DelBene: The US must get back in the game on personal data protection via Financial Times
Unless America steps up with its own rules, GDPR will become the global norm
By New Democrat Coalition Vice Chair Suzan DelBene (WA-01)
Long before I was elected to Congress, when I was starting my career in the tech industry, I believed we had boundless opportunities to improve the lives of millions, if not billions, of people.
New breakthroughs were being achieved with each passing day. First, we could send emails outside our organisations, then we could send attachments. We added hyperlinks. The potential for inventing novel ways to communicate seemed endless, and it was. We are now more interconnected than at any time in human history, thanks in large part to social media.
Through all of these advances, average people assumed that the big technology companies were acting responsibly and protecting user privacy — to the extent that people thought about privacy at all. We know better now. The Facebook-Cambridge Analytica revelations have woken many consumers up to new privacy concerns.
As a former Microsoft executive and a former chief executive of a technology company, I understand that consumers, policymakers and the private sector share responsibility for protecting personal information from those that want to use it for nefarious purposes. I also know how important it is to set good global norms before someone else sets them for us. The United States is way behind much of the developed world when it comes to data protection.
While opinions may differ on the soundness of the European approach, it is difficult to dispute that the EU is currently leading the charge on protecting consumers’ personal information online. Its General Data Protection Regulation, which went into effect in May, is setting the standard for data protection. The US only has a small window to get back in the game and influence the shape of global digital privacy norms.
To that end, I have drafted legislation to create new transparency and user control requirements for anyone that makes money off consumer data online. My proposal would require any company involved in collecting, storing, processing or otherwise using personal data to provide clear notice of their privacy policies in plain English and ask users to “opt in” before the company uses sensitive private information in ways the customers wouldn’t expect.
I am seeking to give tech users a clear understanding of what happens to their data and the chance to have greater control. Rather than having to opt out of invasive settings, customers should be able to expect privacy as the default.
Parts of my proposal would bring the US into harmony with GDPR, but it avoids the parts of that regulation that are too government-centred and heavy handed to work in the US. Instead, we focus on the need to share responsibility among companies, consumers and government regulators. The bill also gives the Federal Trade Commission extra powers to protect consumers and set clear rules of the road for companies.
Today, people who feel companies have taken advantage of or mishandled sensitive personal information can only complain about it. My bill would make it easier for consumers to take a more active role in protecting their private data from exposure. If companies fail to adjust, the FTC will have a stronger hand to bring them into line. I’m encouraged by the positive feedback my draft has received from technology companies and consumer groups. We will continue to ask for advice to ensure we are getting this right. There will be tough conversations ahead, but I’m confident we’re on the right track.
The American people relied on companies and regulators to protect their private information. That trust has been breached and must be rebuilt. The tech industry has always been a source of US pride and economic strength. Now, it is time to show real leadership and ensure we do not ruin what we’ve worked so hard to achieve.
The writer is a Democratic member of the US House of Representatives