On January 14, 2019, a think tank composed of tech industry giants such as Google, Amazon, and Microsoft offered a “’Grand Bargain” to Congress and the American people alike. The Grand Bargain, authored by The Information Technology and Innovation Foundation (ITIF), states that “Congress should repeal and replace existing federal laws with a common set of protections.” ITIF’s mission is to “formulate, evaluate, and promote policy solutions that accelerate innovation and boost productivity to spur growth, opportunity and progress.” To that end, it seems reasonable that the ITIF would promulgate a set of proposals and regulations that may be put into actions by Congress. However, because this think tank is composed of the very entities that are likely to be regulated by the grand bargain, does it make sense to let them write their own legislation?
The United States does not currently have any federal data privacy laws in effect. Instead, the United States has laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Ghram-Leach-Bliley Act (GLBA) which were written to regulate specific industries but have data privacy implications. As a result, “there are multiple federal and state laws that regulate the private sector often focusing on particular sectors or types of data with multiple regulatory authorities responsible for oversight.” “The Grand Bargain would repeal all federal laws covering the privacy and security of various medical and financial data and replace this patchwork with a single statute that covers personal data in its forms.” The Grand Bargain would also include a preemption feature which would overrule all state privacy laws, creating a national law which ITIF argues would be easier and cheaper for companies to comply with.
Unsurprisingly, ITIF believes that they would be more effective at writing the laws concerning data privacy than would congress. They argue that congress could miss the mark on what is important in data privacy regulation. The synopsis of the Grand Bargain claims that congress’ “key task” in drafting data privacy regulation would be “to balance competing goals such as consumer privacy, free speech, productivity, U.S. economic competitiveness and innovation.” ITIF says it is “relatively easy” to pass privacy regulation that’s goal is to maximize consumer privacy. However, they warn congress to look at the fate of the European Union when they passed their new privacy regulations; they warn of a steep price payed by consumers. They cite “high compliance costs that were passed on to consumers; reduced choice in the digital economy as some firms choose not to provide services; and limited innovation as it becomes much more difficult for organizations, including nonprofits, to use data to innovate and improve services.”
Instead, ITIF argues privacy legislation is most effective when the key factor is consumer welfare, rather than consumer privacy. They argue that there are hidden costs and problems that arise when a legislative body focuses on privacy rather than welfare. The stance of ITIF is that consumer privacy is just a small part of consumer welfare, which is also made up of low prices, and innovative products and services. ITIF is of the opinion that, if left to congress and their competing “key factors”, the tech industry of the United States may fall behind the rest of the world that does not have strict consumer privacy laws due to the increased cost of compliance that would hinder technological innovation. It seems that the tech industry is attempting to be proactive in their push for inclusion on the legislative drafting process. There have been calls from both the left and the right for more stringent regulation on the industry. However, this is no reason to give the tech industry a bigger seat at the table than any other complex important industry While all of these arguments laid out by ITIF have some merit, it could be dangerous to let an industry such a powerful industry to write the legislation that govern the industry. They may be tempted to, as they have already alluded to, give consumer privacy a backseat to maximizing profits and innovation. It makes more sense to create an independent agency dedicated solely to the tech industry and have that independent agency advise congress in drafting legislation. The ITIF surely will have a seat at that table and be able to express their concerns in that way. The tech industry, while profoundly important to the United States and its people, should take their rightful seat at the legislative table.
Jared McDaniel, 28 January 2019