Senator Cantwell Releases Another Federal Privacy Law That Won't Go Anywhere And Doesn't Deal With Actual Issues
from the this-isn't-going-to-work dept
A few weeks ago we wrote about a privacy bill in the House that seemed unlikely to go anywhere, and now we have the same thing from the Senate: a new privacy bill from Senator Maria Cantwell, called COPRA for “Consumer Online Privacy Rights Act.” For months it had been said that Cantwell was working on a bipartisan effort to create a federal privacy law, so the fact that this bill only has Democratic co-sponsors (Senators Schatz, Klobuchar and Markey) doesn’t bode well for its likelihood of success.
The basic features of the bill are to give more power and resources to the FTC to enforce “digital privacy” and also allowing state Attorneys General to enforce the law. And… as with the House bill it includes a private right of action. This is something that many privacy organizations do favor, but still seems likely to be a disaster in practice. Letting anyone sue for privacy violations when no one actually agrees what “privacy means” is a recipe for a ton of nuisance lawsuits. If this bill actually had a chance, it could lead to the rise of “privacy trolls.” Even in the most well meaning sense of trying to protect privacy, the fact that so many people disagree over what should actually be private and what privacy means, would create quite a legal clusterfuck.
One thing this bill does that the House bill would not, is to pre-empt “directly conflicting state laws.” That’s important for any federal bill, as otherwise companies will have to figure out how to comply with many different (and sometimes conflicting) standards and rules from multiple different states. At least this bill would prevent that. As Consumer Reports notes in its write-up of the bill, it is good to have more alternatives out there, and the bill does have some useful ideas in terms of protecting privacy:
?It?s a good bill to have out there,? Brookman says. ?It gets a lot of things right?companies shouldn?t be collecting cross-site profiles about me and sharing that information?and it?s pretty aggressive on those things.?
The proposed law expands the definition of sensitive information to include biometric details such as facial recognition data, as well as geolocation data that is collected as individuals go about their day-to-day lives.
But, that “aggressiveness” is also what limits the bill’s chances. This seems more performative than anything else, recognizing that people are (reasonably) worried about their privacy online, but does little to deal with the actual issues regarding privacy.
Filed Under: corpa, maria cantwell, privacy, private right of action
Comments on “Senator Cantwell Releases Another Federal Privacy Law That Won't Go Anywhere And Doesn't Deal With Actual Issues”
Can we demand a refund of their salaries?
We shouldn’t have to pay for them for doing nothing but creating a PR stunt grabbing headlines for having done something.
Re: Re:
What, exactly, do you believe they could be doing instead?
Please feel free to propose a privacy bill that would (1) be acceptable and (2) could be sponsored by Cantwell in the House and which (3) Mitch McConnell would bring to the floor of the Senate for a vote even though it was sponsored by a Democrat.
Re: Re: Re:
We’ll have to wait till McConnell is removed from office. He’s awful.
the meaning of "privacy"
Are "privacy means" the mechanisms by which privacy is afforded? I agree that what exactly is meant by "privacy" in a connected world is open to interpretation, but I have no clue as to what means are used to provide privacy. [e.g. I would never have thought that my license plate would be an example of a privacy issue, until LPRs became ubiquitous and connected to databases.]
Would a better mechanism than allowing use of the courts to sue a company for misuse of private information be to have the equivalent of the Consumer Financial Protection Bureau — a Consumer Privacy Protection Bureau?
Any conflict between a single consumer and a data collection business (whether it purports to be a search engine or a social media company) is entirely one-sided. Handing that task over to a government agency, such as the imagined ‘CPPB’ would at least allow for a leveling of the playing field. (insert meme for being wrong on so many levels…).
Re: the meaning of privacy
the meaning of privacy is ultimately arbitrary, varying with individual values.
politicians and regulatory bureaucrats are incapable of setting fair and just rules of privacy; the courts can’t do it either.
privacy terms "should" be handled by normal Contract Law … as negotiated by the vast spectrum of contracting parties in everyday commerce.
Consumers "could" demand stricter privacy terms from sellers… and this is typically done indirectly by not-buying goods/services from sellers with poor business practices.
Purchase decisions are like voting, given a reasonably competitive market.
Congress & FTC are dysfunctional and usually respond to special interests rather tan the general public interest.
Re: Re: the meaning of privacy
Nothing. Because the companies will all band together and make the invasion boilerplate standard industry wide. Oh, wait they already do that.
Consumers can do nothing. Companies will gladly screw over the population so long as they can make a penny in profit doing it, and they will rewrite the narrative to make such screwing the best move ever despite any and all evidence to the contrary. Consumers cannot threaten them with class actions anymore. Consumers have no choices in contract language. And depending on the product or service, consumers have no choice but to pay and be bound by the terms anyway.
Companies have gotten away with murder. They have successfully rewritten the law to benefit them over the public interest in most situations.
Anytime that you hear "self-regulation" you should hear: "How’s about letting us screw over the public some more so we can make even more money?" Companies have also cleared the way for further weakening of the law and the public’s well being through regulatory capture, and legalized bribery. (Superpacs and Chairman Pai are examples that come to mind.) Of course such corruption will render them ineffective. That’s why reformation efforts are needed.
Nope. Within a geographical region standards tend to be the same as part of the locally acceptable norms. You can standardize those into law. Many places do. (No shirt, no shoes, no service. Is an example due to its often invoked censorship quality.)
Further, if we take your excuse at face value, we end up at nothing can be known, therefore nothing should be done. Society will never know the answers to everything, but to do nothing as a result is to be paralyzed with fear. Something no society should ever scumb to.
The public has an interest in it’s own preservation. The companies only care about the next quarter report. Given that they have no expectation of serving the public good, there should be laws made by the public to enforce it.
COPRA....
COPRA…like, copraphilia? Cuz this sure smells like complete shit….
Privacy trolls
Speaking of privacy trolls, I can just picture <https://www.techdirt.com/articles/20191123/23325143443/richard-liebowitz-is-wrong-so-many-levels-is-trouble-yet-again.shtml>(Richard Liebowitz) discovering a new line of lawsuit specialty. Being the first ass clown attorney in line to file a lawsuit….
This can't well go
Not even this pun
After one or two lawsuits, the courts will define "privacy."
Maybe those doxing websites that target litigious individuals by inciting others to trigger being sued by them (so the lawyers behind the doxing can make money defending the suits) will be easier to target. Or maybe they’re already being run by a fed, or someone who has flipped sides.
Ya never know.
Re: Re:
I suspect it’ll take more than one or two lawsuits…have you seen a federal docket lately, by the way?