One of the major unresolved issues in crafting comprehensive federal digital privacy legislation has carried over from last year to the current 117th Congress. This regards whether current or future state privacy laws should be preempted so that there only will be one uniform national set of enforceable rules regarding the collection, storage, and transmission of personally identifiable information.
A one-size-fits-all approach makes intuitive sense since online services and social media are not confined to traditional geographic boundaries. And absent a fully federal approach, there is the possibility that digital companies will be faced with a crazy quilt pattern of regulatory compliance, increasing both their potential legal liability and the cost of doing business. In short, this is a scenario for Plan A.
But to date, there does not appear to be any renewed sense of whether bipartisan consensus can be achieved on this federal preemption issue, nor any overall White House involvement in moving digital privacy legislation on any legislative fast track.
The clear priorities of the Biden administration for at least the rest of 2021 include COVID-19, economic recovery, climate change, and racial justice. These items represent a very full plate of what we can expect from Congress in the foreseeable future. A $1 trillion infrastructure package also looms ahead in the near term, and a variety of continuing foreign policy challenges (e.g., China, Russia, Iran, North Korea) add even more complexity to this pressing mix of national concerns. Consequently, for digital privacy policy, a Plan B is necessary in the interim.
Last month, a federal court decision, which will not be appealed by the Department of Justice, finally enabled the California Protection and Net Neutrality Act of 2018 to take effect.
This law will require all Internet Service Providers in the state to provide consumer transparency and non-discrimination so that bandwidth capacity and broadband speed are consistent for all online services.
Although a comparable regulatory framework was enacted by the Federal Communications Commission in 2015 with strong support from the Obama administration, this was fully reversed by the FCC in 2017 at the urging of the Trump administration. The California net neutrality law then was enacted to establish net neutrality rules on a more limited basis—in only one state out of 50.
This sequence of events has created an interesting, albeit unintended, basis for observing what a fully-federal approach accomplished while it was in force, as compared with the new environment where net neutrality rules only apply within the boundaries of California. This is Plan B—assessing the real-world experiences of how the internet operates differently under these distinct approaches. In turn, policymakers will have a valuable set of useful insights about whether states should enact their own digital privacy laws while the status quo of no federal privacy legislation remains in place, or speed up the enactment of federal law.
In effect, California–our nation’s most populous state, with nearly 40 million residents—now represents a great laboratory for seeing how separate federal and state approaches work in practice. This includes understanding whether or not compliance will be as haphazard as those who assert that a federal-only approach is the only viable route to follow.
With more than a dozen other states currently moving ahead with their own digital privacy legislative proposals, California’s net neutrality experience can help demonstrate a level of regulatory capability that is possible for states to pursue. And if Congress chooses to act sooner rather than later, it will be able to do so with better information about what level of federal preemption should be proposed.
In fashion and culture, California has been a trendsetter for many decades. It now is poised to assume a similar role by providing much-needed details about state and federal regulatory effectiveness in our digital domain.