{"id":4038,"date":"2022-07-17T21:08:38","date_gmt":"2022-07-17T21:08:38","guid":{"rendered":"https:\/\/2024.thenexus.today\/index.php\/2022\/07\/17\/a-fresh-wrench-and-two-hearings\/"},"modified":"2022-07-17T21:08:38","modified_gmt":"2022-07-17T21:08:38","slug":"a-fresh-wrench-and-two-hearings","status":"publish","type":"post","link":"https:\/\/2024.thenexus.today\/index.php\/2022\/07\/17\/a-fresh-wrench-and-two-hearings\/","title":{"rendered":"A &#8220;fresh wrench&#8221;, two hearings, and a busy week: Federal Privacy Legislation Update, July 17"},"content":{"rendered":"<p>With Congress in session for just a few more weeks before their next recess, this will be a busy week on the privacy legislation front. \u00a0It starts with two important hearings on Tuesday.<\/p>\n<ul>\n<li>At 7:00 am Pacific time (10 am Eastern), the House Judiciary Committee&#8217;s hearing on <a href=\"https:\/\/judiciary.house.gov\/calendar\/eventsingle.aspx?EventID=4983\">Digital Dragnets: Examining the Government&#8217;s Access to Your Personal Data<\/a> discusses the The Fourth Amendment Is Not For Sale Act, which prohibits data brokers from selling their data to government agencies.<\/li>\n<\/ul>\n<blockquote class=\"kg-blockquote-alt\"><p><strong>TAKE ACTION: <\/strong> <a href=\"https:\/\/act.eff.org\/action\/tell-congress-the-fourth-amendment-is-not-for-sale\">Tell Congress: The Fourth Amendment is Not For Sale<\/a> using EFF&#8217;s handy web form<\/p><\/blockquote>\n<ul>\n<li>And at 7:30 am Pacific (10:30 am Eastern) Tuesday, the House Energy &amp; Commerce Committee has a hearing , on <a href=\"https:\/\/energycommerce.house.gov\/committee-activity\/hearings\/hearing-on-roe-reversal-the-impacts-of-taking-away-the-constitutional\">Roe Reversal: The Impacts of Taking Away the Constitutional Right to an Abortion<\/a>. \u00a0Danielle Citron&#8217;s <a href=\"https:\/\/slate.com\/technology\/2022\/06\/end-roe-civil-right-intimate-privacy-data.html\">The End of Roe Means We Need a New Civil Right to Privacy<\/a> discusses the role of the Rep. Sara Jacbos&#8217; My Body My Data Act and the Warren\/Wyden\/Murray Health and Location Data Privacy Act in a post-Roe world.<\/li>\n<\/ul>\n<blockquote class=\"kg-blockquote-alt\"><p><strong>TAKE ACTION: \u00a0Tell Congress to <a href=\"https:\/\/act.eff.org\/action\/pass-the-my-body-my-data-act\">Pass the \u201cMy Body, My Data\u201d Act<\/a><\/strong><\/p><\/blockquote>\n<p>House Energy &amp; Commerce is also working on the American Protection and Privacy Act (ADPPA) consumer privacy bill. \u00a0<\/p>\n<p><em><strong>UPDATE<\/strong>: ADPPA markup is scheduled for <a href=\"https:\/\/energycommerce.house.gov\/committee-activity\/markups\/markup-of-six-bills-full-committee\">Energy &amp; Commerce&#8217;s Wednesday morning session<\/a>, which starts at 6:45 am Pacific time (9:45 am Eastern).<\/em><\/p>\n<p>They had originally planned to release a new version early last week and then have a markup session. But it didn&#8217;t work out that way. \u00a0<\/p>\n<figure class=\"kg-card kg-embed-card\">\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">BREAKING: In a totally unexpected (yeah right) turn of events, California Dems are demanding that bipartisan, bicameral ADPPA privacy bill doesn&#39;t pre-empt California law!!!!!!!<\/p>\n<p>Who would have predicted?<\/p>\n<p>Other than me and anybody else paying attention &#8230; 1\/7 <a href=\"https:\/\/t.co\/ZRBgqbeJH5\">https:\/\/t.co\/ZRBgqbeJH5<\/a><\/p>\n<p>&mdash; Jon Pincus (@jdp23) <a href=\"https:\/\/twitter.com\/jdp23\/status\/1547437702785613824?ref_src=twsrc%5Etfw\">July 14, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/figure>\n<p>As Maria Curi reports in <a href=\"https:\/\/about.bgov.com\/news\/california-democrats-push-for-stronger-privacy-protection-bill\/\">California Democrats Demand Stronger Privacy Protection Bill<\/a> on Bloomberg Government: \u00a0<\/p>\n<blockquote><p>Momentum has gathered behind a bipartisan, bicameral effort to pass a federal privacy law (<a href=\"https:\/\/www.bgov.com\/core\/legislation\/federal\/bills\/#!