The Trump Administration is working on a Federal Data Privacy Policy
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

The Trump Administration is working on a Federal Data Privacy Policy

The White House hopes to release an “initial set of ideas” this Fall

The Trump Administration is crafting a Federal Data Privacy policy that it hopes will dim global criticism that lax US data laws have enabled a slew of incidents, most notably the Facebook/Cambridge Analytica fiasco.

To prepare for this, the Commerce Department has been meeting with representatives from some of the tech sector’s biggest companies, including Facebook, Google, AT&T, Comcast along with consumer and industry advocates and a slew of other stakeholders, according to four Washington Post sources. In total there have been 22 meetings with over 80 companies.

The White House’s goal is to issue an initial set of ideas this Fall that would hypothetically serve as a starting point for Congress to write and enact the country’s first wide-ranging data privacy law.

“Through the White House National Economic Council, the Trump Administration aims to craft a consumer privacy protection policy that is the appropriate balance between privacy and prosperity,” Lindsay Walters, the president’s deputy press secretary, said in a statement. “We look forward to working with Congress on a legislative solution consistent with our overarching policy.”

Creating a Federal Data Privacy Policy is still far from a sure thing

While it’s certainly encouraging to see the White House taking the lead on this front, there are myriad issues that potentially stand between this administration and a new Federal Data Privacy Policy. We’re going to run through them really quickly to try and paint an accurate picture of the current political and legal climate surrounding a potential US Data Privacy law.

Let’s start with the impetus for this initiative first. There’s the obvious stuff, like the Facebook scandal that shined a light on how companies are harvesting and using data to target users. That certainly has the public’s attention, but there are political calculations as well.

Federal Data Privacy PolicyIn Europe, the General Data Protection Regulation became actively enforceable on May 25th. That has put fresh scrutiny on the lack of data privacy and data security currently in place in the US. There is currently no single federal law the governs how companies can collect and use data in the United States. Case in point, many US companies with European business dealings had to pay money and self-certify with the EU-US Privacy Shield program run by the Department of Commerce and the Federal Trade Commission because the United States lacked what is called an “Adequacy Judgment.” That means that the European Union didn’t deem the United States to have “adequate safeguards” in place to ensure secure transmission of cross-border data transfers.

Put another way, two months ago Europe told American companies that it would need additional assurances of security because our national laws were not up to snuff.

Beyond that, California – in light of inaction at the federal level – passed its own privacy law in June, one that will likely cause a slew of inter-state issues. So there is also motivation to codify a rule at the Federal level that will supercede any state’s attempt at a privacy law.

Democrats and Republicans view regulation very differently

Any Federal Data Privacy Policy is effectively new regulation. The law will likely define what data a company can collect and how it can use it. Depending on how far the White House and Congress want to go it could get as granular as how long you can keep user data or it could be very broad and open to interpretation. Obviously, as this point it’s too early to tell. But it’s important to spend a little bit of time discussing how both sides of the political spectrum in the US see regulation from a philosophical standpoint.

Federal Data Privacy PolicyGenerally, and obviously there are exceptions with everything, regulations are anathema to Republicans. How many regulations (and red tape) a conservative politician can eliminate is a point to trumpet. President Trump campaigned on the promise to get rid of regulations. There was at one point even a congressional republican rule that for every new regulation two had to be eliminated. That’s one of the few places that today’s conservatives are still actually conservative. Ideally conservatism favors a smaller government with less regulation.

Democrats are on the opposite end of the spectrum. I wouldn’t say that they love regulation, but they are traditionally more pragmatic towards regulation. A Federal Data Privacy Policy is likely to revive this perpetual disagreement.

Also complicating things congressionally will be the fact that the Republican party is typically much more pro-Business whereas the Democratic party is often more interested in the rights of the individual.

That sets the stage for a party-line battle where Democrats favor protections that will be similar to what is provided by the European GDPR while Republicans argue for the rights of American businesses to continue what has proven to be a very profitable modus operandi.

Lobbies and Special Interests will play a huge role

Facebook and Google are not going be in favor of stricter data regulations. That may not be what the companies say publicly, but as we discussed the other week, they’re already actively undermining the GDPR. Their entire business model is built on collecting people’s data and then using it to sell targeted ads.

Federal Data Privacy PolicyThese are both multi-billion dollar companies with deep pockets that understand how to apply pressure to a legislature. And that’s not to pick on Google and Facebook, either. Amazon, Microsoft, Apple — none of these companies want to see stricter data regulations. They are more than happy to operate in the ethically grey areas if it continues to keep them profitable.

Expect the political Right to be on board with this side of the argument. Already, Commerce Secretary Wilbur Ross has stated that the GDPR is an “impediment to American businesses.”

On the other side of the issue, the pro-regulation, pro-data privacy crowd sports some intellectual luminaries but lacks the kind of legislative teeth that will likely be needed to see their ideal outcome play out. And frankly, that just comes down to money. On the left you have privacy advocates and non-profit technology foundations backing a more GDPR-inspired vision of Federal Data Privacy Policy, on the right you have the biggest, richest companies in the US and the political party that currently holds all three branches of the Federal government.

What can I do to get involved?

This is the United States, where corporations not only enjoy their own rights, but also the rights of individuals. That’s another way of saying Business, especially Big Business, almost always wins in American politics– and certainly in Congress, where this will need to play out.

I could tell you to get involved, write your congressman and make some noise (which you should), but at the end of the day money talks. And it’s going to have a lot to say about not “burdening business with unneeded regulation,” regardless of how needed that regulation may be.

What do you think? Maybe you’re less cynical than I am. As always, feel free to leave your thoughts and questions in the comments.


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.