Security Experts:

Connect with us

Hi, what are you looking for?



US Lawmakers Kick Off Debate Over Online Privacy

US lawmakers opened a debate Tuesday over privacy legislation in the first step by Congress toward regulation addressing a series of troublesome data protection abuses by tech firms.

US lawmakers opened a debate Tuesday over privacy legislation in the first step by Congress toward regulation addressing a series of troublesome data protection abuses by tech firms.

Most companies have said they would accept new federal legislation in the wake of bombshell revelations about Facebook and other online platforms’ mishandling of users’ personal data.

Lawmakers face several key choices, including whether to adopt the model in the European Union’s data protection rules, and whether to pre-empt the strict privacy rules adopted by California.

A House of Representatives committee hearing on Tuesday is to be followed by a Senate panel Wednesday where industry and interest groups will make recommendations on US legislation.

Legislators are likely to find broad agreement on the need for greater transparency regarding the collection and sharing of data, and on tougher enforcement for violations.

Beyond that, sharp differences exist on how tightly tech firms should be reined in.

“A federal law must include basic rights for individuals to access, correct, delete and port their personal data,” said Nuala O’Connor, president of the Center for Democracy and Technology, a digital rights group, in testimony prepared for the House Energy and Commerce panel.

O’Connor said any bill must also enshrine the right to know how and with whom personal data is shared, and go beyond the confusing “notice and consent” currently offered by many internet firms.

Roslyn Layton, a visiting scholar at the American Enterprise Institute, said the US should steer clear of Europe’s General Data Protection Regulation (GDPR) model, claiming that it created complex compliance mechanisms that benefit the largest online firms.

“To do business in the EU today, the average firm of 500 employees must spend about $3 million to comply with the GDPR,” Layton said in her prepared remarks. “Thousands of US firms have decided it is not worthwhile and have exited.”

Layton said GDPR has done little to increase trust in the online ecosystem or help consumers better understand how their data is used.

“The US does not need to copy the European Union on data protection,” she said. “It can fundamentally improve on the GDPR by making a policy that actually works — promoting privacy without destroying prosperity.”

– Ad targeting in focus –

Dave Grimaldi, executive vice president of the Interactive Advertising Bureau, cautioned against legislation that would ban any form of targeted online marketing.

Grimaldi said that in Europe, “programmatic advertising,” the most common ad system used by online platforms, has dropped between 25 and 40 percent following the implementation of GDPR.

“The GDPR has also directly led to consumers losing access to online resources, with more than 1,000 US-based publishers blocking European consumers from access to online material in part because of the inability to profitably run advertising,” he said in his testimony.

“Congress should look to a new paradigm for digital privacy that will not threaten the goods and services that consumers seek on the internet.”

The Electronic Frontier Foundation said in a statement that Congress should designate large internet firms as “information fiduciaries” in charge of protecting user data and giving consumers a right to sue for breaches.

“Laws that impose legal duties on large technology companies that monetize consumer data, coupled with strong enforcement such as a private right of action, will give users back control,” EFF’s India McKinney and Katharine Trendacosta wrote.

Wednesday’s hearing is to be chaired by Senator Roger Wicker of the Commerce Committee, who was criticized for failing to include consumer groups in the session.

Wicker said in a statement he is seeking “to develop a federal privacy standard to protect consumers without stifling innovation, investment, or competition.”

The two hearings are part of a process expected to result in bills drafted in both chambers, which could face hurdles in winning passage and reconciliation, if separate bills differ.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.