WASHINGTON D.C. — On Friday, TechFreedom filed comments on a request for comments from the National Telecommunications and Information Administration (NTIA) on “Developing the Administration’s Approach to Consumer Privacy.” The comments analyze the seven privacy principles proposed by NTIA as variations of the Obama Administration’s 2012 Consumer Privacy Bill of Rights, but focus on other features of a possible new legal framework for privacy law that could effectively protect consumers from real privacy harms without jeopardizing the cycle of data-driven innovation that has so clearly benefited consumers worldwide.

“On a high level, there’s long been bipartisan agreement about the American approach to privacy,” said Berin Szóka, President of TechFreedom. “The NTIA’s current agenda makes two important and valuable contributions to privacy thinking. First, while the FTC’s existing deception-based approach already covers a wide variety of privacy risks, the most important thing for any regulatory framework added on top of existing law is to focus on real privacy risks to consumers — risks that might be difficult to address under existing law. Second, consumer sovereignty has been the lodestar of consumer protection law, and respecting consumer choice should remain the lodestar of any new privacy-specific law. But we can’t respect consumer choice by bombarding them with pop-ups. Ironically, overly broad rights to ‘control’ information about you can actually make user choice less meaningful, and create new privacy risks.”

“High level principles matter, of course, but in the end, what will matter most are the practical details of privacy law enforcement,” continued Szóka. “That’s why our comments focus heavily on the role of the First Amendment in crafting and enforcing privacy law, as well as key administrative law questions. The Constitution requires that companies be given fair notice of what the law requires. Formal rulemakings are one way to do that, but fast-moving areas of technological change will require more flexible standards. Ultimately, privacy law needs to evolve with new technologies. Courts, not regulators, should ultimately chart the course of the law—both to ensure rigorous thinking about trade-offs for users and innovation and also to avoid vague, arbitrary laws privacy law becoming a political weapon for demagogues like Trump around the world to wield against tech companies.”

“The mess California lawmakers made by rushing privacy legislation to stave off an even worse ballot measure illustrates the importance of thinking through any legislation carefully,” concluded Szóka. “The impending implementation date of California’s sloppy law, and movement in other states towards passing their own, inconsistent laws, together certainly do create urgency for a unified federal framework. And yet, there’s little reason to think Congress is capable of forging a compromise on this incredibly difficult issue that will not hamstring the ongoing flourishing of data-driven innovation. That’s why we’ve called on lawmakers to pass legislation in the Lame Duck Congress to create a Privacy Law Modernization Commission. Such a commission originally developed the Fair Information Principles in the early 1970s, and another helped Congress understand how to modernize the antitrust laws last decade. Such a commission may be the only way to forge bipartisan support for a future-proof bill governing privacy. The sooner it starts its work, the closer we’ll be to passing legislation that can stand the test of time.

* * *

Read the comments here. We can be reached for comment at media@techfreedom.org. See more of our work on GDPR and privacy regulation, including:

  • 2018 Our FTC comments on Competition & Consumer Protection in the 21st Century
  • 2018 Our NTIA comments on NTIA’s international priorities
  • 2017 Our Senate testimony on FTC Stakeholder Perspectives: Reform Proposals to Improve Fairness, Innovation, and Consumer Welfare
  • 2016 Our FTC testimony on Restoring Congressional Oversight of the Second National Legislature with Geoff Manne, President of ICLE
  • 2012 Senate testimony of Berin Szoka, on the Senate Commerce Committee’s hearing: “The Need for Privacy Protections: Is Industry Self-Regulation Adequate?”
  • 2012 White House testimony of Berin Szoka, on the White House’s Privacy Report.
  • Our statement, “Szoka Cautions NTIA Privacy Multistakeholder Self-Regulatory Process”
  • Our comment with the NTIA on “Multistakeholder Process to Develop Consumer Data Privacy Codes of Conduct.”
  • Tech Policy Podcast #225:  “WHOIS Going to Deal with Cybersecurity – GDPR Edition.”