The Federal Trade Commission’s Christine Wilson focused on the importance of federal preemption of state privacy laws at the American Enterprise Institute’s privacy forum Wednesday. From the Republican FTC commissioner’s perspective, privacy enforcement will become very difficult if there is a “patchwork” of state privacy laws.
“There are least 94 state privacy laws in the process of discussion,” she said. “I think we’re facing an unworkable patchwork.”
She also added the entire commission agrees on this point and believes the FTC is the agency to enforce a federal privacy law and should be able to fine bad actors.
“I think a law should provide for civil monetary penalties,” she said.
At a November 2018 hearing before the Senate Committee on Commerce, Science and Transportation, Democrat commissioners Rohit Chopra and Rebecca Slaughter said there should be an exception to federal preemption: stronger state privacy laws should win over federal law, they said.
“I would be concerned about a weak federal law that replaces strong state laws,” Slaughter said at the hearing.
The question of preemption is popular in privacy debates, but states and municipalities tend to push back on federal preemption, because it limits their own rule-making authority and autonomy.
In a bid for municipality independence, the city of New York filed comments with the National Technology and Information Administration (NTIA) last fall contending that the city will draw up a privacy law to best serve its consumers, no matter what the feds decide to do.
During a panel discussion following Wilson’s remarks on Wednesday, the Center for Democracy and Technology’s Policy Counsel Jerome Joseph said the preemption question shouldn’t be a priority in privacy discussions.
“It’s unfortunate that preemption is the first thing everyone asks (in a privacy discussion),” he said. “In my opinion, it should be the last. There are also state data security laws. The conversation about preemption would probably preempt some of those. There’s law in New York, Massachusetts. That seems like a shadow part of the debate we’re not having.”
Wilson and the panel also touched on transparency concerns, especially since consumers still know very little about how companies use their personal information.
“The level of consumer confusion is significant,” Wilson said. “One of my favorite stats is from a 2017 study that found 62 percent of respondents said the following statement is true, and 16 percent said they don’t know: ‘If a website has a privacy policy it means the site cannot share information about you with other companies unless you give the website your permission.’ That is clearly a false statement, but the vast majority of Americans think that’s a true statement, or they’re unsure.”
The World Privacy Forum’s Executive Director Pam Dixon said one way to force tech companies to be more transparent is to require them to reveal who they’re sharing data with, so that consumers can track the movement of their personal data.
“I’d love to see data maps that are public,” she said. “If we saw the data maps, I wonder what would happen. I wonder if Cambridge Analytica would have shown up on a data map.”