privacy legislation

Privacy Nuts and Bolts: How Washington lawmakers can protect our digital privacy

Jan 21

For the past two years, I have been personally and professionally invested in the Washington Privacy Act. The 2021 iteration, SB 5062, is the third iteration of the bill. Tough questions exist about the scope of information that should be protected, how individuals should consent to data practices or whether companies should minimize how they use information, and ultimately, how these protections will be policed.

I recently hosted a webinar for Washington lawmakers with an array of privacy academics, advocates and experts. This hour long conversation features me moderating a conversation with Prof. Ryan Calo, University of Washington School of Law; Stacey Gray, Senior Counsel at the Future of Privacy Forum (FPF); Jennifer Lee, Technology & Liberty Project Manager at ACLU-WA; and Maureen Mahoney, Policy Analyst at Consumer Reports.

Federalist Society Podcast: California Consumer Privacy Act

Oct 10

In this episode of the Federalist Society’s Tech Roundup, I join the Mercatus Center’s Adam Thierer and TechFreedom’s Ian Adams to bring a privacy advocate’s perspective to the looming California Consumer Privacy Act. It’s a good discussion of the relative merits of privacy laws at the state or federal level, and I only interrupt Ian a couple times:

This podcast features a fascinating back-and-forth on the implications of new amendments to California’s privacy law, CCPA (California Consumer Privacy Act). Is California setting the law of the land? How will the FTC respond? What will this mean for interstate online commerce? These and other questions are explored in the episode.

Privacy and Private Rights of Action

Oct 04

As Congress continues to slog through the process of crafting a comprehensive federal privacy framework, two intractable issues have emerged: federal preemption and private rights of action. These two issues are intertwined because they get at the core of how privacy rights and obligations should be enforced. While preemption has received most of the attention, a carefully constructed private right of action could also play an important role in advancing privacy rights at the national level. Instead, any inclusion of a private right of action has been treated as an all-or-nothing proposition.

Privacy advocates recommend individuals be permitted to privately enforce federal privacy protections through a statutory private right of action without any showing of harm. Meanwhile, industry-friendly proposals treat private rights of action as a non-starter. Both sides are locked into absolutist positions, and lawmakers’ efforts to craft an impactful privacy law have been hurt in the process.

In this post for IAPP’s Privacy Perspectives, I get into the nuance of private enforcement and offer up several ideas for how lawmakers could incorporate private rights of action into a national privacy law.

Joining PBS NewsHour to Discuss Facial Recognition Apps

Jul 19

An invitation to join PBS NewsHour to discuss the privacy implications of facial recognition apps was enough for me to push aside a lingering illness. I spoke with Amna Nawaz about public concerns with FaceApp, a photo filter app that allows users to transform their features by adding or removing wrinkles. I address questions about how images of people’s faces could be used, the (non)-implications of the app being based in Russia, and encourage viewers to reach out to allegedly concerned lawmakers to push for federal privacy legislation.

New York State Public Hearing on Online Privacy

Jun 06

I joined fellow privacy experts Prof. Ari Waldman, IPR’s Lindsey Barrett, and CCPA-author Mary Stone Ross to testify in support of the New York Privacy Act at a hearing on Tuesday, June 4th. Our panel, which starts about 1:15 minutes into the video, forcefully responded to a line-up of industry representatives. My prepared testimony is available here and a complete transcript of the event is available here.

AEI: Perspectives on Federal Privacy Legislation

Apr 03

On Wednesday, I was thrilled to take the stage alongside two longtime privacy heroes of mine, Pam Dixon and Peter Swire, and Bret Swanson at an AEI event discussing how stakeholders from industry, users, and privacy advocates can work together to craft rules that meaningfully protect individuals’ privacy while providing companies flexibility for future innovation. // Video starts at the beginning of the group panel.

Privacy Advisor Podcast: Reviewing Congress’ latest privacy hearings

Mar 05

My third guest spot on the Privacy Advisor Podcast was a quick turn around, as a sick version of myself joined Angelique Carson to discuss our impressions of back-to-back congressional hearings on federal privacy legislation:

On Capitol Hill this week, Congress held back-to-back hearings on a potential U.S. federal privacy bill. The aim was to gain insights from expert witnesses on what such a bill should contain. At the first hearing, at the House Committee on Energy and Commerce, industry and advocates debated how prescriptive a federal law should be. At Wednesday’s Senate Committee on Commerce, Science, and Transportation, lawmakers asked witnesses whether a U.S. law should model itself on the EU General Data Protection Regulation or perhaps the California Consumer Privacy Act. While industry didn’t like that idea, witnesses did agree that the CCPA should be the floor upon which a federal law is built. In this episode of The Privacy Advisor Podcast, the Center for Democracy and Technology’s Joe Jerome, CIPP/US, and host Angelique Carson, CIPP/US, recap the highlights from the hearings.

// Listen to the podcast here.

Privacy Advisor Podcast: What’s up with federal privacy legislation?

Feb 10

In my return to Angelique Carson’s Privacy Advisor Podcast, we further discuss my love of watermelons and where the federal privacy debate stands:

It’s clear at this point that the momentum has shifted in favor of a federal privacy bill in the U.S. The questions are: What will that bill look like, who will sponsor something both the tech community and advocates can live with, and will it actually happen this year? Joseph Jerome, CIPP/US, policy counsel at the Center for Democracy and Technology in Washington, has been dead center on the federal privacy bill debate for some time now and took a leading role at the CDT in drafting their own bill. In this episode of The Privacy Advisor Podcast, Jerome discusses the difficulties inherent in trying to pass a bill that pleases everybody — or at least one that the disparate and myriad stakeholders can live with.