Testifying in front of Congress recently, Facebook CEO Mark Zuckerberg was surprisingly cool and collected. Many thought the executive, whom Forbes lists as the fifth richest person in the world, would display trademark arrogance. Instead, he came across as contrite and compromising. More important, however, was the substance of the hearings. The back and forth between Zuckerberg and congressmen illustrated the confusion around online privacy and the need for new rules that takes into account the dominance of online platforms like Facebook.
Momentum is building on the Hill to pass a law to govern how companies like Facebook protect and use our data. And while it’s important that internet companies — which must be able to adapt quickly to reflect the fluidity of the internet landscape — not be overregulated, there’s a growing need for some sort of comprehensive internet policy framework that addresses privacy.
Consumers, in particular, are becoming increasingly frustrated by the realization that they have no idea what most companies do with the millions of data points they collect. But, while the legislative vacuum at the federal level persists, some states are misguidedly stepping in. The result will be an unworkable patchwork of laws that will confuse consumers and harm innovation.
We’ve seen this pattern before.
For years, consumers have worried about the safety of their personal information online. With major breaches at companies that hold sensitive data like Equifax, those concerns have only grown over time. According to a Pew Research Center poll, a mere 18 percent of adults feel their data is better protected now than it was five years ago.
Congress continues to work on data-breach legislation but has not passed any rules that would guide companies on how they should handle the risk of data breaches. Instead, states started putting their own laws on the books.
California passed a law in 2003 requiring companies to notify customers if their data had been breached. One by one, over the next 14 years, 48 states passed their own versions. The last two states, Alabama and South Dakota, only passed notification laws this year. This isn’t the way to build a nationwide privacy law. And, worse still, the laws of those 50 states vary widely from state to state, ensuring unequal protections for consumers and headaches for businesses.
We don’t want to see the same thing happening around privacy, where Congress talks about the issue year after year but never pushes a bill over the goal line. Now is the time to act with urgency. There’s too much at stake. The promise of the digital world, including artificial intelligence and machine learning for health care, banking and communications, depends on massive amounts of data. Internet and connected companies of tomorrow will need clear rules in order to build new applications that could change (and hopefully revolutionize) our lives.
Today, entrepreneurs are struggling more and more to create new businesses in an atmosphere where regulations are uncertain, change or vary from state to state.
For example, executives in the educational technology space are attempting to abide by varying and competing regulations on student privacy. There is enormous potential for technology to improve the way our kids learn. But, the way companies can collect and use data related to children varies greatly from state to state, making it incredibly difficult (and expensive) for new companies to design business models that will work in every state. Who knows how much further along tech education would be if there were consistent rules that protected children while encouraging innovation?
If successful, the digital leaders of tomorrow will have a level playing field to build from, and consumers will have faith that their online world is protected.
Mike Montgomery is the executive director of CALinnovates.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.