\/7112097912665407528\">H.R. 8152<\/a>)&#8230;. <\/p>\n<p>But as the committee gears up to hold a vote next week, a fresh wrench has been thrown in the bill\u2019s path. \u00a0California Democrats want to make sure the federal standard doesn\u2019t weaken their state law by taking precedent over it.<\/p><\/blockquote>\n<p>Oh no!!!!!!! \u00a0 \u00a0<\/p>\n<p>A &#8220;fresh wrench&#8221; destroying the bipartisan, bicameral &#8220;momentum&#8221;!<\/p>\n<p>Take it with a grain of salt. \u00a0Yes, preemption is a real issue \u2013 in general, and specifically for California. Rep. Anna Eshoo (who represents a large portion of Silicon Valley) was very clear about this at ADPPA&#8217;s first hearing in mid-June: &#8220;Federal privacy legislation cannot undermine California&#8217;s privacy laws.&#8221; <\/p>\n<p>But a &#8220;fresh wrench&#8221; it&#8217;s not.<\/p>\n<h2 id=\"lobbyists-gonna-lobby\">Lobbyists gonna lobby &#8230;<\/h2>\n<figure class=\"kg-card kg-embed-card\">\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Oh good grief. Worth noting with Leibowitz\u2019s FTC credentials he had a role in throwing out the only strong federal privacy rules for the internet (written by Obama\u2019s FCC). He also took flights to California to testify against the relevant and strong California privacy law. So Um. <a href=\"https:\/\/t.co\/vPle50rAma\">https:\/\/t.co\/vPle50rAma<\/a> <a href=\"https:\/\/t.co\/8oLxwbMtB2\">pic.twitter.com\/8oLxwbMtB2<\/a><\/p>\n<p>&mdash; Jason Kint (@jason_kint) <a href=\"https:\/\/twitter.com\/jason_kint\/status\/1547698701493084163?ref_src=twsrc%5Etfw\">July 14, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/figure>\n<p>What&#8217;s really going on here? \u00a0The quote from &#8220;former FTC chair&#8221; Jon Leibowitz arguing that the federal law is better than California&#8217;s provides a clue. <\/p>\n<p>As the article <em>doesn&#8217;t <\/em>mention, Leibowitz is now an industry lobbyist. \u00a02015&#8217;s <a href=\"https:\/\/www.theatlantic.com\/politics\/archive\/2015\/05\/the-privacy-coalition-that-wants-to-trim-data-regulations-for-telecom-giants\/456477\/\">The \u2018Privacy Coalition\u2019 That Wants to Trim Data Regulations for Telecom Giants<\/a> and \u00a02017&#8217;s <a href=\"https:\/\/stopthecap.com\/2017\/07\/19\/californias-internet-privacy-legislation-undermined-industry-funded-privacy-group\/\">California\u2019s Internet Privacy Legislation Being Undermined by Industry-Funded Privacy Group<\/a> have more about the 21st Century &#8220;Privacy&#8221; Coalition he co-founded, with funding from Comcast, AT&amp;T, Verizon, Time Warner Cable\/Charter Communications, DirecTV. <\/p>\n<p>Leibowitz talked about his strategy for getting industry-friendly legislation in a February Wall Street Journal opinion piece <a href=\"https:\/\/www.wsj.com\/articles\/congress-can-protect-our-data-consumer-privacy-bipartisan-personal-information-regulations-online-security-ftc-cybersecurity-11644871937\">How Congress Can Protect Your Data Privacy<\/a> (which also didn&#8217;t mention that he&#8217;s a lobbyist):<\/p>\n<blockquote><p>Pass a federal law stronger than any of the existing state laws and pre-empt only direct conflicts. That is easily achievable because the three state laws that have passed\u2014in Virginia, Colorado and California\u2014are either weak or riddled with loopholes. \u00a0Even the strongest of the trio, California\u2019s, largely limits only the transferring of data and not its collection.