December 21, 2018
By Dan Jaffe
ANA has urged the Federal Trade Commission (FTC) to advocate for the passage of federal privacy legislation, preemptive of state laws, that creates a single national standard for the reasonable collection and use of consumer data, to be enforced by the Commission.
The filing also supports maintaining the existing sector-specific federal privacy laws, such as Gramm-Leach-Bliley, the Health Insurance Portability and Accountability Act (HIPAA) and the Children’s Online Privacy Protection Act (COPPA).
Our comments were filed in response to a request for input on the February 2019 FTC Hearing on Competition and Consumer Protection in the 21st Century, which will focus on consumer privacy.
Our data-driven economy, which provides tremendous value to both businesses and consumers, is under unwarranted threat by international and state laws that, while well-meaning, are proliferating and splintering the regulatory structure.
Our comments describe the serious defects with both the EU’s General Data Protection Regulation (GDPR) and the new California Consumer Privacy Act (CCPA). Both have potentially seriously damaging implications for U.S. businesses and consumers.
The combined impacts of the GDPR and the CCPA are undermining the competitive marketplace and are particularly harmful to new market entrants and smaller entities.
This overly restrictive approach threatens the free flow of information that is vital to delivering the products and services that consumers value and expect.
Unfortunately, numerous other states are considering additional and potentially inconsistent privacy and data security laws.
We specifically urged the FTC to carry out a detailed review of the effects of the GDPR and the CCPA on competition and consumers.
ANA has been working for several months with our member companies and other industry groups to develop a new privacy paradigm that would be enforced by the FTC as a single national standard. It would potentially amend the FTC Act to define “per se reasonable data collection and use practices,” which create little to no risk of consumer harm, as well as “per se unreasonable data collection and use practices” which discriminate based on employment, credit eligibility, health care and other similar factors.
The use of data that does not fall clearly within either of these categories will be determined to be reasonable or unreasonable by the FTC through enforcement actions or rulemaking.
Our comments note: “The New Paradigm also provides the flexibility needed to ensure the data-driven economy can continue to grow. Instead of a one-size-fits all model, as has been proposed by the CCPA and the GDPR, the New Paradigm recognizes that consumers benefit from privacy protections that are based on risk and reflect their expectations.”
There is growing interest in Congress to develop broad federal privacy and data security legislation, and we expect considerable activity in this area next year.
We have been meeting with key policymakers to describe the “New Paradigm” and urging them to consider this approach as a better alternative to the sweeping restrictions of the GDPR and the CCPA.
We will continue to pursue these issues and foster an on-going dialogue with our members as we hammer out the details of a new privacy paradigm.
Daniel L. Jaffe is group executive vice president for government relations at the Association of National Advertisers, Washington.