Senator Cantwell Releases Another Federal Privacy Law That Won't Go Anywhere And Doesn't Deal With Actual Issues

from the this-isn't-going-to-work dept

A few weeks ago we wrote about a privacy bill in the House that seemed unlikely to go anywhere, and now we have the same thing from the Senate: a new privacy bill from Senator Maria Cantwell, called COPRA for "Consumer Online Privacy Rights Act." For months it had been said that Cantwell was working on a bipartisan effort to create a federal privacy law, so the fact that this bill only has Democratic co-sponsors (Senators Schatz, Klobuchar and Markey) doesn't bode well for its likelihood of success.

The basic features of the bill are to give more power and resources to the FTC to enforce "digital privacy" and also allowing state Attorneys General to enforce the law. And... as with the House bill it includes a private right of action. This is something that many privacy organizations do favor, but still seems likely to be a disaster in practice. Letting anyone sue for privacy violations when no one actually agrees what "privacy means" is a recipe for a ton of nuisance lawsuits. If this bill actually had a chance, it could lead to the rise of "privacy trolls." Even in the most well meaning sense of trying to protect privacy, the fact that so many people disagree over what should actually be private and what privacy means, would create quite a legal clusterfuck.

One thing this bill does that the House bill would not, is to pre-empt "directly conflicting state laws." That's important for any federal bill, as otherwise companies will have to figure out how to comply with many different (and sometimes conflicting) standards and rules from multiple different states. At least this bill would prevent that. As Consumer Reports notes in its write-up of the bill, it is good to have more alternatives out there, and the bill does have some useful ideas in terms of protecting privacy:

“It’s a good bill to have out there,” Brookman says. “It gets a lot of things right—companies shouldn’t be collecting cross-site profiles about me and sharing that information—and it’s pretty aggressive on those things.”

The proposed law expands the definition of sensitive information to include biometric details such as facial recognition data, as well as geolocation data that is collected as individuals go about their day-to-day lives.

But, that "aggressiveness" is also what limits the bill's chances. This seems more performative than anything else, recognizing that people are (reasonably) worried about their privacy online, but does little to deal with the actual issues regarding privacy.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: corpa, maria cantwell, privacy, private right of action


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 26 Nov 2019 @ 5:23pm

    Can we demand a refund of their salaries?
    We shouldn't have to pay for them for doing nothing but creating a PR stunt grabbing headlines for having done something.

    link to this | view in chronology ]

    • icon
      Thad (profile), 27 Nov 2019 @ 7:33am

      Re:

      We shouldn't have to pay for them for doing nothing but creating a PR stunt grabbing headlines for having done something.

      What, exactly, do you believe they could be doing instead?

      Please feel free to propose a privacy bill that would (1) be acceptable and (2) could be sponsored by Cantwell in the House and which (3) Mitch McConnell would bring to the floor of the Senate for a vote even though it was sponsored by a Democrat.

      link to this | view in chronology ]

  • icon
    Ben (profile), 26 Nov 2019 @ 6:02pm

    the meaning of "privacy"

    Letting anyone sue for privacy violations when no one actually agrees what "privacy means" is a recipe for a ton of nuisance lawsuits.

    Are "privacy means" the mechanisms by which privacy is afforded? I agree that what exactly is meant by "privacy" in a connected world is open to interpretation, but I have no clue as to what means are used to provide privacy. [e.g. I would never have thought that my license plate would be an example of a privacy issue, until LPRs became ubiquitous and connected to databases.]

    Would a better mechanism than allowing use of the courts to sue a company for misuse of private information be to have the equivalent of the Consumer Financial Protection Bureau -- a Consumer Privacy Protection Bureau?

    Any conflict between a single consumer and a data collection business (whether it purports to be a search engine or a social media company) is entirely one-sided. Handing that task over to a government agency, such as the imagined 'CPPB' would at least allow for a leveling of the playing field. (insert meme for being wrong on so many levels...).