<\/p><\/blockquote>\n<p>In other words, pass something just a bit stronger \u2013 but still filled with loopholes \u2013 federally, and preempt future stronger laws.<\/p>\n<p>Todd Feathers reported on this strategy in 2021&#8217;s <a href=\"https:\/\/themarkup.org\/privacy\/2021\/04\/15\/big-tech-is-pushing-states-to-pass-privacy-laws-and-yes-you-should-be-suspicious\">Big Tech Is Pushing States to Pass Privacy Laws, and Yes, You Should Be Suspicious<\/a> on <em>The Markup<\/em>. \u00a0 Feathers&#8217; and Alfred Ng&#8217;s 2022 <a href=\"https:\/\/themarkup.org\/privacy\/2022\/05\/26\/tech-industry-groups-are-watering-down-attempts-at-privacy-regulation-one-state-at-a-time\">Tech Industry Groups Are Watering Down Attempts at Privacy Regulation, One State at a Time<\/a>, also on <em>The Markup<\/em>, has more discussion. \u00a0And here in Washington state, Big Tech also used the strategy of comparing the Bad Washington Privacy Act favorably to weak state legislation as a way of shifting the conversation away from the bills weaknesses.*<\/p>\n<h2 id=\"that-escalated-quickly\">That escalated quickly<\/h2>\n<p><!--kg-card-begin: html--><\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">&quot;A memo comparing the measures prepared by three prominent nonprofits and shared with The Technology 202 argues that the federal bill\u2019s consumer protections are equal to or better than the California law in a vast majority of areas.&quot; <a href=\"https:\/\/t.co\/ywuWC7frF2\">https:\/\/t.co\/ywuWC7frF2<\/a><\/p>\n<p>&mdash; EPIC (@EPICprivacy) <a href=\"https:\/\/twitter.com\/EPICprivacy\/status\/1547937257486630916?ref_src=twsrc%5Etfw\">July 15, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <!--kg-card-end: html--><\/p>\n<p>The very next day, Cristiano Lima&#8217;s <a href=\"https:\/\/www.washingtonpost.com\/politics\/2022\/07\/15\/federal-privacy-bill-trumps-californias-law-advocates-say\/\">Federal privacy bill trumps California\u2019s law, advocates say<\/a> followed up on Leibowitz&#8217; talking point.<\/p>\n<blockquote><p>&#8220;Privacy and civil rights advocates are pushing back on criticisms from California officials that a federal privacy bill would weaken protections in the state, arguing that the bipartisan measure recently unveiled in Washington is even stronger than California\u2019s landmark law.&#8221;<\/p><\/blockquote>\n<p>Lima included quotes from Alan Butler of EPIC Privacy and David Brody of Lawyers&#8217; Committee on Civil Rights highlighting ways in which the ADPPA is stronger than California&#8217;s CPRA. \u00a0He also links out to a nicely-designed side-by-side (from EPIC, Lawyers&#8217; Committee, and Center for Democracy and Technology (CDT)) with more details. \u00a0They sure turned that around fast! \u00a0It&#8217;s almost like they expected this &#8220;fresh wrench&#8221; and had their talking points and collateral ready to go.<\/p>\n<p>So despite the concerns about lost &#8220;momentum&#8221;, the short-term result was a great news cycle for ADPPA supporters. \u00a0The main message people in DC heard going into the weekend is that privacy and civil rights advocates are defending ADPPA and saying it&#8217;s &#8220;even stronger&#8221; than California&#8217;s. \u00a0<\/p>\n<p>And then over the weekend, <a href=\"https:\/\/twitter.com\/omertene\/status\/1548690418828730370\">Future of Privacy Form Senior Fellow Omer Tene<\/a> and <a href=\"https:\/\/twitter.com\/cam_kerry\/status\/1548556394953310209\">&#8220;thought leader&#8221; Cameron Kerry of Brookings<\/a> chimed in with threads reinforcing the talking point that ADPPA is stronger than California&#8217;s law. <\/p>\n<p>From industry&#8217;s perspective, this a much better conversation to be having have than other thornier issues \u2013 for example, the concerns that Wyden and others have raised that <a href=\"\u201cunfortunately would not do enough to protect fundamental rights of a woman over her own body and her privacy.