This month, President Joe Biden joined the push for a federal privacy law. Writing in the Wall Street Journal, Biden took aim at Big Tech and urged lawmakers to come together, hold tech companies accountable, and pass federal legislation to codify consumer privacy rights.
“We’ve heard a lot of talk about creating committees. It’s time to walk the walk and get something done,” Biden declared. After watching so much fragmentation at the state level, it’s exciting to see POTUS advocate for unified, federal action.Â
Attacks on Big Tech companies poll well, and the cynical reader might suggest that to be Biden’s primary motivation. However, data privacy truly is a bi-partisan issue, even if the parties differ on how it should be implemented. Commonsense regulation around a citizen’s right to privacy can be balanced with businesses’ need for growth. Rules and frameworks can create the certainty that the private sector needs to thrive.Â
It’s possible—in theory, at least—for Democrats and Republicans to find common ground on privacy issues. Republicans would love a new reason to go after Big Tech companies, and Democrats are eager to do more to protect consumers’ individual privacy rights. In reality though, we should expect continued gridlock. (After all, the quickest way to get Republicans to oppose legislation is to tell them a Democratic president is eager to sign it!) Despite common ground, there are thorny disagreements between parties:
This doesn’t mean businesses should ignore Biden’s op-ed. By talking about privacy, Biden is helping to keep the spotlight on the issue. This will increase consumer awareness of privacy issues, and may also spark new state-level regulatory initiatives. We’re unlikely to get a federal privacy law anytime soon—but Biden’s op-ed raises the stakes as organizations seek to live up to consumer expectations, and navigate the tangled reality of state-by-state privacy regulations.
Perhaps you’ve been hoping a federal law will free your business from the burden of managing a complex patchwork of regional privacy rules. When you’re operating across multiple jurisdictions, each with their own standards and requirements, it can be tough to find a path forward.Â
In theory, a federal standard might help to resolve that, creating a single rulebook for U.S. businesses. But not so fast:Â
For more about the federal privacy law, read Learn from the ADPPA: 3 key data privacy legislation trends.
The truth is: for most organizations, there may never be a simple privacy standard that can be applied once to cover them in all possible jurisdictions and circumstances.Â
It’s generally accepted that of all the state laws, California has enacted the strictest legislation. Therefore, many businesses are treating California’s privacy laws as a de facto federal standard, assuming that if they abide by the Golden State’s stringent rules, they’ll automatically be in compliance with other states’ regulations.
Unfortunately, this approach isn’t foolproof. The state-by-state rules don’t overlap perfectly, and there is no single state rulebook that meets or exceeds the requirements of all other states. For example: complying diligently with California’s legislation won’t cover you against Colorado’s different, GDPR-style consent requirements.Â
Organizations have a choice to make: keep on building (and rebuilding) their privacy infrastructure each time the rules change—or find a solution that makes it possible to flexibly cope with a long list of state-by-state rulebooks (or, for that matter, new federal laws) without struggling with a massive administrative burden.
At Ketch, we’re making it easier for companies to create this sustainable, responsive approach to privacy compliance. A few key steps we’ve taken:Â
We think this is a smarter way to navigate the complexities of today’s regulatory patchwork. But it’s also a smarter way to prepare for the next generation of web services — and the future of the data economy itself.Â
Privacy, after all, is just the tip of the spear when it comes to the bigger question of how to use data ethically and responsibly. The privacy systems we’re now building, in other words, shouldn’t just be answers to the specific challenges posed by individual pieces of legislation. They should be conceived of as the reference architecture that will allow us to unlock the full value of our data in scalable, sustainable, and ethical ways.
That’s something consumers are increasingly demanding in ways that go beyond the strictures of any given rulebook. Consumers now know that their data has value, and while they’re willing to exchange that value to receive improved services and other benefits, they still want their autonomy and data dignity to be respected along the way.
Legal and regulatory compliance will always be important, of course. But it’s end-users, not regulators, who are emerging as the key driver of responsible data practices. Ultimately it will be consumer expectations — not the White House, Congress, or even state regulators — that decides the future of data privacy, and compels businesses to build smart, purpose-driven data privacy solutions.