#DataPrivacyDay: New President, More Privacy

Written by

Tech giants in the US are preparing to operate under significant new regulation, to be ushered in by the Joe Biden administration. As the President announces quick-fire orders to tackle climate change, COVID-19 and inequality, we can expect to see a raft of changes soon that protect data privacy. 

More than the matter of privacy – the issue closest to my heart – we can expect platforms like Facebook to be made liable for the content it shares – in a radical break from the very foundation of the social media business model. This means they will be held accountable in the same way media publishers are for the veracity and impact of the information they share. What’s more, tech giants will be broken up, to reduce their power. 

Biden has told tech chiefs he doesn’t view them as important US employers in any way that might earn them some leniency. In effect, through their increased use of AI, the sector is the opposite – un-employers or anti-employers, if you will. 

On the subject of privacy, GDPR-equivalent privacy protection is very likely to be introduced – even though this will require state surveillance of US citizens to be curtailed. Biden is on record as saying, “we should be worried about the lack of privacy and…setting standards not unlike the Europeans are doing relative to privacy.”

GDPR-equivalency will, in fact, prove beneficial to the likes of Facebook and Google, because Europe is on the verge of stepping up its legal efforts to protect the privacy of EU citizens.

Tech giants who are still sending users’ data outside the EEA are opening themselves to endless legal battles and huge fines. Each EU country can enforce on behalf of its own citizens, so the tech giants could be legally challenged and fined multiple times. 

Regulating along the lines of Europe’s GDPR will allow the US to achieve an Adequacy Agreement with Europe, meaning data can be safely transferred from Europe to the US in a frictionless way. 

The UK may have to follow Biden’s lead on this, now that it has left the EU and needs to secure its own Adequacy Agreement. The UK, too, will have to wind down state surveillance of citizens to do so. 

How Can We Be So Sure of Biden’s/Harris’ Views? 

Biden has committed to revoking the foundations of internet regulation, known as Section 230. He has said: “It should be revoked...because it is propagating falsehoods they know to be false… It’s totally irresponsible.”

Also, he has made clear his support for Elizabeth Warren’s campaign to break up the dominant companies in tech.

Biden’s VP Kamala Harris has a substantial track record in privacy and tech regulation, having built a Privacy Enforcement and Protection Unit within the California Attorney General’s office during her term as AG, and overseen a number of updates to California privacy law. 

She also published a number of guides to privacy and cybersecurity, including Making your Privacy Practices Public and the Joint Statement on Principles.

One of Biden’s first acts has been to appoint Christopher Hoff – an experienced and qualified privacy professional – to lead negotiations with the EU on restoring data adequacy for the US.

Also, he has bought Anne Neuberger, the NSA’s cybersecurity chief, onboard as deputy national security adviser for cyber and emerging technology, a newly-created role. 

Making these appointments so early signals the importance of privacy and cybersecurity to this administration. 

US Congress has two draft privacy bills before it, the Republican-sponsored Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act and the Democrats’ Consumer Online Privacy Rights Act (COPRA). 

SAFE DATA is intended to pre-empt state laws, while COPRA sets a floor for minimum privacy provisions. COPRA may have the greater chance of passing, now that the Democrats have the majority in both houses. 

Both bear a strong resemblance to the GDPR. If either was passed, Christopher Hoff would have an easier job restoring adequacy for the US. Well, on the condition that America’s surveillance of citizens was also reduced, through amendments to FISA and EO12333. 

The fact is that now all sides must be tempted to impose uniform privacy requirements across the US, to get away from the confusing patchwork of state and sectoral laws. Almost half of all states had already introduced privacy bills in early 2020, before COVID-19 put those propositions on hold.

It’s clear that the Biden/Harris administration is strongly motivated to limit the influence of the US tech majors with both removal of their protections under Section 230 and anti-trust action. This time next year the data privacy landscape will probably be a very different one – and a safer one for us all. 

What’s hot on Infosecurity Magazine?