What’s Coming Down the Privacy Pipeline?
Weeks after Joe Biden defeated Donald Trump in the presidential election, the future of consumer privacy in the United States is still up for grabs. California voters upped the ante on federal privacy law by passing Proposition 24 last month, which amended the California Consumer Privacy Act with a more comprehensive policy, but whether federal regulations will rise to the same level is currently unclear.
“Big tech companies are concerned about a state-by-state approach to privacy regulations because that would mean having to comply with a different standard per state,” says John Clavadetscher, president and chief commercial officer at Cooler Screens, a company that turns retail cooler surfaces into IoT enabled screens.
California’s newest standard, the California Privacy Rights Act of 2020 (CPRA), has been described as a more stringent version of the California Consumer Privacy Act (CCPA). While it was originally developed to clarify the consumer rights and privacy protections outlined in the CCPA, this new act has much more in common with the European Union’s General Data Protection Regulation (GDPR) than the CCPA. Like the GDPR, the CPRA creates a new regulatory agency to implement and enforce California’s privacy regulations. It also expands the definition of sensitive personal information beyond what was originally outlined in the CCPA.
Before it passed with a strong majority last month, there was concern the CPRA could make businesses more vulnerable to lawsuits if they didn’t change how they collected user data. Now, the bigger question seems to be how—and when—the federal government will respond.
Clavadetscher says California’s new policy, and the overarching shift toward greater consumer privacy, are putting pressure on the federal government to act more quickly. The Biden administration will likely have to take a stand on the collection of personal data and the digital advertising space.
Although it may seem easier to execute new privacy regulations at the state level, larger players in the technology and advertising space are growing concerned that this piecemeal approach could create a regulatory nightmare in the coming years. Instead, technology firms are advocating a single, nationwide law, similar to the European Union’s GDPR.
That approach is one Killi CEO Neil Sweeney anticipates coming down the pipeline. Sweeney says the GDPR currently is serving as the global benchmark for privacy policy, but he believes the disparity between the GDPR and U.S. privacy regulations will lessen in 2021, as consumer awareness of data increases.
“[We’ll] see a ripple towards universal acceptance for federally mandated privacy policy,” Sweeney says. “This European wave hit the West Coast of the U.S. first, and will undoubtedly work its way through the country as the year progresses.”
The best solution, in Clavadetscher’s view, is for companies to make privacy a part of their business models and a priority from the beginning. That way, businesses are protected regardless of political outcomes.
“It’s not a matter of prioritizing privacy or UX, it’s about prioritizing privacy and UX,” he says. “Both can be done effectively.”
Although it may be months, or even years, before new federal regulations make their way down the pipeline, the demand from consumers for consistent privacy standards is already growing. Consumers in states that don’t have their own local requirements are pushing for a more uniform approach.
Clavadetscher says brands that have prioritized privacy from the beginning won’t have to worry about changing headwinds, and those that are behind in this area should start upgrading their practices right now.
Being protected from a privacy standpoint means making sure privacy policies are up to the standards of industry leaders and initiatives, like Privacy by Design, which is an approach to systems engineering designed to guarantee the privacy of individuals by integrating considerations of privacy issues from the beginning of the development of products, services, and business practices.
“They shouldn’t wait for direction to ensure consumer data is protected and secure. This should be their priority from the beginning,” Clavadetscher says. “If it hasn’t been, they should start implementing necessary changes effectively immediately.”
Stephanie Miles is a senior editor at Street Fight.