The U.S. Needs a Stronger and Better Privacy Law

By David A. Hoffman, Associate General Counsel and Global Privacy Officer

 

On March 12th, I was honored to testify to the U.S. Senate Judiciary Committee hearing: GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation. It was a welcome opportunity to explain why the U.S. needs a stronger and better privacy law than the California Consumer Privacy Act (CCPA). Intel’s bill is that stronger and better law.

The authors of CCPA should be commended for advancing the discussion on privacy in the U.S. The American people deserve to be able to trust their technology and to trust how companies will process their personal data. Unfortunately, CCPA focuses on the false promise of telling people they will have “control over their data.” Technology has moved beyond the point where such “notice and choice” privacy models provide effective protections (if they ever did).

Most people do not read privacy policies. Even if they did want to read those policies, they would not have time to read them for every situation in which their data is used. And even if they did have time, most people would not be able to effectively understand which organizations are using their data.

Witnesses preparing to testify before the Senate Judiciary Committee on March 12, 2019.

“Notice and choice” models put the entire burden of privacy protection on the individual. Intel’s approach instead puts the burden on companies to avoid the use of data that creates risk for individuals, and on the U.S. Federal Trade Commission and the State Attorneys General to provide robust, harmonized and predictable enforcement. We need to place the responsibility for protecting privacy on the companies and the regulators, where it belongs, and not on individuals.

In my oral testimony, I described the situation of Donna, a victim of domestic violence who feared for her safety because data brokers had allowed her attacker to discover her new address. These data brokers draw this information from government records and information available on the internet. CCPA does nothing to protect Donna. Intel’s approach would provide protections for Donna and for others like her who deserve a level of obscurity of their personal data, such as police officers, judges, and victims of rape and sexual assault.

Not only does the country need a bill that is stronger and better than CCPA, it also needs one that embraces the unique American ethos of innovation, entrepreneurship and freedom. A “GDPR for the U.S.,” would unnecessarily restrict new innovative uses of technologies like artificial intelligence that have the potential to greatly improve peoples’ lives.

Intel’s bill protects privacy while also nurturing innovation. I greatly appreciated the opportunity to testify at the hearing and I look forward to working with Congress to pass a bill that protects people and that protects the innovative and ethical use of data.