Everyone Wants New Data Privacy Laws, but Don’t Hold Your Breath



A raft of panels, Q&As, and keynotes at the International Association of Privacy Professionals Global Privacy Summit in Washington this week suggested that clarity on privacy policy, while universally sought, isn’t going to happen any time soon.

Regulators, policymakers and other stakeholders talked about the state of government response to data privacy and security issues. The message was clear: Everyone wants to get the ball moving, but no one seems to know quite where—or how—to start.

FBI General Counsel James Baker was tight-lipped on encryption: He declined to tell attendees what the FBI found on San Bernardino, Calif., shooter Syed Farook’s iPhone once it finally got in, whether it was worth the trouble, or if the FBI will keep pushing for encryption loopholes or workarounds. Instead, he said it’s up to the American people and Congress to shape that conversation.

One top Microsoft Corp. executive, despite warning against over-broad data collection and warrantless surveillance in his own keynote address, jibed with Baker on at least that point. Microsoft President and Chief Legal Officer Brad Smith said clarity on such issues requires Congress moving forward with new laws explicitly built for a more technologically sophisticated, connected world.

FTC Commissioner Terrell McSweeny and FCC Enforcement Bureau Chief Travis LeBlanc, appearing on separate panels, were both hopeful that their agencies can do solid work as data security watchdogs and enforcers. Yet they too cited a need for what McSweeny called “comprehensive data security legislation” and LeBlanc called a “black-letter law” to clarify and modernize federal statutes to keep consumers’ data and privacy protected and to clearly define regulators’ and corporations’ roles in doing so.

The sole IAPP session to focus specifically on the outlook for congressional action, however, suggested this might be wishful thinking, at least in the near future.

“I’ve worked on privacy issues for 17, 18 years. [The key privacy concerns] at the time were notice, consent, and security. Today, they’re notice, consent, and security,” said Christian Fjeld, chief Democratic counsel for the Senate Commerce, Science and Transportation Committee’s Consumer Protection, Product Safety, Insurance, and Data Security subcommittee, during a panel on data privacy and security legislation.

He and Senate Commerce counsel Peter Feldman said that while there is a lot of work happening behind the scenes to get lawmakers up to speed on privacy issues, there doesn’t seem to be much momentum behind major legislation that would actually confront these issues.

Prior to that event, Rep. Zoe Lofgren (D-Calif.) spoke with Bloomberg BNA about where Congress is on encryption, data security, and privacy. A member of the newly formed House Encryption Working Group, Lofgren said that even as a coalition of voices more interested in preventing backdoors than mandating them gathers steam, she has one simple assessment of the chances of getting anywhere on privacy issues and the like within the next year: “I’m not really hopeful,” she said.