\u201d\">ADPPA \u201cunfortunately would not do enough to protect fundamental rights of a woman over her own body and her privacy\u201d<\/a>. \u00a0<\/p>\n<h2><\/h2>\n<h2 id=\"just-how-strong-is-adppas-enforcement\">Just how strong <em>is<\/em> ADPPA&#8217;s enforcement?<\/h2>\n<p>But regardless of whether or not ADPPA is or isn&#8217;t stronger than California&#8217;s law, are its enforcement provisions strong enough to protect us and our data? \u00a0Here&#8217;s some of the issues that \u00a0privacy and civil rights advocates have highlighted:<\/p>\n<ul>\n<li>EFF, Common Sense and other groups have questioned whether the ADPPA gives the FTC the funding and authority it needs to enforce it. \u00a0<em><strong>UPDATE<\/strong>: Consumer Reports also highlights this concern in their <a href=\"https:\/\/advocacy.consumerreports.org\/wp-content\/uploads\/2022\/07\/CR-letter-to-EC-re-ADPPA-AINS.pdf\">July 17 letter<\/a>.<\/em><\/li>\n<li>Public Knowledge discusses how the ADPPA <a href=\"https:\/\/publicknowledge.org\/public-knowledge-applauds-bipartisan-privacy-efforts-cautions-congress-must-fix-fcc-authority-concerns-before-full-committee-markup\/\">undercuts FCC enforcement authority<\/a><\/li>\n<li>Maine&#8217;s AG says <a href=\"https:\/\/www.eff.org\/document\/2022-07-13-letter-maine-ag-congress-re-adppa\">ADPPA in its current form would set a ceiling below the state&#8217;s legislation that protects consumers against abuse by Internet Service Providers<\/a> (like the ones funding the 21st Century Privacy Coalition).<\/li>\n<li>Privacy and civil rights advocates at Electronic Frontier Foundation and Disinfo Defense League groups including Media Justice, Access Now, Free Press, Common Cause, Muslim Advocates, Kairos Action, and Asian Americans Advancing Justice all oppose federal preemption of state privacy laws. <em><strong>UPDATE<\/strong>: Consumer Reports does too.<\/em><\/li>\n<li>The ADPPA&#8217;s private right of action won&#8217;t even exist for four years. Even then is limited, so doesn&#8217;t cover violations of the data minimizaiton requirements. \u00a0It doesn&#8217;t include statutory damages. \u00a0It puts up significant barriers that mean people have to &#8220;<a href=\"https:\/\/www.washingtonpost.com\/politics\/2022\/06\/27\/abortion-ruling-could-scramble-data-privacy-talks\/\">jump through arbitrary, drawn-out hoops<\/a>&#8221; to sue. \u00a0And ADPPA&#8217;s right to cure is a get-out-of-jail free card for most businesses with an annual revenue up to $41 million\/year.**<\/li>\n<\/ul>\n<p>And a July 1 memo from California Privacy Protection Agency (CPPA) says that \u00a0<a href=\"https:\/\/aboutbgov.com\/3XA\">the ADPPA takes away nearly all of their enforcement authority<\/a>:<\/p>\n<blockquote><p>[W&#8217;hile ADPPA states that a State Privacy Authority can take civil action to enforce the ADPPA, the definition of state privacy authority does not adequately identify the CPPA, nor can the Agency take civil action, since it has administrative enforcement authority only.<\/p><\/blockquote>\n<p>So on top of all the other isues, the bill in its current form takes away nearly all the enforcement authority of the country&#8217;s largest and best-funded state privacy agency.<\/p>\n<p>Put it all together and &#8230; well, your mileage may vary, but as of right now ADPPA&#8217;s &#8220;strong enforcement&#8221; looks pretty darned weak to me.<\/p>\n<p>I can certainly see why its supports would rather be talking about whether or not it&#8217;s better than California&#8217;s law.<\/p>\n<h2 id=\"what-next-on-preemption\">What next on preemption?