Commerce Department Moves to Regulate Data Privacy

The Biden Administration continues its foray into the debate over privacy policy in the United States. On Tuesday, November 30, The National Telecommunications and Information Administration (NTIA) issued a notice that they will hold three virtual “Listening Sessions” about the intersection of privacy, equity, and civil rights. The NTIA, a branch of the Commerce Department, is the President’s principal advisor on telecommunications and information policy issues. The sessions will inform a report, “on the ways in which commercial data flows of personal information can lead to disparate impact and outcomes for marginalized or disadvantaged communities.” Privacy advocates hope this report will help form the blueprint for a national privacy law with White House support.

While the approximately 280 employees at NTIA are instrumental in developing policy advice on, “the extent to which technology implementations, business models, and related data processing are adequately addressed by the U.S.’s current privacy protection framework,” the agency is still without a permanent leader. Biden’s nominee for the position, Alan Davidson, would be leaving his current role as the VP of Global Policy, Trust and Security at the Mozilla Foundation if he is confirmed by the Senate. The Commerce, Science, and Transportation Committee held his nomination hearing on Wednesday, December 1.

Although the agency would certainly benefit from having a Senate confirmed leader at its helm, the first of the Listening Sessions will convene on December 14, regardless of Mr. Davidson’s confirmation status. The notice points to a growing body of scholarship showing that marginalized communities are in particular need of, “robust privacy protections,” as part of the impetus for the sessions.

The agency notes several ways in which data collection practices can perpetuate patterns of discrimination. The digital advertising industry is called out for its use of proxy indicators of protected traits, such as race, gender, and disability to target advertisements in ways that can skew outcomes for employment and housing opportunities. NTIA also points to a ProPublica report which details how health insurance companies use, “unreliable and discriminatory heuristics,” data to make determinations that can raise health insurance rates.

Beyond discriminatory practices, the Sessions will also look to tackle some of the broader issues that would need to be addressed in any comprehensive privacy legislation, like “data brokers and secondary markets for data,” as well as “hiring, credit, lending, and housing algorithms and advertisements,” and “exploitation of data or commercially available software.”

It’s not the Biden Administration’s first stab at regulating privacy policy. A July Executive Order on Promoting Competition in the American Economy “encouraged” the FTC to “consider” exercising its rulemaking authority on “unfair data collection and surveillance practices that may damage competition, consumer autonomy, and consumer privacy.” House Democrats have gone further—including allocating $500 million in their Build Back Better Act for a new privacy bureau within the FTC. While some Republicans have shown interest in strengthening individual privacy protections, they are in lockstep opposition to the Democrats’ social spending package.

Unless an unlikely bipartisan coalition comes together, the U.S. will likely continue to operate under a patchwork of state laws that have increased compliance costs for companies and confusion for consumers. With Europe’s GDPR and China’s PIPL in full effect, the United States will continue to fall behind global standards of data privacy protection and exacerbate complications without an aligned national privacy law.