Is the Path Clear for the Federal Data Privacy Legislation in 2021?

Senate Commerce Committee Holds Hearing On Consumer Data Privacy
WASHINGTON, DC - OCTOBER 10: Center for Democracy & Technology President and CEO Nuala O'Connor (R) testifies along with (L-R) European Data Protection Board Chair Andrea Jelinek, Californians for Consumer Privacy Board Chair Alastair Mactaggart and Georgetown Law Center on Privacy and Technology Deputy Director Laura Moy before the Senate Commerce, Science and Transportation Committee about consumer data privacy during a hearing in the Russell Senate Office Building October 10, 2018 in Washington, DC. Witnesses answered committee members' questions about the European Union's General Data Protection Regulation and the California Consumer Privacy Act. Photo by Chip Somodevilla/Getty Images

In 2018, Congress got the ball rolling to pass the federal data privacy law. However, prospects of a swift passage dimmed in 2019 due to deepening rifts among lawmakers over the legislation's implementation.

In the meantime, many states have already passed local privacy laws. Internationally, the European Union was the first off the mark after it passed the General Data Protection Regulation (GDPR). As Congress drags its feet, countries like China, Canada, Argentina, and Brazil have already enacted their data privacy laws.

According to a Business Insider report, Congress' inaction has created a vacuum. As a result, companies are navigating a complex regulatory patchwork in which clarity is relatively scarce. This vacuum turned the California Consumer Privacy Act (CCPA) and the GDPR into the de facto baseline for data privacy compliance.

Mark Richards of LaScala IT also expressed concern that the vacuum created by the impasse at Congress. He noted that tech companies find the situation liberating and constrictive. On the upside, the Democrats' majority in the House and Senate looks set to propel proceedings in the right direction.

What Are the Experts Saying?

Many technology and privacy experts are hopeful that the new dispensation will finalize the legislation. Privacy expert Peter Swire believes Congress is finally on the cusp of concluding the comprehensive privacy law. He stated that 2021 is America's best chance to wrap things up.

Alexander Freund of 4it Inc. concurs with Swire on the topic. The IT expert believes this session will get things done, thanks to the prevailing bipartisan support. He also noted that an increasing number of lawmakers are aware of the role played by tech companies in gathering private information via social media and other platforms to boost profits.

Guy Baroan of Baroan Technologies stated the time is now for Congress to get its act together and pass the legislation, given several states have already made their move. He believes lawmakers will agree to enact the federal privacy laws during this session.

What's Likely To Be Included in a Comprehensive Privacy Bill?

Although questions remain about which proposals will stand out once the legislation passes, most analysts agree that private data rights will rise to the top. Related proposals focus on rights to access, portability, and correction. Likewise, tech companies' responsibilities are a prime focus area.

Alexander Freund noted that in any major privacy bill, he expects lawmakers to hold tech companies accountable for the information posted on their platforms. He also foresees the legislation incorporating additional protection, enabling users to determine how platforms use their data. Congress is more likely to impose additional penalties for companies failing to guarantee privacy protection for users' data.

Baron sees the federal data privacy law following in the footsteps of California's CCPA and New York's Stop Hacks and Improve Electronic Data Security (SHIELD).

He expects the privacy law to compel platform providers to give users the option to opt-out of data collection schemes. Tech companies are more likely to become legally obligated to notify users about cyber breaches. For Baroan, transparency is an essential part of privacy legislation.

He went on to lambast the lack of consistency in terms of privacy legislation across various states. The IT expert expressed concern that companies face difficulties complying with several dissimilar laws due to the lack of regulatory consistency.

What's the Possible Impact on the Tech Industry?

Cameron Call of Network Security Associates, Inc. stated the bill is likely to include the right to be forgotten. This rule compels tech firms to remove users' personal information from databases when requested. He also noted that this directive might be tricky to implement for platforms, given the possibility their systems' may not support automatic deletion of user information.

The information technology specialist also pointed out that social media platforms and other tech companies may face challenges because they need to keep data. He wondered how the firms would navigate the new requirements. Could they anonymize the data in the system, and how will they deal with backups? Backups make any attempts at micro manipulation difficult.

For Alexander Freund, the impact on tech firms will be significant since major players like Facebook and Google rely heavily on advertising revenue. To keep advertisers pouring a large amount of money, these companies need users' private information to enhance ad targeting. At the same time, most free services available online use this business model. If the law permits users to opt-out of data collection, tech firms will face dire consequences.

Guy Baroan sees the legislation becoming a burden on tech companies. They must implement uncomfortable changes to their platforms to ensure compliance. On the bright side, Baroan hopes the changes will create an opportunity for tech firms to adapt their business models and improve services. In the end, the companies will bolster data protection and privacy.

Real Time Analytics