in NSA would work even better than a diversionary tactic, provided it does not emasculate NSA’s legitimate security role. But don’t expect a bill that offers protection from criminal and foreign sovereign hackers.
The sense of political urgency may call for double-time crafting of privacy regulations. That may hamper a serious benefit-cost analysis of those regulations. Digital privacy has shown “thorny definitional disputes and highly subjective valuations of harm” [and] “intense cultural overreactions.” These challenges likely explain our glacial progress in updates to privacy regulations. But skipping an adequate review could leave flawed rules sabotaging the interests of hundreds of millions of American consumers each day. A competent benefit-cost analysis would tell us how much that hurts.
Alan Daley is a retired businessman who lives in Florida and who writes for The American Consumer Institute Center for Citizen Research