Data has given consumers unprecedented capacity to control, manage and improve their lives. From finding the least congested route to work to attending a physical therapy session remotely through virtual reality, never before have consumers had such power, literally in the palm of their hands. The time is now to develop comprehensive federal privacy legislation.
While we all enjoy the benefits produced by the marriage of data and technology, we can’t abandon critical values that remain important in modern life. Protecting consumers’ privacy is one of those values. As the digital economy has matured, it’s become increasingly clear that our nation’s current policy approach to protecting consumer privacy is buckling under the weight of the dizzying pace of innovation and the rapid convergence of major industries.
This is not a new issue to Verizon. Although the GDPR, the new California privacy law, and worrisome headlines about the use of consumer data have recently kept privacy in the spotlight, Verizon has supported federal consumer privacy legislation since 2011. It was clear to us even then that the U.S.’s current policy approach on privacy was too fragmented and ill-equipped to deliver on the promise of our digital future. Developments over the past seven years have only reinforced our support for meaningful legislation as we’ve witnessed data-driven innovations emerge and consumers scramble to make sense of how their information is used and shared.
Members of Congress owe it to consumers to redouble their efforts to develop forward-looking consumer privacy legislation that provides clear rules of the road; rules of the road that empower consumers to make informed choices about how their data is used and help companies meet their customers’ expectations.
We were encouraged by last month’s Senate Commerce Committee hearing on privacy and hope that it is a real start toward legislation. Before, during, and after the hearing, leaders in industry, consumer groups, and Members of Congress expressed genuine interest in legislation and laid out a path forward. But we need to move quickly. Innovation isn’t waiting for our laws to catch up. We all need to have a sense of urgency and do the hard work necessary to help develop and pass meaningful consumer privacy legislation.
So what should a new consumer privacy framework look like?
Legislation must be simple to understand, targeted to consumers’ needs and today's digital reality, and national in scope so all Americans are equally protected. Verizon believes a consumer privacy bill should be bipartisan and focus on the following key principles:
- Consistency. All entities, regardless of industry sector, that collect information about consumers should be subject to the same requirements. One set of rules, primarily enforced by a single Federal regulator – the Federal Trade Commission – will ensure consistent protections for consumers.
- Flexibility. Statutory requirements governing ever-evolving technology need to be flexible so that they don’t become quickly outdated. The overall framework should be informed by the principle that the level of sensitivity of the personal information will dictate the corresponding protections. The FTC could have a role in providing guidance on statutory requirements, such as defining “personal information” and “sensitive personal information.”
- Transparency. Companies must provide clear and easy to understand information about their practices with respect to the collection, use, and sharing of personal information. As part of transparency, companies should have a mechanism that provides consumers with reasonable access to what information the company has about that consumer.
- Choice. Companies must provide consumers with the opportunity to opt in to the collection, use, and sharing of sensitive personal information and to opt out of the collection, use, and sharing of other personal information. Exceptions should be in place for the collection, use, and sharing of personal information for operational and other purposes (e.g., legal process).
- Data Security and Breach Notification. Companies must put in place reasonable security measures to protect information and should notify consumers in appropriate circumstances when breaches occur.
- Safe Harbor Programs. There should be a Safe Harbor program that companies can follow and know that they are meeting the requirements of the law.
- Enforcement. The enforcement regime for privacy should be two-fold: (a) FTC enforcement with civil penalties (subject to a cap); and (b) State attorneys general enforcement of Federal law.
Consumer privacy should not be regulated on a state-by-state basis. The products and services that are powered by the Internet have never been bound by geographic lines. Data flows seamlessly across the globe. And consumers need to know their privacy is guaranteed across the country, not through different laws in various states.
Last week’s hearing surfaced a lot of good ideas. All of the witnesses agreed that there should be federal privacy legislation. This was a good start. So let’s capitalize on this momentum and get to work helping develop a comprehensive consumer privacy bill. Tackling this critical issue head on once and for all is the right thing to do for our customers and our business. The U.S.’s ability to strike the right policy balance on privacy will determine the trajectory of U.S. innovation for years to come. This is too important to sit out. So let’s roll up our sleeves, put aside our differences, and work across the policy community to develop consensus on a robust and rational consumer privacy framework. Our ability to realize the full potential of our bright digital future depends on it. The time is now.