U.S. Privacy and Data Security Legislation Summary/Recap
Andy Kennemer, VP of Social Marketing & Media at Resource Interactive, recently attended the NRF Washington Leadership Conference, which included a meeting of the Shop.org Policy Advisory Group (PAG) meeting, of which he is a member. A major focus of the PAG meeting was the increased legislative focus on privacy and data security. Andy agreed to summarize some of the highlights for me to share here.
Legislation is cyclical, and we’re in a hot period right now.
The focus of our meeting was discussing in detail the various legislative actions in Congress regarding both online privacy and data security. These two issues are separate, but related, and the more they are mixed together in legislation, the more complicated and ambiguous it will make things for retailers and brands.
Last year we saw 3 main efforts:
- The FTC’s attempt to establish rule-making authority through a new US Privacy Framework proposal;
- Rep Boucher’s attempt to introduce an online privacy bill, which primarily would support the notion of consumer opt-IN to 3rd party tracking; and
- Sen. Pryor introduced a bill addressing Commerce Data Security.
The FTC is likely to release a final “staff report” on this matter sometime this year. The Boucher and Pryor bills never made it to the floor for debate.
This year, mainly in the last 3 months, we have seen a flurry of activity like never before.
Key privacy bills introduced this year:
- Sens. Kerry & McCain introduce broad privacy bill (4/12/11)
- Reps. Stearns & Matheson introduce broad privacy bill (4/13/11)
- Sen. Rockefeller introduces “Do Not Track Online” bill (5/9/11)
- Reps. Markey & Barton introduce “Do Not Track Kids” bill (5/13/11)
- Sens. Franken & Blumenthal introduce Location Privacy bill (6/15/11)
- Sen. Wyden & Rep. Chaffetz introduce “GPS” Privacy bill (6/15/11)
Key data security proposals:
- White House releases Cyber Security proposal (5/25/11)
- Sen. Leahy re-introduces Judiciary bill from 111th Congress (6/8/11)
- Dept of Commerce “Green Paper” on Cyber Security framework (6/8/11)
- Rep Bono Mack revises House-passed data security bill from 111th Congress (6/10/11)
- Sen. Pryor re-introduces Commerce Bill from 111th Congress (6/15/11)
With so much activity, it’s challenging to even keep track of everything, and which bills and proposals matter the most. There are a few of these that are gaining momentum that, as an industry, we need to watch. The Kerry-McCain bill, White House Cyber Security proposal, and potential final report from the FTC on the privacy framework will have the broadest impact to brands and retailers.
For now, the feedback from a congressional staffer who attended the meeting was:
- There is a fear of modernity within the government. What needs to be better articulated is how data collection is used to actually help consumers, to have a more relevant and enjoyable online experience.
- We need the voice of actual consumers. Right now consumer advocacy groups have influence, but it isn’t clear if they really represent the concerns of average consumers.
- Retailers have not adequately addressed the consequences of legislation, in terms of actual economic harm, or hindering innovation. Some sort of cost / benefit / risks analysis could be helpful (e.g., What does our online experience look like if advertising is not as effective? Are consumers ready to pay for services that are currently free and ad-supported?
This continues to be a complex and rapidly evolving area, and brands cannot afford to simply put their heads in the sand and hope it goes away. Legislation will get passed, but the extent and impact of that legislation is far from clear.