Concerns about data privacy are growing and CES 2020 panel experts say legislation must come at the federal level.
As states work on individual regulations surrounding data privacy, groups and companies including Facebook are looking to the federal government to come up with a uniform, consistent law, according to panelists during a discussion about innovation and privacy at CES 2020 in Las Vegas.
With data sharing becoming more important, and recent laws enacted like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) in the European Union, "we've come to a point where there is a general sense that we need a new federal privacy law," said panelist Maureen Ohlhausen, co-chair of the antitrust group at Baker Botts law firm.
SEE: CES 2020: The big trends for business (ZDNet)
Data is being used to create products and provide services to consumers, but they have a right to know what data companies have about them and to correct it if necessary, and to say they can't share it under certain circumstances, added Olhausen, who was a former acting chair of the Federal Trade Commission.
"I always say the FTC did a pretty good job with the tools it had but now it's time for new tools, and Congress is having serious discussions about what those tools are," she said.
At Facebook, privacy is a "hot topic" and the company has been calling for comprehensive federal legislation for a while now, said Khaliah Barnes, privacy and public policy manager at the social media company.
There is a lot of activity happening at the state level looking at privacy protections, and we can expect to see more, Barnes said.
Citing the CCPA and legislation implemented by Illinois to ban device manufacturers from collecting audio from web-based devices, Barnes said the concern is if more states take similar actions, this will create "overall fragmentation at the state level. And the end result is it makes it difficult for companies of all sizes to understand their obligations and implement strong controls."
Federal legislation, she continued, "is the best way to ensure clear and consistent consumer privacy rights. We're so encouraged by what we're seeing at the federal level and strong enforcement mechanisms like GDPR."
Panelist Christi Barnhart, senior counsel for Sen. Brian Schatz (D-HI), discussed the Consumer Online Privacy Rights Act Schatz introduced last November along with senators Maria Cantwell (D-WA), Ed Markey (D-MA), and Amy Klobuchar (D-MN).
The act would establish online privacy rights, outlaw harmful and deceptive practices, and improve data security safeguards for the growing number of consumers conducting business online.
The majority of Americans want a privacy regulation, Barnhart said, and cited research showing that 79% believe it should be a priority of Congress. In addition, six in 10 Americans "feel they can't get around their data being collected when they do their day-to-day activities,'' she added.
The act "provides the strong protections consumers are looking for," Barnhart said. "So when we think about different states providing different protections … we want to make sure we're meeting the needs of consumers where they are—and not creating a watered-down consumer law."
The National Telecommunications and Information Administration (NTIA) is studying the issue of federal privacy legislation along with the FTC.
The NTIA has heard a lot of comments from consumers about the need to go beyond notice and choice around data, said panelist Evelyn Remaley, the associate administrator of the NTIA, which acts as an adviser to President Donald Trump on information and tech policy issues.
"There is a lot of consensus around the fact that the FTC is needed as a key enforcer,'' she said. The NTIA is "looking at risk-based frameworks because there isn't this silver bullet" when it comes to how to handle data privacy.
Remaley and some of the other panelists gave a shout out to the National Institute of Standards and Technology's (NIST) privacy framework, which she said was built "on the success of its cybersecurity framework."
In response to a question about the relationship between security and privacy by moderator Rachel Nemeth, director of regulatory affairs in the Consumer Technology Association (CTA), Remaley said they go hand-in-hand, and "we look at them holistically."
At the same time, she said, there is the recognition that data has become so valuable and important to our society in terms of advancements in AI and how it can be used to "solve future global problems."
The NTIA recognizes it has to balance the richness of data with securing it bot for individuals and national security goals, she said. The NTIA is building a roadmap for how to combat botnets with NIST and others and layering in security for IoT devices, while coming up with a baseline of best practices, she said.
Facebook agrees with the "theme" that arose during recent FTC hearings on the important role the agency can play in shaping comprehensive federal legislation, said Barnes.
The company has quarterly certifications now around privacy controls to ensure they are "working the way we say they're going to work, and if a problem is discovered we work to fix it,'' she said. "The accountability mechanism stops at Mark's desk," Barnes added, referring to Facebook's founder and CEO, Mark Zuckerberg.
- CES 2020 roundup: All the business tech news you need to know (TechRepublic)
- 2020 Tech conferences and events to add to your calendar (free PDF) (TechRepublic download)
- 2020 IT budget research report: Security, cloud services, and digitalization are top budget priorities (TechRepublic Premium)
- CES 2020 and beyond: What to expect (ZDNet)
- Photos: All the cool new gadgets at CES 2020 (CNET)
- CES 2020: More must-read coverage (TechRepublic on Flipboard)