This week featured back-to-back privacy hearings on Capitol Hill to discuss principles for federal privacy legislation. With the one-year anniversary of the European Union’s General Data Protection Regulation implementation coming in May and the California Consumer Privacy Act taking effect in 2020, industry players that have fiercely lobbied against federal privacy legislation in years past are now suddenly calling on Congress to pass a comprehensive privacy bill this year. Here’s a quick look at what happened in each hearing and a few key takeaways.
Ever since the Facebook/Cambridge Analytica story broke, privacy has been the talk of the town in Washington, DC, and conventional wisdom is that Congress will begin debating comprehensive privacy legislation in earnest in 2019. In preparation, members of Congress are starting to drop their message bills and discussion drafts. Public Knowledge has evaluated each of the proposals so far, and we offer our initial take here.
Yesterday, the House of Representatives passed a new and improved version of the Music Modernization Act, following the Senate’s lead from last week. We had expressed strong reservations about the earlier iterations of this bill, and its impact on the public domain for sound recordings. We’re happy to say that after extensive negotiations spearheaded by Senator Ron Wyden, the new version of the bill brings these works more fully into line with with the existing copyright system for legacy works and finally allows these recordings to enter the public domain. The bill now heads to the President’s desk.
At the end of June, California enacted what has been billed as a comprehensive privacy law. By all accounts, it was a rush job, negotiated in a week behind closed doors in a desperate and successful attempt to keep Californians for Consumer Privacy Campaign Chairman Alaistair MacTaggart’s privacy initiative off the November ballot. As sometimes happens, the law’s proponents and a few reporters may have overhyped the legislation – both given its current contents and because many expect it to change before its effective date in January 2020.
Back in 2011, the Federal Trade Commission alleged that Facebook deceived consumers by failing to keep its promises to protect user privacy. The two parties agreed to settle the charges through something called an “agreement containing consent order.” The Commission also signed a consent agreement with Google that same year. The FTC issued a final Decision and Consent Order regarding the Facebook allegations in 2012. (A consent order is an FTC enforcement tool that operates like a legal settlement.) Without admitting to the complaint’s counts, the parties involved signed a document that basically says, “we both agree to enter this agreement to resolve the allegations in the complaint, so now you have to do the following things, and if you fail to do any of them, the FTC is going to impose financial penalties.”