So you might be inclined to think there are better ways to spend half an hour than listening to two lawyers in sport coats talk about data privacy. More fun? Sure. Got me there. More important? That’s debatable given how critical the data privacy issue is to anyone working with stacks of customer data, and processing it faster and faster to make increasingly consequential real-time decisions.
The advent of 5G is only making things happen faster. This raises the stakes for getting privacy regulation right. And hence the name of the panel, “Privacy in a High-Speed World.”
Today at Localogy 20/20, our two lawyers in sport coats, Michael Signorelli from Venable, and James Ward from Ward PLLC, shared some pretty sharp insights on what a data privacy regime should look like. Whether it ends up looking in line with their vision is another matter entirely.
Who’s in Charge Anyway?
One of the issues around privacy that gives CMOs and CDOs the most agita (these are high-agita jobs on a good day) is the idea of having to comply with 50 different state regulatory schemes.
This is a non-trivial concern, according to Michael and James. Both attorneys agree that in the near term, most of the regulatory energy around data privacy will come from state attorneys general. This is particularly true in states with new data privacy regulations on the books that are loosely based on GDPR (the European regulation) or CCPA (California’s answer to GDPR).
“Anytime you are looking at the possibility of 50 separate state laws governing something as ubiquitous as data flows, it will create complexity,” James said.
Yet the situation may not be quite as dire as that statement would suggest.
“One thing you can say is that most laws stem from the same general principles,” James adds. “Fair processing principals that have been around since 1981. With modifications over the years.”
James said the “delta” in regulation between jurisdictions is what will create that complexity that turns executives’ hair gray.
“That leads to the question of what a federal law would look like,” James adds.
Michael added another wrinkle. California has a measure on the November ballot called the California Privacy Rights Act. This would amend CCPA and create a new agency and regulator with concurrent powers to California’s AG.
“We are approaching what could be a very fragmented regime in the US very soon without a national standard that is passed through Congress.” It went unsaid among the panelist that this isn’t likely in the current political climate.
Just Be Reasonable, OK?
So let’s say there was a national regulatory scheme. What should it look like?
The two attorneys agreed on one thing. Be reasonable. Forcing consumers to consent to every move a company makes with their data is the wrong approach. Given the speed at which decisions are made with data on everything from credit decisions to ad targeting, it’s better to specify what’s acceptable than to put the onus on consumers.
There are some basic principals everyone can agree on, the lawyers argued. You cannot use data to commit fraud, even if the consumer “consents” to it. A consumer cannot consent to bad practices. Putting the burden on consumers implies they have knowledge that they probably don’t have. If that sounds paternalistic, just ask yourself when was the last time you actually read consent language before clicking “Yes”?
“Focus on what is reasonable,” Michael said. “It will make it a better, workable marketplace for consumers and they will be able to enjoy their digital experiences and not have to read privacy policies and hit ‘consent’ on every single thing that they open.”
Privacy in a High Speed World
As data speeds accelerate, so will the privacy challenges associated with faster and faster knowledge networks. What steps will governments put in place to assure consumers their privacy concerns will prevail over potential abuses and how will content and data providers navigate the public policy wickets that are sure to mount as speeds increase and latency times evaporate?Speaker(s):
Michael Signorelli, Venable
James Ward, Ward PLLC