January 6, 2022
During CES this week, CTA senior vice president of political and industry affairs Tiffany Moore led a discussion on the contentious issues surrounding privacy in an evolving digital landscape. With her, former FTC acting chair Maureen Ohlhausen was joined by Asad Ramzanali, legislative director to Representative Anna Eshoo (D-California), and Dr. Carlos Nunez, ResMed chief medical officer. Ohlhausen noted that the FTC is the primary agency tasked with privacy issues, based on a 1938 law passed by Congress prohibiting “unfair and deceptive acts or practices.”
“With the advent of the online world, the FTC took the lead in applying that general authority to online privacy for U.S. consumers,” she said. “The question is if that should continue to be the FTC’s role.” She added that, “we’re at the point where there’s a general agreement that these tools have reached their limits.”
“Congress has to determine if the FTC needs additional tools, consumers need additional protection and businesses need additional guidance,” Ohlhausen noted.
Ramzanali said that, in California, Congresswoman Eshoo introduced the Online Privacy Act in 2019 to address this. “There’s an inherent need to be ahead on innovation — we all agree about that at CES,” he said. “Privacy is a good outcome for people and the government should protect it.” He noted that the Online Privacy Act would create the Digital Privacy Agency (DPA), devoted to these concerns.
In healthcare, “data is rich but information is poor,” said Nunez. “We’re not trying to sell banner ads but better understand how to take care of patients and not go broke. Patients must be okay if their data is used and that it is used in the right way.”
Ramzanali stated that, “the highest level of agreement is on data rights and requirements of companies.” “But there’s a higher level of disagreement in the enforcement area,” he said. “We don’t want to cut off innovation and we do respect the CTA and companies in our [Silicon Valley] district. But if there’s a better balance, consumers’ trust in tech companies will improve. You can collect data when it relates to what consumers come to your site for; secondary uses is when we get into problems.”
For Ohlhausen, the problem is the lack of a “private right of action,” which often acts as a “magnet for class action lawyers.” “But for a company that is really not complying, a limited private right of action could focus on changing that company’s behavior rather than driving class action lawsuits,” she said.
Nunez pointed out that seemingly innocuous pieces of data and be used to assemble information that is used improperly. “Data points can be tailored to us in a variety of ways, not all good,” he said. Moore asked if there was a middle road — and if we’ll see Congress pass a privacy law in 2022. Ramzanali told Ohlhausen that Eshoo also worries about too many lawsuits.
“But choice is what consent is about,” he said. “The conversation is not about finding the middle ground.” Both he and Ohlhausen expressed the wish that Congress pass a privacy law this year.
Nunez had another wish. “Our Congresspeople need to become more knowledgeable on the topic so they can actually ask questions when tech CEOs testify in Congress.”