Senator Cantwell Releases Another Federal Privacy Law That Won't Go Anywhere And Doesn't Deal With Actual Issues
from the this-isn't-going-to-work dept
A few weeks ago we wrote about a privacy bill in the House that seemed unlikely to go anywhere, and now we have the same thing from the Senate: a new privacy bill from Senator Maria Cantwell, called COPRA for “Consumer Online Privacy Rights Act.” For months it had been said that Cantwell was working on a bipartisan effort to create a federal privacy law, so the fact that this bill only has Democratic co-sponsors (Senators Schatz, Klobuchar and Markey) doesn’t bode well for its likelihood of success.
The basic features of the bill are to give more power and resources to the FTC to enforce “digital privacy” and also allowing state Attorneys General to enforce the law. And… as with the House bill it includes a private right of action. This is something that many privacy organizations do favor, but still seems likely to be a disaster in practice. Letting anyone sue for privacy violations when no one actually agrees what “privacy means” is a recipe for a ton of nuisance lawsuits. If this bill actually had a chance, it could lead to the rise of “privacy trolls.” Even in the most well meaning sense of trying to protect privacy, the fact that so many people disagree over what should actually be private and what privacy means, would create quite a legal clusterfuck.
One thing this bill does that the House bill would not, is to pre-empt “directly conflicting state laws.” That’s important for any federal bill, as otherwise companies will have to figure out how to comply with many different (and sometimes conflicting) standards and rules from multiple different states. At least this bill would prevent that. As Consumer Reports notes in its write-up of the bill, it is good to have more alternatives out there, and the bill does have some useful ideas in terms of protecting privacy:
?It?s a good bill to have out there,? Brookman says. ?It gets a lot of things right?companies shouldn?t be collecting cross-site profiles about me and sharing that information?and it?s pretty aggressive on those things.?
The proposed law expands the definition of sensitive information to include biometric details such as facial recognition data, as well as geolocation data that is collected as individuals go about their day-to-day lives.
But, that “aggressiveness” is also what limits the bill’s chances. This seems more performative than anything else, recognizing that people are (reasonably) worried about their privacy online, but does little to deal with the actual issues regarding privacy.