WASHINGTON, DC — Late last month, Iowa became the sixth state to pass consumer data privacy laws, joining a list that already includes California, Colorado, Connecticut, Utah and Virginia. The state is the newest but unlikely the last to achieve this, with nearly a dozen states — including New York and Texas — considering some type of comprehensive consumer privacy laws.
If this patchwork approach to laws continues to cross the country, the fee of compliance to businesses could eventually hit $1 trillion over 10 years, in accordance with a report by the Information Technology and Innovation Foundation. Even California’s official impact assessment projected the fee of the California Consumer Privacy Act (CCPA) on the state’s businesses to be $55 billion. The massive cost of compliance with an increasing number of state-based laws could impact marketing budgets, customer experience and the power for brands to introduce recent services.
How brands can navigate this increasingly complicated landscape was the subject of dialogue during a panel on the IAB Public Policy & Legal Summit on April 3.
The elephant within the room — superseding federal laws that would simplify the sphere of state-led privacy laws — stays a potential panacea, if not a particularly likely one, given the divided Congress and increased political polarization. This yr, Congress will likely deal with a few major priorities — raising the debt limit, funding the federal government, reauthorizing the FAA, a Farm Bill — that would open a window for federal privacy laws.
“You have some moving vehicles and a few things that, a method or one other, are going to need to get to the President’s desk,” said Nicholas Choate, senior policy advisor at Venable, throughout the panel. “For the needs of privacy, or tech generally, those are the things I can be watching, because once you will have that moving vehicle, it’s pretty easy, especially in an environment where standard bills aren’t moving, to try to connect things to those.”
Aside from hitching a ride on those vehicles, the trail toward federal privacy laws during this Congress is a narrow one, especially because the presidential cycle looms. While there appears to be bipartisan support for motion against TikTok, there has not been meaningful discussion about privacy or tech antitrust this session.
“It’s to be determined whether the rhetoric can die down enough that we’re capable of find common ground,” Choate continued. “To the extent there’s bipartisan interest in doing something to rein in big tech, we’re still pretty far apart on what that appears like. But you never know.”
Fixing a federal approach
A key focus of the discussion was how the present landscape is vastly different from just a yr ago, when the American Data Privacy and Protection Act (ADPPA) was passed by the House Energy and Commerce Committee, by a nearly unanimous vote, but stalled on the House floor. Reviving ADPPA on this session can be difficult, provided that it had already been the topic of a difficult, compromise-filled process that saw the laws drastically reworked several times in only a few months. Going back to the drafting board to handle the anomaly and unintended consequences of ADPPA that were a results of the fraught process would likely doom the bill this time around.
“If there have been attempts to drastically rework a few of the core elements of that bill, you possibly can see key supporters leaving — each folks on the Hill and key stakeholder groups — and that would put us back at square one, which can be unlucky,” said Keir Lamont, director for U.S. laws on the Future of Privacy Forum, throughout the panel.
If Congress were to work on a new edition of ADPPA, industry stakeholders would likely push legislators to handle a few of the concerns that they had with the laws, in accordance with panelist Maneesha Mithal, a partner at Wilson Sonsini Goodrich & Rosati. Mithal noted that the draft laws lacked clarity around whether targeting promoting have to be opt-in or opt-out; what constitutes so-called “dark patterns” that cause users to make unintended decisions about their privacy; and what “duty of loyalty” data collectors need to consumers.
Until Congress continues work on federal privacy laws, marketers will likely be on the mercy of an increasing variety of states with laws that always overlap but have their very own approaches and requirements. Mithal suggested marketers deal with several areas around compliance, including creating data maps that track what data is being collected and for what purpose and updating contracts, notices and subject access requests to stay in compliance with recent laws.
The cost of compliance until federal laws is passed, possibly superseding state-level regulations, will cut into other business priorities, from increasing marketing budgets to expanding into recent product lines to offering recent services, said Alex Propes, government affairs and public policy manager at Google. Getting data privacy right on the federal level may lead to raised outcomes for each businesses and consumers.
“When you will have nuances between different bills, that creates challenges that are not necessarily providing a higher consumer experience,” Propes said. “We need something that is done on the federal level that balances utility and makes sure that companies can still grow and compete, and likewise provides these consumer privacy rights to the world.”
Read the total article here
