Dozens of CEOs from companies like IBM and Amazon has sent an open letter to Senate and House leaders asking for comprehensive data protection laws. The letters claim state consumer privacy laws simply aren’t enough as they vary widely, lead to confusion, and threaten the competitiveness of the United States. The companies claim a federal law would create a more stable policy environment that allows companies to create products within precise and predictable boundaries.
The letter was sent on behalf of Business Roundtable, an association of CEOs of some of the largest companies in the United States. The CEOs of Walmart, State Farm, Salesforce, Qualcomm, IBM, AT&T, Visa, Mastercard, JP Morgan Chase, and Amazon are among those who have signed the letter.
The group blames a rising number of different state privacy regulations as a leading reason for complicated consumer privacy in the country. This patchwork of regulations has also increased complications for companies that must comply with laws across various jurisdictions and states.
One of the most comprehensive forms of privacy protection passed at the state level is the California Consumer Protection Act (CCPA), a landmark privacy law that will go into effect in 2020. Beginning in 2020, Americans will have the right to demand a company disclose what personal data they have collected about the consumer and ask the company to delete the information or not share it with third parties. Companies will also need to be more upfront in telling consumers what data they collect.
While CCPA is a state law that technically only applies in California, it also covers any out-of-state merchant who sells to California or displays a website in the state. That means that any merchant will have a strong interest in complying with CCPA rather than leaving the fifth largest economy in the world.
With a single federal law for privacy and data protection that would supersede state laws, product design, data management, and compliance would be simplified.
However, some privacy advocates argue the tech companies are more interested in protecting their own interests as combining privacy regulations under a federal umbrella would allow lobby groups to water down meaningful protections. With too much protection, companies may have trouble selling certain types of consumer data to online advertisers, a large and growing area of business.
The Business Roundtable released its own consumer privacy framework it wants Congress to consider as the basis for a future privacy law. Their proposal includes many provisions of the General Data Protection Regulation (GDPR) of the European Union in more broad terms.
In February, the US Government Accountability Office (GAO), a government auditing agency, gave Congress permission for passing a national data privacy law to improve consumer protections much like the GDPR. GAO also recommended placing the FTC in charge of enforcing future privacy law in the United States.
By June, reports surfaced that lawmakers had reached a roadblock attempting to create a national privacy law. Senators could not agree on how strict rules should be or on the key items of the bill.
And one last thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.
FAQ About Companies Ask Congress For Data Protection Law
Why are companies asking Congress for a data protection law?
Companies are requesting a data protection law from Congress to establish a unified framework for handling personal data in the United States. The absence of a comprehensive federal law has led to a patchwork of state-level regulations, creating compliance complexities for businesses operating across multiple jurisdictions.
Companies recognize the need for clear guidelines and standardized practices to protect consumer data, enhance cybersecurity, and build trust with their customers. A federal data protection law would provide a consistent set of rules and requirements, ensuring companies can navigate the regulatory landscape more effectively while safeguarding individuals’ privacy rights.
What are the benefits of a federal data protection law?
A federal data protection law offers several advantages. Firstly, it provides a clear and consistent regulatory framework for businesses to follow, reducing ambiguity and compliance burdens. It establishes baseline standards for data privacy, security, and breach notification, enhancing consumer protection.
A unified law simplifies compliance for companies operating nationally, minimizing the costs associated with meeting varying state-level requirements. It also fosters trust between businesses and consumers, as individuals can have greater confidence that their personal information is being handled responsibly. Additionally, a federal law enables improved cross-border data transfers, facilitating international business operations and promoting economic growth.
What are the challenges to passing a federal data protection law?
Several challenges hinder the passage of a federal data protection law. First and foremost is the complexity of crafting legislation that balances the interests of businesses, consumers, and government agencies. Finding consensus on issues such as defining personal data, determining appropriate consent mechanisms, and establishing penalties for non-compliance can be challenging.
Political divisions and differing priorities among lawmakers also contribute to delays. Additionally, lobbying efforts from various industries may influence the content and scope of the law, potentially diluting its effectiveness. Striking a balance between protecting privacy rights and enabling innovation is a delicate task, requiring careful negotiation and compromise among stakeholders.