By Charles McDermid
Flash back six months ago to November and the U.S. government faced a stream of data privacy legislation.
Several heavyweight bills were before a Congress still calculating Washington’s relationship with Big Tech after the fiasco of the 2016 election.
In a Pew Research Center survey that month, more than 80% of Americans felt they had little or no control of their personal data after it was collected by the government.
The momentum went nowhere.
The drumbeat for federal privacy legislation produced a logjam of proposed measures, most of which seemed derailed from the start by partisanship, timing or lack of scope.
The COVID-19 pandemic has only amplified cries for a data-regulation framework, making a crowded space even more noisy and complex. Yet national debate on this crucial issue appears to be going nowhere — even as the presidential race resurfaces above the health crisis.
Consider last November. Within a few weeks, several bills were introduced that might provide an outline of what will become the first comprehensive U.S. law on personal data protection. The Electronic Privacy Information Center (EPIC), an independent Washington-based nonprofit, has scored all the measures.
Flurry of Bills
In chronological order, the first was the Online Privacy Act put forward by two California Democrats, Reps. Anna Eshoo and Zoe Lofgren.
The Silicon Valley lawmakers described the bill as “sweeping legislation that creates user rights, places obligations on companies to protect users’ data, establishes a new federal agency to enforce privacy protections, and strengthens enforcement of privacy law violations.”
The Online Privacy Act has drawn support from public interest groups and privacy experts, including Shoshana Zuboff, a Harvard professor and author of “The Age of Surveillance Capitalism.”
Next, Sen. Maria Cantwell, D-Wash., the ranking Democrat on the Senate Commerce Committee, released the Consumer Online Privacy Rights Act (COPRA).
The legislation would protect state laws from federal preemption and allow American consumers to sue tech companies that misappropriated their data, an attribute described by Republicans as a “nonstarter.”
Sen. Roger Wicker, a Mississippi Republican and head of the Commerce Committee, responded a few days later with the U.S. Consumer Data Privacy Act, which Reuters said would “set nationwide rules for handling of personal information online and elsewhere and override state laws.”
Wicker said his draft mostly aligned with Cantwell’s bill, but he insisted on a “nationwide standard” for consumer data protection.
Urgency Meets Inaction
As EPIC points out, more than a dozen privacy bills now are before Congress.
Aside from the latest generation of bills and drafts from November and December, the measure with the most support is the Data Protection Act, put forward by New York Democratic Sen. Kirsten Gillibrand.
The bill, introduced in the Senate in February, would replace the beleaguered Federal Trade Commission with “a U.S. Data Protection Agency with the resources, authority and enforcement powers to protect personal data.”
Caitriona Fitzgerald, EPIC’s policy director, said after the legislation’s introduction, “Because the FTC has failed time and time again to protect America’s privacy, we need to have a new agency to be the cop on the beat and look under the hood.”
After the party-line bills were presented by Cantwell and Wicker, Republicans and Democrats on the House Energy and Commerce Committee released an untitled draft that aimed to bridge the differences by avoiding language about state privacy laws or the right to sue over breaches.
One account praised the bipartisan effort as “bringing Congress one step closer to passing a law to rein in the tech industry’s unregulated collection of personal information on its millions of U.S. users.”
But don’t hold your breath: As of this week, no meetings were scheduled for any of the bills or drafts pending on Capitol Hill.
Charles McDermid is a writer based in Asia.