<\/h2>\n<p>It could well be that Leibowitz et. al. are just posturing, and the industry plan is to demand concessions on other fronts in return for a &#8220;compromise&#8221; on preemption: add California&#8217;s privacy law to the already-long list of preemption exceptions, give the California Privacy Protection Agency the authority they need, and hangs Maine, Washington, and all the other states that also don&#8217;t want to be preempted out to dry. \u00a0Then again, maybe they&#8217;ll make some minor improvements in the ADPPA to address the CPPA&#8217;s concerns, after which California&#8217;s legislators can say they&#8217;ve fought for Californians&#8217; privacy rights and are now willing to &#8220;compromise&#8221; for the good of the country and go along with something preemptive. \u00a0<\/p>\n<p>Either one of thse approaches will let ADPPA&#8217;s supporters talk about how this dramatic &#8220;compromise&#8221; has restored the bill&#8217;s &#8220;momentum,&#8221; and how now&#8217;s the best time to make further &#8220;compromises&#8221; to push it over the finish line. \u00a0They&#8217;d also put pressure on Senate Commerce Chair Maria Cantwell, who&#8217;s been pushing to get state preemption completely removed, to &#8220;compromise&#8221; and settle for something that protects Californians but not Washingtonians.<\/p>\n<p>But it might not work out that way. \u00a0Most privacy advocates will continue to press to remove all state preemption. Republicans contine to press to remove ADPPA&#8217;s current preemption exceptions and make the bill fully preemptive. \u00a0So another short-term option, probably the path of least resistance, is to keep punting on resolving this issue, and instead hold it open so that they can try to keep the conversation focused on comparing the ADPPA to the GDPR. <\/p>\n<p>We shall see. \u00a0<\/p>\n<blockquote class=\"kg-blockquote-alt\"><p><strong>TAKE ACTION: \u00a0If you&#8217;re on Twitter, like or retweet <a href=\"https:\/\/twitter.com\/EFF\/status\/1547633335249211392\">the Maine AG&#8217;s concerns about preemption<\/a> and my tweet asking Washington Democratic members of Congress to <a href=\"https:\/\/twitter.com\/jdp23\/status\/1547643103846141956\">follow California Democtrats&#8217; lead and fight for their constituents&#8217; privacy rights by removing ADPPA&#8217;s state preemption<\/a><\/strong><\/p><\/blockquote>\n<h2 id=\"what-else-to-look-for-in-the-markup\">What else to look for in the markup<\/h2>\n<p>Preemption is only one part of the overall enforcement picture. \u00a0When the new version of ADPPA drops, will it actually give CCPA the authority it needs? \u00a0Will it clarify FTC funding and authority? Will it stop undercutting the FCC? \u00a0Will the private right of action improve \u2013 or be further weakened?<\/p>\n<p>And enforcement&#8217;s only the tip of the iceberg. \u00a0There&#8217;s also the <a href=\"__GHOST_URL__\/talking-about-the-elephant\/\">elephant in the room<\/a>: how far will the new version go to address concerns that <a href=\"https:\/\/www.washingtonpost.com\/politics\/2022\/07\/15\/federal-privacy-bill-trumps-californias-law-advocates-say\/\">ADPPA \u201cdoes not adequately protect against\u201d the privacy threats posed by a post-<em>Roe<\/em> world?<\/a> Wyden&#8217;s statement to the Washington Post focused on the deidentified data loophole, which he says would &#8220;make trivially easy to re-identify supposedly anonymous data and put women&#8217;s privacy at risk.&#8221;*** And there are also a lot of other loopholes that put people seeking or providing abortions at risk.<\/p>\n<p><em><strong>UPDATE:<\/strong> <a href=\"https:\/\/advocacy.consumerreports.org\/wp-content\/uploads\/2022\/07\/CR-letter-to-EC-re-ADPPA-AINS.pdf\">Consumer Reports&#8217; letter<\/a> has an excellent discussion of how the subcommittee&#8217;s amendment weakened the deidentified data language, starting at the bottom of page 4.