skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

In early November 2018, US Senator Ron Wyden (D-Oregon) introduced draft legislation of a sweeping federal data privacy law that would empower consumers to opt out of data collection, impose steep fines for noncompliance, and enforce criminal penalties for senior corporate executives that willingly sign off on falsified data protection and privacy reporting. The proposed Consumer Data Protection Act would in theory remedy the current lack of federal data privacy framework and help obviate the need for additional state-level legislation. However, given current political dynamics, the bill is unlikely to pass. What it does do though is force a meaningful federal discussion of data privacy and consumer rights, paving the way for future legislation.

Unlikely to pass, the bill still forces the discussion of privacy

To date, the US has been stubborn in its unwillingness to address data privacy and protection issues at the federal level. While the EU successfully pressured nations around the globe to adopt standards modeled after the General Data Protection Regulation (GDPR) in order to facilitate trade and data transfer, the US was largely able to use its economic heft to resist such changes in national policy. However, the issue of data privacy and data protection did not go unnoticed by legislators. With rising consumer awareness and lack of federal action, individual states began to take matters into their own hands, forging policy such as the California Consumer Privacy Act (CCPA), which conferred protections for residents. As states move forward with their own standards, the trend threatens to create a convoluted legal landscape of patchwork regulation which is difficult for both businesses and consumers to navigate.

Federal standards for data privacy and data protection would help streamline corporate compliance efforts and preempt the need for additional state-level policy. Senator Wyden, who has a consistent legislative record for privacy policy advocacy, introduced the Consumer Data Protection Act in early November to create such a framework. The bill is notable in its strict reporting requirements, opt-out rights for consumers, expansion of Federal Trade Commission (FTC) enforcement capabilities and staffing, steep fines of up to 4% annual revenue, and (unlike GDPR) criminal penalties of up to 10–20 years in prison for senior executives. In addition, it mandates that organizations assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security. In many ways, it creates standards that are stricter than GDPR, and which are more difficult to comply with given the increasing opacity of machine learning and AI algorithms.

However, given the current political dynamics in the US, the bill is relatively unlikely to pass. Data privacy and data protection were not flashpoint candidate or voter issues in the November 2018 midterm elections, and Congress remains largely split along party lines with regard to regulatory matters. But more importantly, the large organizations that use data monetization as their business model – the organizations at which the proposed legislation is squarely aimed – continue to have enormous lobbying clout, with a heavy hand in shaping the government's technology policies.

What the proposed legislation does, however, is raise the profile of data protection and data privacy at the federal level in the US and force the discussion of the matter in Congress regardless of the ultimate outcome. By design, the Consumer Data Protection Act was drafted to set the bar extremely high so that the lobbying forces and compromises inherent in the legislative process will eventually result in future policy that is sufficiently protective and meaningful for consumers. With the future of the EU-US Privacy Shield framework currently in question, a US federal policy for data protection and privacy could potentially facilitate trade and data transfer with the EU via an “adequacy decision” if protections are sufficiently similar to GDPR. However, to get there, the US needs to address these issues in Congress rather than at the state level. What the proposed legislation does is pave the way for that discussion to occur, forging the possibility for federal-level policy that is more moderate – yet still meaningful and protective – so that businesses may eventually have a single, streamlined standard to adhere to, which will facilitate compliance.

Appendix

Further reading

Aligning GDPR Compliance with Existing Business Objectives, INT002-000164 (August 2018)

"California Consumer Privacy Act follows in GDPR's footsteps," INT002-000156 (August 2018)

“Under GDPR, artificial intelligence is a double-edged sword,” INT002-000016 (November 2017)

Author

Paige Bartley, Senior Analyst, Data and Enterprise Intelligence

paige.bartley@ovum.com

Recommended Articles

  • Consumer & Entertainment Services

    2019 Trends to Watch

    AI is an undoubted work in progress. Feeling the impact of AI – from its early days at the dawn of the modern computer, through today and its integration into devices, apps, and the networks that connect them and that we use every day – has been a long time coming.

    Topics 5G AI Smart home IoT Video

  • Consumer & Entertainment Services

    Telco loyalty programs are about more than improving churn

    ByNicole McCormick 07 Mar 2018

    Loyalty programs have long been held as key to indirect monetization for the communications service provider. Upcoming research from Ovum has verified that notion – loyalty schemes improve Net Promoter Scores (NPS – a measure of brand perception) and can help improve churn. They can also lead to net additions growth and can even earn revenues for the operator.

  • Service Provider Markets

    5G is here – almost – with the launch of Verizon 5G Home

    ByMike Roberts 01 Oct 2018

    Verizon 5G Home is a milestone in the telecoms market because it is the first large-scale commercial launch of broadband services based on 5G technologies, albeit not on a fully standardized version of those technologies.

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8935

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now