Data Privacy ‘Grand Bargain’ Legislation Is Actually a Terrible Deal

Tech companies are trying to write data privacy legislation for lawmakers in the United States, and it’s not going over well.

Titled “A Grand Bargain on Data Privacy for America,” the screed lays out a “common set of protections” for how we handle data privacy stateside. That alone isn’t a bad idea, but it comes from the ITIF (Information Technology and Innovation Foundation) think tank in Washington D.C., which is funded in part by large tech companies.

Being backed by big tech isn’t always a negative, but a dive through the ‘grand bargain’ policies suggests there’s some heavy big-tech oversight here. In a nutshell, the document wants to repeal and replace existing data privacy laws with its own proposals, and goes so far as to suggest the policy preempt state laws.

Specifically, it wants to rescind existing federal laws on data privacy, exempt “de-identified” data (such as the ‘anonymous’ data Google and Facebook sell to advertisers) and publicly available information (which seems designed to thwart a ‘right to be forgotten law’ stateside). If that wasn’t enough, it also removes limits on data transfers across borders, and includes nine unique points to either “protect innovation” or “minimize compliance costs for U.S. organizations.”

This ‘grand bargain’ would mean California’s strict new privacy act would go away. The Health Insurance Portability and Accountability Act (HIPAA), which governs how your personal health data is handled and transferred, would also disappear. The Family Education Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA) would both vanish, as well.

Speaking with The Verge, COPPA author Senator Ed Markey (D-MA) stated: “As Congress works to provide the American people with a comprehensive federal privacy law, we should build upon—not dismantle—existing safeguards. Getting rid of COPPA is literally like throwing the baby out with the bath water.”

Senator Richard Blumenthal (D-CT) was equally dubious:

If Big Tech thinks this is a reasonable framework for privacy legislation, they should be embarrassed. This proposal would protect no one – it is only a grand bargain for the companies who regularly exploit consumer data for private gain and seek to evade transparency and accountability.

Big tech cannot be trusted to write its own rules – a reality this proposal only underscores. I look forward to rolling out bipartisan privacy legislation that does in fact “maximize consumer privacy,” and puts consumers first.

Many would argue that the U.S. needs a federal data privacy framework, but not one with such forgiving terms for tech companies that barter in personal information, and certainly not one that thwarts state efforts to further safeguard citizens/netizens. The “grand bargain” would effectively make Google and Facebook’s respective business models federal law, and you only need to take a quick peek at the tech news headlines from 2018 to know why that’s not what we need moving forward.