The privacy bill that exempts government and beefs up the FTC

in Reason on Share

Last week, a discussion draft of the American Privacy Rights Act was published.

Considering I’ve written about the need for a national privacy law for some time, I wanted to be sure I gave it a honest read. I will publish a more detailed summary on the Consumer Choice Center website here soon.

Herein you’ll find my Q&A with Reason Magazine Senior Editor Elizabeth Nolan Brown for her newsletter Sex & Tech (archive link), where I give a preliminary analysis on the bill.

On what’s not to like:

I think the outright veto on targeted advertising just does not make sense with how most companies and services offer things today. [Under this measure, “a consumer has the right to opt out of the use of their personal information for targeted advertising,” per Cantwell and McMorris Rodgers’ summary of the bill.] It’s not just social media companies, it’s also journalistic institutions and universities and small businesses that use Facebook ads or marketplace, or people who want to sell products online. If you gut the ability to do any kind of targeted advertising, you essentially make that business conduct illegal.

On what’s a good measure:

The things I like are preemption—that’s number one. Basically, every other state privacy law is essentially preempted by this national privacy law. The more stringent requirements in California or in Virginia will no longer apply, and it will just be the national privacy law that’s the law of the land. That’s good.

As I mentioned before, I think the data portability is good. It’s a great principle, and I think it’s very consumer-friendly, tech-friendly, and fairly reasonable.

The other one is transparency on what platforms or services collect. That is pretty standard fare. Most app stores do this. Most cell phones already do this. It’s generally a very good tech practice, it would just kind of be backed up by at least some portion of the law.

And the kicker:

Any other negatives?

The bill actually exempts any government agency from any privacy actions, so the government itself would not be subject to these privacy rules.

Wow. Of course. 

Just like when California’s—I think it was the database of concealed carry gun holders leaked. No crime, no foul. There’s no penalty, no problem. I think the same thing happened in the state of New York.

A lot of the government agencies…they use—like particularly the [National Security Agency]—they actually buy a lot of information from data brokers that they can’t get by a warrant. And basically, they’re not subject to any of these privacy rules, so they could basically continue doing that.

This idea that government is exempt from the privacy rules is pretty bogus and actually is contrary to the European [General Data Protection Regulation], in which governments are subject to private data privacy rules.

Check out Elizabeth’s newsletter here.