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Nov 2019 @ 7:21pm

      Re: the meaning of privacy

      the meaning of privacy is ultimately arbitrary, varying with individual values.

      politicians and regulatory bureaucrats are incapable of setting fair and just rules of privacy; the courts can't do it either.

      privacy terms "should" be handled by normal Contract Law ... as negotiated by the vast spectrum of contracting parties in everyday commerce.

      Consumers "could" demand stricter privacy terms from sellers... and this is typically done indirectly by not-buying goods/services from sellers with poor business practices.
      Purchase decisions are like voting, given a reasonably competitive market.

      Congress & FTC are dysfunctional and usually respond to special interests rather tan the general public interest.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 Nov 2019 @ 4:35pm

        Re: Re: the meaning of privacy

        Consumers could demand.....

        Nothing. Because the companies will all band together and make the invasion boilerplate standard industry wide. Oh, wait they already do that.

        Consumers can do nothing. Companies will gladly screw over the population so long as they can make a penny in profit doing it, and they will rewrite the narrative to make such screwing the best move ever despite any and all evidence to the contrary. Consumers cannot threaten them with class actions anymore. Consumers have no choices in contract language. And depending on the product or service, consumers have no choice but to pay and be bound by the terms anyway.

        Congress & FTC are dysfunctional and usually respond to special interests rather tan the general public interest.

        Companies have gotten away with murder. They have successfully rewritten the law to benefit them over the public interest in most situations.
        Anytime that you hear "self-regulation" you should hear: "How's about letting us screw over the public some more so we can make even more money?" Companies have also cleared the way for further weakening of the law and the public's well being through regulatory capture, and legalized bribery. (Superpacs and Chairman Pai are examples that come to mind.) Of course such corruption will render them ineffective. That's why reformation efforts are needed.

        the meaning of privacy is ultimately arbitrary, varying with individual values.

        Nope. Within a geographical region standards tend to be the same as part of the locally acceptable norms. You can standardize those into law. Many places do. (No shirt, no shoes, no service. Is an example due to its often invoked censorship quality.)
        Further, if we take your excuse at face value, we end up at nothing can be known, therefore nothing should be done. Society will never know the answers to everything, but to do nothing as a result is to be paralyzed with fear. Something no society should ever scumb to.

        The public has an interest in it's own preservation. The companies only care about the next quarter report. Given that they have no expectation of serving the public good, there should be laws made by the public to enforce it.

        link to this | view in chronology ]

  • icon
    Code Monkey (profile), 26 Nov 2019 @ 7:29pm

    COPRA....

    COPRA...like, copraphilia? Cuz this sure smells like complete shit....

    link to this | view in chronology ]

  • icon
    Code Monkey (profile), 26 Nov 2019 @ 7:43pm

    Privacy trolls

    Speaking of privacy trolls, I can just picture <https://www.techdirt.com/articles/20191123/23325143443/richard-liebowitz-is-wrong-so-many-levels -is-trouble-yet-again.shtml>(Richard Liebowitz) discovering a new line of lawsuit specialty. Being the first ass clown attorney in line to file a lawsuit....

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Nov 2019 @ 11:38pm

    This can't well go

    Not even this pun

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Nov 2019 @ 5:52am

    • This is something that many privacy organizations do favor, but still seems likely to be a disaster in practice. Letting anyone sue for privacy violations when no one actually agrees what "privacy means" is a recipe for a ton of nuisance lawsuits.*

    After one or two lawsuits, the courts will define "privacy."

    Maybe those doxing websites that target litigious individuals by inciting others to trigger being sued by them (so the lawyers behind the doxing can make money defending the suits) will be easier to target. Or maybe they're already being run by a fed, or someone who has flipped sides.

    Ya never know.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Nov 2019 @ 6:37am

      Re:

      I suspect it'll take more than one or two lawsuits...have you seen a federal docket lately, by the way?

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.