Skip to main contentSkip to main content
You have permission to edit this article.
Terry McAuliffe column: A federal privacy law Is essential to economic recovery
Economic recovery

Terry McAuliffe column: A federal privacy law Is essential to economic recovery

  • 0

COVID-19 has hit the U.S. economy hard, and the road to recovery will not be easy. The worst might still be ahead. Congress must do everything in its power to help the country recover from this crisis, and that includes passing a federal data privacy law.

The COVID-19 pandemic has accelerated America’s digital transformation, moving more commerce and other activity online than ever before. We’re using data-driven online services not only for essentials like shopping, work and education, but also increasingly for our social interaction.

Technologies fueled by data also have proven essential in fighting the virus. After this crisis, many of these changes will remain. The new services and tools we’ve embraced have helped to improve our lives in these difficult times, and they won’t simply be forgotten as the world around us reopens.

Unfortunately, consumer trust in companies providing online services remains low. According to a recent Pew survey, 79% of Americans said they were concerned about how companies were using the data collected about them and 81% said the risks of data collection outweighed the benefits.

This trust deficit is due, in part, to the fact that the U.S. does not have a comprehensive law governing how companies use personal data. In fact, the U.S. is an outlier among nations with its lack of a comprehensive privacy law.

While many companies have strong privacy practices in place and see such practices as a benefit to their business, bad actors persist because there might not be legal consequences for their actions. A federal privacy law could help to rebuild this trust and increase consumer confidence to accept broad data uses and adopt new technologies that could boost the economy.

But without one, the U.S. not only will further undermine consumer trust at home, it very well could lose its status as a global technology leader. Witness the recent demise of the “Privacy Shield” data transfer mechanism at the hands of the highest court in the EU on the grounds that the U.S. did not have adequate privacy protections for Europeans’ personal data. This decision will have significant negative consequences for American companies and serves as a clarion call to prioritize a U.S. privacy law.

Republicans and Democrats alike have expressed interest in passing a comprehensive privacy law. So why haven’t lawmakers been able to get a bill across the finish line? Because neither side has prioritized passing a privacy bill. Both parties have let philosophical differences on enforcement and the impact on state laws derail the process despite considerable agreement about the contents of the federal law.

But this lack of urgency has consequences. The longer we go without a privacy law regulating the use of personal information, the more damage will be done to consumers through harmful uses of their data that currently aren’t prohibited.

Witness the recent case in which police use of ineffective facial recognition technology led to the arrest of an innocent African American man in Detroit. And while states are starting to step up to fill the gaps, a state-by-state approach will lead to conflicting privacy standards and leave Americans inconsistently protected across the U.S.

Meanwhile, companies, particularly small businesses, will be left scrambling to comply with each different state privacy law that comes online. A state-by-state approach is a recipe for privacy pandemonium.

It’s time for both parties to prioritize passing a federal privacy law that ensures consumers are protected while enabling innovative new products and services to boost the U.S. economy.

There already is strong bipartisan agreement on a number of measures that would empower consumers with respect to how their personal information is used and protected. Further, there is a consensus that companies should be prohibited from high-risk data uses, though there are divergent approaches for how exactly to accomplish this.

Most of the proposed privacy bills have, sadly, relied on a traditional notice and choice paradigm. But this approach places an immense burden on consumers to protect themselves by reading and understanding lengthy privacy policies. In our complex digital world, that model has proven ineffective in most contexts, leaving only a minor role for consent.

Instead, the burden to protect individuals must be placed on the businesses that use data. A privacy law must require businesses to have processes in place to identify the risks of their data uses and to mitigate those risks. And they must be held to account for having such processes.

At the same time, that law must enable data uses that do not harm individuals. Only this approach will lead to strong privacy protections for consumers while protecting our ability as a country to innovate and effectively use data to further our economic and social well-being.

As to the seemingly intractable issues like the pre-emption of state laws and a private right of action, these issues could be resolved by answering this question: Can we devise a federal privacy law and an enforcement model that would render additional state privacy protections or individual enforcement unnecessary?

Absolutely — but if we’re unable to do so, there must also be room for compromise and finding the middle ground on these issues. Passing a privacy law is too important to our economic recovery and the effective protection of all Americans to let these issues get in the way.

Terry McAuliffe is global strategy adviser at the Center for Information Policy Leadership at Hunton Andrews Kurth and was the 72nd governor of Virginia. Contact him at:


Related to this story

Most Popular

Get up-to-the-minute news sent straight to your device.


Breaking News