Enough, we need a federal privacy law
Congress is reportedly attempting again to forge a federal privacy law. Legislators have no excuse not to succeed at last.
The obstacles that remain require careful negotiation. They don’t, however, require years or even months of study.
The last best hope for federal privacy legislation arrived with the introduction of dueling bills by Sen. Maria Cantwell, DWash., and Sen. Roger Wicker, R-Miss., toward the end of 2019, coupled with a bipartisan draft discussion bill in the House of Representatives. These initiatives all took more or less the same line on individuals’ rights to access and control their data. More surprising, and more encouraging, they opened the door to obligations for businesses not to abuse consumers’ information - rather than merely to ask before doing so. Ideally, lawmakers would reformulate these obligations as what advocates and academics have dubbed a duty of loyalty and a duty of care that require reasonable policies and practices and prohibit harmful ones.
Two issues, however, still prove vexing: pre-emption, or whether federal rules should override state ones, and a potential private right of action by individuals who allege they have been harmed. There are ways to split the difference as long as a nationwide law is sufficiently robust, it should pre-empt state laws that are inconsistent, while allowing local strictures to stand that fill gaps. As for the right to sue, individuals should be empowered to seek redress.
Congress has already demonstrated impressive progress on drafting a federal privacy law. Admirable as that is, it would make failure this time around only more disappointing.