The Drum: 2022 Data Privacy Forecast—Draconian Policies And An Ad Industry In Search Of Answers
On the heels of a handful of developments across the globe, including new data protection bills signed into law by both China and Saudi Arabia, experts speculate on how the data privacy legislative landscape will shape up in the coming year and beyond.
As 2021 draws to a close, Canada, Vietnam, South Korea and a smattering of countries around the world are reviewing proposed data privacy bills. India this summer introduced a new data protection bill, while recent amendments to Japan’s Act on the Protection of Personal Information will go into effect early next year and Australia is in the process of amending its 1988 privacy legislation. In the US, more than 25 state-level data privacy bills remain in limbo in committees across the country. Even with so much momentum, however, data privacy bills and amendments in the US and abroad are generally difficult to pass and sign into law. The pace of regulatory action lags far behind the pace of most market movements – and in lieu of comprehensive, consent-based data privacy laws on the national level, tech companies like Apple and Google are increasingly setting the ground rules for consumer data privacy and advertising industry groups are setting their own self-regulating standards. The Drum surveyed a handful of experts about what’s next for data privacy legislation. Here’s what they said.
Prediction 1: US federal legislation, though desired, remains a long shot
Jessica B Lee, partner and co-chair of privacy, security and data innovations, Loeb & Loeb: Achieving federal legislation is highly unlikely in the next year or two. Next year, we will be halfway through Biden’s first term and facing the midterm elections. In addition to pulling us out of the pandemic, addressing issues of the supply chain and inflation, Biden’s biggest priority will likely be passing his signature legislation, Build Back Better. While we have had a number of bills introduced and hearings and interest around privacy, I remain skeptical that enough political resources will be devoted to privacy before Build Back Better gets passed. We will have to see what the political landscape looks like after 2002. If the Democrats hold both the House and the Senate, then we may see privacy legislation before 2024. If they lose one [or the other], then I think we are in a legislative deadlock until 2024. The opportunity here is that comprehensive privacy legislation is desired by both parties, consumer advocates, and industry – everyone wants to see this happen. The question is how and what form it will take and its hashing out those sticking points – particularly around the scope of preemption and a private right of action that will slow the process.
Stu Ingis, coordinator, Privacy for America: Passing comprehensive federal privacy legislation remains a real possibility, because unlike many policy debates, there is actually a great deal of consensus across the ideological spectrum. A full 92% of voters – including 95% of Democrats and 89% of Republicans – say passing federal privacy legislation is very or somewhat important, according to a recent survey commissioned by Privacy for America… This means we have both a significant opportunity and a significant need to create a national privacy standard, and federal policymakers must prioritize doing so. We remain optimistic that they will. An additional impetus to action is the growing patchwork of state laws that confuse consumers, increase compliance costs for businesses, and threaten the many benefits that accompany the responsible use of data. The FTC will propose broad privacy rules next year at the same time as Congress is debating these issues. While the advertising industry would welcome uniform privacy rules, creating law through regulatory fiat is a recipe for bad policy that could have negative implications on important business practices and the economy.
Fiona Davis, chief operating officer, Captify: The news from the Biden administration this week [that the National Telecommunication and Information Administration – part of the US Commerce Department – will hold ‘listening sessions’ and solicit input on the interplay between privacy, equity and civil rights] is the country’s first step towards a stronger stance on data privacy legislation and indicates that there is definitely a strong appetite in the US for greater consumer privacy laws. [California, Virginia and Colorado] have already approved legislation, and many others are already well underway… Over time, states will likely make various adjustments to their own laws based on what’s working and not working… but without an overarching federal framework, state-based legislation will continue to drive the privacy agenda in the US.
Arielle Garcia, chief privacy officer and senior vice-president of business operations and compliance, UM Worldwide: It does not appear likely that there will be a comprehensive federal privacy law passed within the next year. It is more likely that the Federal Trade Commission will continue to take a broad read on its role in enforcing existing law, as we saw with their recent policy statement [on data breaches by health apps]. It’s also likely that more limited federal proposals dealing with high-priority, privacy-related and privacy-adjacent issues will advance, such as enhancements to children’s privacy, as well as social media and algorithmic transparency. The two main sticking points on comprehensive federal law hindering bipartisan alignment have been preemption and private right of action, and there does not appear to be sufficient progress towards consensus on these issues.
Want to find out more? Read the full article on The Drum.