As the digital economy expands, more attention is being paid to the impact of data processing on consumers and how to maintain responsible and trustworthy treatment of personal information. Companies have responded to shifting consumer views and expectations about how data is collected and used online by developing new data transparency tools and controls. Policymakers are also seeking ways to ensure that data controllers exercise fair information practices to protect and empower users while also encouraging innovation and protecting economically vital flows of data, particularly across borders.
New technologies and data practices have stressed the traditional U.S. sectoral approach to protecting consumer privacy. In response, Congress should adopt a federal baseline consumer privacy law to ensure that consumers’ personal information is handled responsibly no matter where it is collected or who is processing it. This framework should set consistent transparency requirements, consumer controls, and accountability measures for data controllers, while empowering the Federal Trade Commission to carry out robust enforcement. Such a framework should be risk-focused, technology-neutral, and provide safe harbors and flexibility for organizations to make adjustments according to the needs of individuals and evolving technology.
Developing comprehensive and durable privacy rules requires balance. The desire to bring the power of government to bear on the issue is a strong one, but it must be set against the need to encourage innovation, unlock the incredible social value of big data, and not to infringe upon related values such as the freedom of speech. Overly prescriptive or onerous regulation risks creating high barriers to entry for new companies and may even prohibit the creation of beneficial new technologies and privacy protective techniques and services.
