Data Can Serve the People if There’s a Fair and Balanced National Privacy Law

The era of government noninterference toward online data collection appears to be nearing an end.

Driven to action by public concern over highly publicized data breaches and business misconduct scandals – along with the now widely presumed monopolistic power of the major tech platforms – legislators in states across the United States are moving quickly to regulate the collection and use of data online.

California, Nevada, Maine and Virginia have already passed data privacy laws, and others are under consideration in other states. There also appears to be a dawning realization of the power big tech has to impact democracy and the free market. Fourteen state attorneys general joined Texas in a suit against Google for “privacy fixing” because of the company’s data collection practices.

While state efforts to legislate data privacy are well-intentioned, they often miss the clear distinction between ethical, beneficial data use versus harmful practices. And though they do identify real problems that require legislative remedy, this approach leads to inadequate protections for people and overly complex rules for companies.

What the public needs, and deserves, is one federal law that protects people equally, and makes explicit that data is a public good. When used safely and ethically, data fuels innovation, connects people, helps companies make better products and services, increases competition and enables free online services.

This law should be future-prepared and address the fundamental importance to people of fair and accountable data use. Fair processing and accountability, rather than manipulation and harm, are critical to our national economic well-being.

Much of the existing and proposed state-level legislation doesn’t serve those standards and could threaten both the quality of connected services the public has come to rely on, and the mutually beneficial relationships that companies have with their customers. This connection of people to companies, and companies to people, is what marketing is. The safe, ethical and transparent use of data for marketing purposes should be available to all — not just the major platforms. After all, 99 percent of America’s 28.7 million companies are small businesses, and they should have the same right to reach customers and prospects as the platforms.

The reality is that data-driven marketing is the lifeblood of the internet. Advertising is what makes so much of the internet free. Data-informed advertising makes marketing relevant in an increasingly noisy digital world. Without it, the public’s digital experience would be less convenient, less meaningful, and more expensive. For that matter, public polling and behavior show that most people are okay with advertising as long as it is relevant and not intrusive.

Current regulations in both U.S. states and Europe fall short of what’s needed in important ways.

First, they are too fragmented. Different states and countries are passing their own laws with sometimes very different standards. This creates unequal rights and protections for people, makes compliance with the laws difficult and costly, as well as making advertising less useful and the process of data collection less transparent.

Second, the laws put more, if not most, of the power in the hands of the dominant tech platforms, rather than people. Under current and proposed regulations, big tech companies would still own (and hoard) data about people, possibly making them ungovernable.

And third, they do not create uniform standards, especially concerning the definition and uses of “sensitive” data. Sensitive data includes items like health care and financial information.

Why We Need a National Standard

Each new and different state-level data privacy law costs millions of dollars in compliance alone, and disrupts businesses’ ability to serve people. These variations stifle our economies and prevent the online user experience from becoming everything it could, and should, be.

For the United States, a single federal law that protects people, defines ethical data uses and enables companies of all sizes to build relationships with potential customers is in almost everyone’s interest. A scenario where each state has its own variation would be massively complex, bureaucratic and surely unworkable.

The recently introduced Information Transparency and Personal Data Control Act is an excellent starting point for conversations and legislative efforts. The bill would, among other things, create a national data and privacy standard, pre-empt the disparate state laws and make the Federal Trade Commission and states’ attorneys the primary enforcers of the law.

But a truly forward-thinking data law would also have these provisions:

• It would distinguish between sensitive data, like information related to personal finance and health, and commonplace data, like general location or certain search interests.
• Sensitive data should be treated as such by all parties – companies, platforms and data brokers.
• It would clarify rights and protections for people and make collectors and users accountable.
• It would clearly define ways companies can offer greater transparency along with the privacy policies that companies publish today.
• It would make clear the difference between legitimate, ethical marketing and abusive behavior, as practices that that drive online marketing do not lead to identity theft.
• All companies should have access to commonplace, non-sensitive data, and it should not be controlled by individual platforms or companies.

In short, data – the fuel of the modern world – ought to be treated as a kind of public utility. Done correctly, this will benefit both internet users and companies.

With a clear definition of peoples’ data rights, the public can be confident knowing that the data they share is being used ethically and accountably, and know that this practice absolutely benefits them, their marketplace, their economy and their community.

And by adopting a single standard, Congress can make data use safer, more transparent and accountable, ensuring data-enabled services of all kinds become the safe, convenient staple of our lives they ought to be.

Arun Kumar serves as IPG’s chief data and technology officer, where he oversees the development and implementation of global product and technology solutions across the network.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.