In the great conundrum that is comprehensive commercial privacy legislation, congratulations are due. The good news is that the House Energy and Commerce Committee – led by Chairman Guthrie and Vice Chairman Joyce – has taken an appropriate step to regroup and formulate a sound, substantive foothold.
Through a Request for Information, the Committee is asking fundamental questions, rather than dictating answers, with the goal of eventually building a sustainable bill that can pass through the legislative process. That’s worthy of a tip of the hat and saying a short prayer for success.
Having previously spent two decades inside Congress as it worked in fits and starts on commercial privacy, I applaud this new, thoughtful approach. That is not a knock on the Committee’s prior efforts in any way, including the leadership of former chair Cathy McMorris Rodgers, but an acknowledgment that legislating is meant to be hard.
For commercial privacy (as opposed to government privacy), imposing limitations that constrain honest commerce, mostly to address a few bad actors, should be extremely difficult. Looking at the current process, the hope should be that it begins by reframing the overall privacy narrative.
Somewhere over the last many years, policymakers were sold the notion that privacy was a fundamental American right. But that’s not exactly true. There is no privacy clause or related amendment in the U.S. Constitution, and few privacy provisions exist in federal law today.
Instead, our nation’s leaders over the years have generally fought to protect, with some notable exceptions, American commerce and key principles, such as permitting the transfer of information to conduct business, permissionless marketing, freedom to contract, and more. Indeed, Calvin Coolidge’s quote still rings true, “the business of America is business.”
American capitalism certainly is not the Wild West, but our nation’s success is tied to economic prosperity with families benefiting from economic growth. For too long, privacy advocates have improperly denigrated businesses’ use of data and painted a picture of data use as inherently harmful or to be feared.
The truth is that trillions of data bits are regularly being collected, analyzed, used, and exchanged at a breathtaking pace and without negative consumer impact by legitimate companies for a boatload of positive purposes.
Similarly, companies market goods and services in creative ways to expand consumer options and better target offerings, which is particularly important for smaller companies trying to compete with larger ones.
On a more practical level, the mostly free consumer Internet online experience exists, rather than being hidden behind expensive paywalls, because of the consensual and conditional exchange of data.
In actuality, today’s data practices are critical to ensure a safe, effective, and stable commercial marketplace – for sellers, buyers, users, producers, analysts, and processors.
Allowing companies to meet the ever-demanding consumers’ interest requires a great level of data sharing – without the heavy hand of regulations or punishing lawsuits. Even more-sensitive data cannot be viewed with a lockbox mentality by which regulators are allowed to puppeteer our private markets.
Surveying the world shows other nations, including our European allies, have taken a far different approach. They have taken great leaps in declaring privacy a right, often emanating from individual country constitutions. This has set the stage for extensive statutory limitations on data use. Grandiose restrictions have been made under the guise of “protecting” consumers.
Often, Europeans attempt to scold Americans on our privacy insufficiency. But it’s worth noting that these countries often have dismal economies caused, in part, by punishing regulation on businesses. More importantly, unlike our litigious society, they rarely enforce these privacy schemes against homegrown companies.
While the Committee’s collection of comments is still being reviewed, common sense and preservation of economic growth requires that any privacy legislation must protect legitimate businesses from undue burdens and obligations.
Legislation needs to be specific and cage in regulators to prevent future creativity and abuse, fully respect the Commerce Clause and national markets with bright lines and absolute preemption of any state-related action, completely ban private rights of action, and prevent consumers from correcting or striking accurate data.
Moreover, it needs to recognize that just addressing one sector specific – like online privacy only – would be deeply troubling as consumers don’t differentiate among delivery mechanisms. These elements should be non-negotiable, as the misuse of countless statutes shows what happens when these bedrock concepts are not maintained.
To the extent legislation materializes this Congress, a minimalist commercial privacy law, in the right form, might be somewhat valuable. It could set a fundamental baseline while preserving the ability of American companies to function in today’s dynamic economy. Companies could be free to offer extra benefits to consumers for added access to data but not forced to do so by statute or regulatory fiat.
For years, attempts to enact a comprehensive commercial privacy statute have confounded policymakers and drained precious time. With previous efforts in the rearview mirror, any new endeavor at legislating this Congress, with kudos to Energy and Commerce for starting anew, should be grounded in the proper underlying principles of protecting our economy.
American commerce must be allowed to flourish and our policies must stop trying to copy concepts or appease complaints from across the Atlantic.
Michael O’Rielly is a Senior Fellow at The Media Institute and member of the Institute’s First Amendment Advisory Council. A former Commissioner of the Federal Communications Commission, he is President of MPO Consulting, Inc., based in Arlington, Va.