On Friday, FPF filed comments to the National Telecommunications and Information Administration (NTIA) in response to the Administration’s September 2018 Request for Comments on a federal approach to consumer privacy. The NTIA has requested input on the best approach to strengthen existing consumer data protections in the United States while promoting the administration’s high-level goals, including: enhancing legal clarity; reducing legal fragmentation; and increasing national and global interoperability.
As FPF writes on our comments, we believe the best federal approach to these issues is for Congress to draft and pass a national comprehensive consumer privacy law that would create baseline legal protections for individuals in the United States. In doing so, we recommend that such a law address issues of interoperability with existing federal sectoral laws and global privacy frameworks, and avoid creating conflicting requirements with existing frameworks in order to promote beneficial cross-border data flows (as an example, we have previously addressed many of the unintended consequences of various nations’ data localization laws). We also note that a national privacy law would be likely to preempt some similar state legislative efforts, both as a natural outocme of the Supremacy Clause and as a matter of policy to support a certain degree of clarity and consistency in businesses’ compliance obligations. We also believe that consumers should not expect to have fewer privacy rights — such as the right to access, correct, or delete information, or to exercise meaningful control over whether that information is used for unexpected purposes, shared with others, or sold — simply because they live in one state rather than another. However, we flag for the Administration certain key implementation questions that should be carefully considered — such as the effect of a national law on the role of state attorneys general, enforcement actions under generally applicable business practices laws, and existing state constitutional rights to privacy.
We also recommend that the Administration address a range of important substantive considerations of a draft bill, including:
- treating covered data with nuance in crafting legislative definitions;
- promoting internal accountability, oversight, and training;
- recognizing distinctions between sensitive and non-sensitive data; and
- creating incentives for socially beneficial uses of data and for technical solutions that can resolve privacy issues while supporting data utility
We commend the NTIA and the Department of Commerce for their engagement on this important issue, and look forward to continuing to engage with stakeholders on a federal approach to guaranteeing clear, consistent, and meaningful privacy and security protections in the United States.