Does the congresswoman’s Information Transparency and Personal Data Control Act give developers the legal clarity they need?
Developers Alliance is encouraged by this bill:
It is crafted to draw bipartisan support.
It preempts overlapping state laws while promoting user’s trust in the apps they use.
It empowers a knowledgeable agency – the FTC – to oversee enforcement.
There has been much speculation of a federal privacy law overhaul in the U.S. for some time. On March 10th, Congresswoman Suzan DelBene (WA-01) introduced the Information Transparency and Personal Data Control Act. The proposed bill seeks to create a national data privacy standard and takes initiative to bring privacy laws into the 21st century. Given the current patchwork system of privacy bills at the state level, Developers Alliance finds a national standard is very welcome. Further, we — along with many of our industry counterparts — believe that this proposed bill compared to others may be the one you want to keep your eyes on.
Rep. DelBene’s team has outlined the key elements of the bill on her site:
“Plain English: Requires companies to provide their privacy policies in “plain English.”
Opt-in: Allows users to “opt-in” before companies can use their most sensitive private information in ways they might not expect.
Disclosure: Increases transparency by requiring companies to disclose if and with whom their personal information will be shared and the purpose of sharing the information.
Preemption: Creates a unified national standard and avoids a patchwork of different privacy standards by preempting conflicting state laws.
Enforcement: Gives the Federal Trade Commission (FTC) strong rulemaking authority to keep up with evolving digital trends and the ability to fine bad actors on the first offense. Empowers state attorneys general to also pursue violations if the FTC chooses not to act.
Audits: Establishes strong “privacy hygiene” by requiring companies to submit privacy audits every 2 years from a neutral third party.”
Let us explain why we think this approach generally works for developers.
There is a lack of trust between consumers and technology companies right now. Plain English requirements, which have been gaining steam in legal circles for a while, would fix that. Consumers understanding what they are “signing” in a clear, concise, and possibly standardized form would help fix the disconnect. Companies would still be allowed to enforce whatever privacy policies are necessary for their business models, while not inadvertently deceiving the customer with fluffy legalese.
The opt-out provisions take the law one step further in establishing trust. By consumers having the right to opt-out of the collection, storage, and sharing of their data they are in control of their information while giving the platforms who hold the information the necessary directive on how they want things handled. This gives consumers transparency and power in the negotiation process and gives developers clear rules on how to structure their data collection programs and business models.
Preemption is necessary for any federal privacy bill. Legislative bodies across the country and world have spent the last few years rolling out pieces of privacy legislation as developers have been chasing laws to ensure they are in compliance. At first, it was just GDPR for those that had users in Europe, then California and the CCPA. Now with over a dozen states having some form of privacy legislation, and many more on the horizon, developer-led companies are going to be spending more time figuring out which law or laws apply to which users, and less time dedicated to their actual products. If enacted, this bill would override the extensive list of overlapping data privacy laws currently in the works. While developers may not be fond of rewriting their compliance policies once again, a federal bill would exponentially simplify legal repercussions and compliance requirements long term.
Giving the Federal Trade Commission enforcement authority over privacy violations would centralize rulemaking and establish a clear chain of responsibility for when violations occur. The FTC, which already enforces consumer protection laws, would expand their existing framework for privacy violations. The bill would additionally empower state attorneys general to have enforcement power in the event the FTC decides not to pursue a case. This allows for further recourse while not overloading regulators at the federal level, or bombarding courts and companies with individual rights of action. Clear oversight authority gives consumers a place to seek a remedy while streamlining the information flow for developers so that they have a better grasp of necessary means and methods of compliance. Further, consolidating avenues of enforcement ensures that developers are not being attacked from all sides for alleged privacy violations.
Overall, we believe this bill shows promise in both substance and support. Developers Alliance finds it will protect consumers while not hurting developer-led businesses or imposing unnecessary costs and unreasonable burdens on them. Strong FTC enforcement with state-level recourse options in conjunction with uniform rules is necessary for a successful change in policies so that developer-led companies of all sizes will be able to comply. We believe this particular initiative is most promising due to its nonpartisan nature and industry-friendly solutions that will allow for the tech sector to thrive while not harming consumer rights. It is our hope that other laws and regulations impacting developer-led companies that are being reformed will follow suit to work with the industry rather than against it. If developer-led companies win, the entire ecosystem thrives and consumers will win as well.
We will continue to follow this legislation as it moves forward through the lawmaking process.