<\/em><\/p>\n<p>A few other issues I&#8217;m following closely:<\/p>\n<ul>\n<li>The subcommittee&#8217;s markup added new exemptions, including one for companies who are collecting, processing, or transferring data on behalf of government agencies (an approach the military uses this approach to surveil Muslims and ICE uses to target immigrants). \u00a0Will any of these changes get undone in the committee markup? \u00a0Or will there be some other new exemptions?<\/li>\n<li>The algorithmic auditing section still falls short of the much stronger provisions in the Automated Accountability Act of 2020 and <a href=\"__GHOST_URL__\/ajl-audits-the-auditors\/\">the Algorithmic Justice League&#8217;s &#8220;Who Audits the Auditors?&#8221; recommendations<\/a>. How much will the new version improve the language?<\/li>\n<li>The subcommittee&#8217;s markup also removed race, religion, ethnicity, and union membership from the list of &#8220;sensitive data,&#8221; so it no longer requires opt-in consent to be shared, sold, or used for some purpose other than it was collected for. \u00a0What does &#8220;sensitive data&#8221; even <em>mean<\/em> if race and religion aren&#8217;t considered sensitive?<\/li>\n<\/ul>\n<p>Once the new version drops, there will be a flurry of activity as everybody analyzes it to see what&#8217;s changed \u2013 there&#8217;s only a short window of time to provide feedback to committee members before the markup session. \u00a0From there, Cobun Zweifel-Keegan of IAPP has <a href=\"https:\/\/twitter.com\/cobun\/status\/1539966259424534528\">an excellent thread describing the markup process<\/a>; it ends with the committee voting on an amended version of the bill. \u00a0If the committee advances it, then ADPPA&#8217;s next stop will probably be the House floor.<\/p>\n<p>Stay tuned!<\/p>\n<p>________________________________________<\/p>\n<p><!--kg-card-begin: html--><span id=footnotes><\/span><!--kg-card-end: html--><\/p>\n<p>* \u00a0A few examples:<\/p>\n<ul>\n<li>Microsoft Chief Privacy Officer Julie Brill described the 2019 version of Bad Washington Privacy Act (Bad WPA) as the &#8220;strongest set of privacy protections in the United States&#8221; and included a paragraph on &#8220;robust enforcement&#8221; in <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2019\/04\/29\/our-support-for-meaningful-privacy-protection-through-the-washington-privacy-act\/\">her post on Microsoft&#8217;s blog<\/a>.<\/li>\n<li>Brill&#8217;s 2020 post on how the new version of the Bad Washington Privacy Act <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2020\/01\/24\/washington-privacy-act-protection\/\">&#8220;raises the bar for privacy in the United States<\/a>&#8221; also talked about &#8220;strong enforcement&#8221; \u2013 even though the AG had said the law was unenforceable. \u00a0<\/li>\n<li>In 2021, <a href=\"https:\/\/docs.google.com\/document\/d\/1QCxJ6546vd-HieHqkYc2jWPK62YF3LA1\/edit#\">a disinformation-filled &#8220;quick summary&#8221; document industry lobbyists circulated<\/a> started by asserting &#8220;The Bad Washington Privacy Act, if passed, will be the strongest consumer data privacy in the nation.&#8221; <\/li>\n<li>From 2021&#8217;s <a href=\"https:\/\/jedii.tech\/criticism-and-praise-for-at-the-hearing-for-sb-5062-the-bad-washington-privacy-act\/\">Criticism and praise for at the hearing for SB 5062 (the Bad Washington Privacy Act)<\/a>:<\/li>\n<\/ul>\n<blockquote><p>The Washington Technology Industry Association talked about the &#8220;strong privacy protections&#8221; in the bill. \u00a0The CEO of a Seattle online gaming company lauded its &#8220;very strong privacy protections for consumers.&#8221; Microsoft described it as &#8220;the strongest privacy protections in the US.