A look at the growing consensus on online privacy legislation: What’s missing?

While there is now a growing consensus among the tech industry, regulatory advocates, and policymakers on the need for comprehensive privacy legislation, a blueprint proposed in President Barack Obama’s 2012 Consumer Privacy Bill of Rights proved unsuccessful. Had Congress taken up legislation in 2012, it may have forestalled the egregious regulations the European Union and California adopted. In any case, the principles agreed on today generally align with those proposed in 2012. They’re hardly controversial: individual control, transparency, security, accountability, and strengthened enforcement at the Federal Trade Commission (FTC). Importantly, the Obama administration was adamant about the need for preemption of state laws that would contradict the national standard. It expected states to participate in multi-stakeholder processes and believed that states proposing more stringent requirements would diminish incentives for firms to adopt the codes of conduct. This blog briefly reviews the areas of policy agreement and unresolved issues.