Director of Client Services, 8+ Years of Client-Facing Project Management & Digital Marketing Expertise
September 13th, 2019
On September 10th, executives at leading US companies sent a letter via The Business Roundtable to Congress urging them to create federal privacy regulations.
In simplest terms, the letter stated, “We write to urge you to pass, as soon as possible, a comprehensive consumer data privacy law that strengthens protections for consumers and establishes a national privacy framework to enable continued innovation and growth in the digital economy.”
The letter brought together executives from companies like AT&T, Amazon, American Express, Bank of America, and Ford — all requesting action from Congress on this important subject.
With other regulations like GDPR in Europe, and the California Consumer Privacy Act going into effect on January 1, 2020, a nationwide approach to data protection and privacy is certainly overdue. Right now, companies in the US are stuck with reading multiple laws and patching together their digital data processes to ensure they don’t violate anything.
If this letter were to get a reaction and prompt some legislation, what might these laws look like, and how would they impact businesses and consumers?
What could federal privacy regulations look like?
Of course, no one knows for sure what federal data privacy laws would be until a proposal is written, but this letter from executives of US companies urged Congress to take action and discuss — though does not explicitly state suggestions.
However, the letter does recommend that a federal law supersede state regulations:
“Now is the time for Congress to act and ensure that consumers are not faced with confusion about their rights and protections based on a patchwork of inconsistent state laws. Further, as the regulatory landscape becomes increasingly fragmented and more complex, U.S. innovation and global competitiveness in the digital economy are threatened.”
They foresee that if a federal law isn’t passed, other states will create similar (but potentially different) regulations to the bill California passed last year.
California’s bill, which goes into effect on January 1, 2020, includes the following requirements:
Businesses must disclose what information they collect, what business purpose they do so for and any third parties they share that data with.
Businesses would be required to comply with official consumer requests to delete that data.
Consumers can opt out of their data being sold, and businesses can’t retaliate by changing the price or level of service.
Businesses can, however, offer “financial incentives” for being allowed to collect data.
California authorities are empowered to fine companies for violations.
Because this bill was passed in California, the federal laws could incorporate some or all of these California-based regulations, but until they do, companies will be forced to adapt their policies based on user location.
The US could also look to GDPR standards as an influence on writing our own data privacy laws.
The potential impact on businesses
It would be simpler for businesses to comply with and understand a single federal set of rules rather than a potential patchwork of state laws.
Many businesses in the US have voluntarily educated themselves on GDPR and met requirements, but there certainly are plenty of businesses across the US that do not understand or follow these data privacy regulations.
So, if the US were to pass a law, it’s safe to assume that many businesses would need to be educated on how to follow regulations — and the repercussions of not following.
There would need to be widespread education and resources for businesses to understand any law, as well as a lengthy roll-out period.
The potential impact on consumers
US consumers need some federal guidelines. GDPR went into effect a year and a half ago, and the US doesn’t even have legislation on the horizon.
Consumers would see only the benefits from laws like these. There would be no action required, but certainly more opportunities to understand the data being collected and how to manage it.
Though we’re not anywhere close to having federal data privacy regulation, it’s encouraging to see that influential businesses are starting the conversation.
It will be interesting to see where this goes — which will be soon, hopefully.