The FTC vs. a New Privacy Sheriff: Two Paths Forward for a National Privacy Standard

This past March 11, Rep. Suzan DelBene, a Democrat from Washington State, introduced the Information Transparency and Personal Data Control Act (H.R. 1816).  The bill is still in the initial stage of the legislative process, but much like Sen. Kristen Gillibrand’s ill-fated Data Protection Act of 2020, which is back for another shot at the title in 2021, will H.R. 1816 die even before it gets to a vote? 

This is the third time that Rep. DelBene has introduced a version of her bill.  The first time was on September 24, 2018 (H.R. 6864) and the second was on April 1, 2019 (H.R. 2013).  And, since we are not constantly debating the benefits vs. the shortcomings of our national privacy standard on LinkedIn and various daises around the country, it’s pretty evident that both previous iterations of the bill died before they received a vote.  It should be noted, and I believe rather undeservingly, that the second version received a mention in the Competitive Enterprise Institute’s (CEI) Terrible Tech 2.0 – The Most Burdensome, Anti-Consumer Technology Policy Proposals in Washington.  The CEI is a non-profit Libertarian think tank focused on public policy research, and the fact that they are not big fans of DelBene’s privacy bill does contain a dash of irony.  On their Charity Navigator page, the only big red “X” they received under the “Accountability & Transparency Performance Metrics” was that their Donor Privacy Policy did not measure up to the assessment organization’s criteria.  Shocking! 

The debate about why legislation around Federal privacy standards always seems to be doomed, has been raging for years.  At the end of the day, big business vs. consumers, preemption and private rights of action always seem to be the substantive causes of the impasse.  However, artificial intelligence might be able to give us even deeper insight.  Unfortunately, H.R. 1816 appears DOA if you put stock in A.I.’s ability to predict the successful passage of a bill – another fascinating topic which you can read about in this ancient article from Science.  The “Prognosis” feature on www.govtrack.us (developed by Skopos Labs) gives Rep. DelBene’s bill a not-so-encouraging potential passage rate of 3%.  “Now why 3%?” you ask.  The science behind it all is rather complicated, but the stated factors are as hilarious as the underlying algorithm is complex, namely:

  • – The bill’s primary sponsor is a Democrat (with independents in the mix, and VP Harris breaking any tie, Democrats have both houses though so I’m not too sure why this is a factor)
  • – The bill is assigned to the House Energy and Commerce Committee (is this a bad place to be?), and
  • – The bill’s primary subject is Commerce (which I immediately think would be a positive indicator under a mostly capitalist economy).
  •  

While the third time my be the charm for H.R. 1816, there also may be life after death for Sen. Kristen Gillibrand’s Data Protection Act of 2020 (S. 3300).  On June 17, 2021, Rep. Gillibrand announced an updated version of the Act – the Data Protection Act of 2021, which is more than twice the length of the 2020 version.  I must admit that it’s pretty fun to write in idioms, and as someone who sees the glass have full, and my belief that there is always light at the end of the tunnel, I really hope that comprehensive privacy protection at the federal level will take a turn from pushing up daisies.  The Biden Administration has as great an opportunity as any administration ever has to get it done.  A national privacy framework would have myriad benefits for individuals and bring us in sync with international standards.  We are trending in that direction, but hopefully, we can have some bipartisan breakthroughs and get over the historical impasses that have impeded even a baby step towards comprehensive federal privacy legislation. 

“BUT MATT!!  FOR THE LOVE OF ALL THINGS SACRED, YOU STILL HAVEN’T SAID WHAT THESE TWO BILLS ARE ALL ABOUT!”  Fair enough. 

Below I lay out brief summaries of H.R. 1816 and the yet to be numbered Data Protection Act of 2021.  The chart below is not meant to be a comparison as these two bills are very different in their purpose and substance, though they could be seen as two paths in the same direction.  The former is aimed at setting a national privacy standard through the FTC, and the latter forms a completely new and independent federal agency designed to safeguard the privacy of all Americans and promote fair information practices.  For those that want a little homework, comparing the changes in the versions of the Data Protection Act from 2020 to 2021 is very informative, though we don’t dive too deeply into those waters here (both versions are posted).  It is noteworthy that the 2021 iteration of the Data Protection Act takes a shift in terminology from 2020 focusing on “high-risk data practices” and “data aggregators,” which I comment on in the chart.   

Feddatabillstwo Page 1 Feddatabillstwo Page 2 Feddatabillstwo Page 3 Feddatabillstwo Page 4 Feddatabillstwo Page 5 Feddatabillstwo Page 6 Feddatabillstwo Page 7

Here are the links to those two FTC policy statements from the chart: FTC Policy Statement on UnfairnessFTC Policy Statement on Deception

Below are some great resources for further research.  The Brookings Institution reports are especially interesting, in particular, their commentary on the importance of legislative findings in privacy legislation, and their proposed findings for the 117th Congress.  

And here I have included an older piece about predictive technology in the legislative context from The Washington Post.  There is even such a feature in Westlaw Edge, which Rob Ambrogi wrote about over a year ago when it first came out HERE on his fantastic LawSites Blog.  Everyone should check out www.Lawsitesblog.com if you aren’t already familiar.  This A.I. functionality in Westlaw Edge was also featured in an ABA Journal piece, which you can read HERE.

We will follow the progress (or lack thereof) of both the Information Transparency & Personal Data Control Act (H.R. 1816) as well as the Data Protection Act of 2021.  Keep in mind that there are other proposed federal data privacy bills that deserve attention, including the Consumer Data Privacy and Security Act (S. 1494), the Social Media Privacy Protection and Consumer Rights Act of 2021 (S. 1667) and the SAFE DATA Act from 2020 (S. 4626), which still has legs, among others.  Many of these proposed bills may have an even better chance that either Rep. DelBene’s or Sen. Gillibrand’s proposals, but those aren’t necessarily difficult odds to beat if bill-passage-predicting A.I. knows a thing or two.   

Written by Matthew Knouff

Matthew F. Knouff, Esq., CIPP/US, CEDS, RCSP, VP & eDiscovery Counsel, CDS New York Matthew has been navigating the ESI and data law wilderness for over fifteen years as an attorney, consultant and academic. He currently serves as VP & eDiscovery Counsel with Complete Discovery Source, Inc., an award-winning global provider of eDiscovery and data management services and technology. He is an expert in eDiscovery law and process, global data privacy and the movement of data across borders. In addition to contributing to and holding leadership positions with several organizations dedicated to supporting the legal profession, he has developed numerous CLE programs and assessment tools, and frequently speaks and writes on various topics related to the intersection of data, law and technology. He holds the CIPP/US, CEDS and RCSP certifications, is an avid distance runner, an active board member with Education Through Music, a Tarheel through and through, and a life-long musician. Matthew lives with his son in New York City’s Lower East Side.

All author posts   |   LinkedIn