Our founding fathers had a lot on their plate; crafting a new form of government is more than a notion. Yet in creating the Bill of Rights, it is clear that they recognized that individuals must have certain inalienable rights. While we have to recognize that they could not foresee a world where our personal data would be for sale, they did understand the notion of privacy. The time is right and ripe for Congress to enact a Privacy Bill of Rights.
Data breaches, cyberbullying, and predatory sales tactics are symptoms of the tension between sharing data and protecting individuals digitally from invasions of their personal data. A privacy bill is an answer whose time has come. Our values dictate that Americans want digital access and innovation so they are willing to trade some privacy, but the playing field has to be clear and fair to everyone, regardless of how they access the internet.
This is not a problem to be solved by the individual states. This is a national problem. The internet does not stop at the border of any state. Solving the growing privacy issues means one set of rules that impacts users the same whether they are in Maryland or Montana. Dr. Anna-Maria Kovacs, senior policy scholar at the Georgetown Center for Business and Public Policy, reviewed all of the state and federal laws relating to privacy. She concluded that all we have now is a “patchwork of state and federal laws that make it extremely difficult for an American to know his or her rights.”
The common sense of this is clear. If the Montana law governing privacy is different from the Maryland law, what is the outcome? Is it fair to hold people in different jurisdictions liable for state rules simply because they used the internet in their home state to interact with a business or app originating in another state? My favorite question is “How will states enforce these differing rules?” How long before states realize that the cost of enforcing this patchwork of rules is outweighed by the public interest in solving more pressing state issues?
This is not world peace. Privacy must be federally legislated and federally enforced. A privacy law must be transparent with bright-line rules that apply to every member of the internet ecosystem and regardless of how users access the internet. There are signs that our elected leaders are beginning to see the light. What once seemed impossible may actually be doable. Lawmakers on both sides of the aisle are calling for a comprehensive national law protecting the privacy of Americans online.
In a recent hearing, the sentiment was focused on how “Congress needs to develop a uniquely American data privacy framework that provides consumers with more transparency, choice, and control over their data,” according to Senate Commerce Committee Chairman Roger Wicker (R-Miss.). This position was echoed in surprisingly complementary comments on the other side of the aisle, as Sen. Maria Cantwell (D-Wash.) stated, “I am certainly open to exploring the possibility of meaningful, comprehensive federal privacy legislation.”
Across the Capitol, the views were pretty much the same, as House Energy and Commerce Committee Chairman Frank Pallone (D-N.J.) told the consumer protection subcommittee: “We need to move away from the old model that protects the companies using the data and not the people.” Similarly, subcommittee ranking ember Rep. Cathy McMorris Rodgers (R-Wash.) said she is “hopeful that we can find a bipartisan path to protecting privacy.”
We should capitalize on this harmony by inviting Lin-Manuel Miranda to do a follow-up musical so we can be in the room when Congress realizes that individual privacy requires its own Bill of Rights. The data breaches and predatory practices are just beginning. We need Congress to get it done sooner rather than later.
Kim Keenan is co-chair of the D.C.-based Internet Innovation Alliance.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.