&#8221;<\/p><\/blockquote>\n<ul>\n<li>In 2022, <a href=\"https:\/\/docs.google.com\/document\/d\/15j85dDtc_OWC2F6NPdR39C_jLC7FISURfGQc59ii4Ms\/edit\">Washington Tech Industry Association lobbyist Michael Schutzler&#8217;s misleading Seattle Times opinion piece<\/a> said the Bad WPA would have been &#8220;the country&#8217;s strongest privacy bill.&#8221;<\/li>\n<\/ul>\n<p>Hey wait a second, I&#8217;m noticing a pattern here.<\/p>\n<p>** California&#8217;s CPRA doesn&#8217;t have a private right of action at all for most violations, so rather than focusing on the enforcement questions in general, the EPIC\/Lawyers&#8217; Committee\/CDT side-by-side shows ADPPA&#8217;s eventual weak, and cumbersome private right of action as a <em>plus<\/em> because it&#8217;s better than nothing. \u00a0It&#8217;s a great example of how useful it is for industry when the focus is on comparisons to other weak bills rather than the more important question of whether the ADPPA will actually address the problems it claims to.<\/p>\n<p>*** In the same article, EPIC&#8217;s Alan Butler reassures us that there&#8217;s nothing to worry about because ADPPA&#8217;s restrictions on de-identified data are &#8220;extremely strict,\u201d but then again he also said that ADPPA has stronger enforcement than it&#8217;s getting credit for, so without having delved into the details my guess is that Wyden&#8217;s right. <em> <\/em><\/p>\n<p><em>UPDATE, 7\/19: <\/em>Wyden&#8217;s right. \u00a0See Consumer Reports&#8217; <a href=\"https:\/\/advocacy.consumerreports.org\/wp-content\/uploads\/2022\/07\/CR-letter-to-EC-re-ADPPA-AINS.pdf\">letter<\/a>.<em> <\/em><\/p>\n<p><em>UPDATE, 7\/25: <\/em>it&#8217;s possible that Butler was talking about the version of the bill that was getting negotiated at the time, because the amended version the committee voted on undid the harmful subcommittee changes to decentralized data that Consumer Reports had discussed. \u00a0However, according to Tonya Riley&#8217;s reporting <a href=\"https:\/\/cyberscoop.com\/privacy-data-brokers-house-ftc-commerce\">Federal privacy legislation progresses, but concerns about data brokers loom<\/a>, these improvements do not appear to have fully addressed Wyden&#8217;s concerns.<\/p>\n<p>________________________________________<\/p>\n<p><em>Image credit: <\/em>JessicaRodriguezRivas, via <a href=\"https:\/\/commons.wikimedia.org\/wiki\/File:Home_of_the_US_Congress.jpg\">Wikipedia Commons<\/a>. \u00a0licensed under the <a href=\"https:\/\/en.wikipedia.org\/wiki\/en:Creative_Commons\">Creative Commons<\/a><a href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/deed.en\" rel=\"nofollow\">Attribution-Share Alike 4.0 International<\/a> license.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With Congress in session for just a few more weeks before their next recess, this will be a busy week on the privacy legislation front. \u00a0It starts with two important hearings on Tuesday. At 7:00 am Pacific time (10 am Eastern), the House Judiciary Committee&#8217;s hearing on Digital Dragnets: Examining the Government&#8217;s Access to Your [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[458,459],"class_list":["post-4038","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-adppa","tag-federal-privacy-legislation"],"_links":{"self":[{"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/posts\/4038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/comments?post=4038"}],"version-history":[{"count":0,"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/posts\/4038\/revisions"}],"wp:attachment":[{"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/media?parent=4038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/categories?post=4038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/2024.thenexus.today\/index.php\/wp-json\/wp\/v2\/tags?post=4038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}