Image
PROMO Technology - Hand Finger Internet Shopping Security - iStock

National privacy standard eyed by Congress for data harvested by big tech companies

iStock
Ashley Murray

If you are having thoughts of suicide, contact 988. For resources regarding eating disorders, visit nationaleatingdisorders.org/get-help/.

(Colorado Newsline) U.S. House members tasked with addressing what happens to loads of user data collected by big tech companies see a “long overdue” opportunity for a national privacy standard, particularly for children and teens.

Lawmakers on a subpanel of the House Committee on Energy and Commerce met Wednesday to hear from advocates and online safety experts on a series of data privacy bills that are drawing rare bipartisan and bicameral support.

Image
PROMO Media - Cell Phone Social Media Icons - iStock - hapabapa

© iStock - hapabapa

The 10 bills discussed by six witnesses and members of the Subcommittee on Innovation, Data and Commerce would regulate how data is collected and stored, allow users to opt out of algorithms, and ensure safeguards for minors on the internet.

The hearing came on the heels of widespread bipartisan support for a bill that would force the popular video platform TikTok to split from its Chinese parent company ByteDance. The legislation passed the House in March in a 352-65 vote.

“Today we find ourselves at a crossroads,” said Energy and Commerce Committee Chair Cathy McMorris Rodgers. “We can either continue down the dangerous path we’re on, letting companies and bad actors continue to collect massive amounts of data unchecked, or we can give people the right to control their information online.”

Washington state lawmakers unite

The Washington Republican’s discussion draft of the American Privacy Rights Act was a focus of the Wednesday hearing.

The bipartisan, bicameral proposal, introduced alongside Senate Committee on Commerce Chair Maria Cantwell, a Washington Democrat, would shrink the amount of data companies can collect, regulate data brokers, allow users to access their own data and request deletion, and empower the Federal Trade Commission and state attorneys general to enforce the policies.

Image
Map of the state of Washington, showing portions of surrounding states

© iStock - klenger

Placing the burden on consumers to read “notice and consent” privacy agreements “simply does not work,” said Energy and Commerce Committee ranking member Frank Pallone of New Jersey.

“By contrast, data minimization limits the amount of personal information entities collect, process, retain and transfer to only what is necessary to provide the products and services being requested by the consumer,” Pallone said, praising provisions in the American Privacy Rights Act.

Rodgers said the “foundational” legislation would protect minors and establish a national standard to quash a “modern form of digital tyranny where a handful of companies and bad actors are exploiting our personal information, monetizing it and using it to manipulate how we think and act.”

One national standard would preempt “the patchwork of state laws, so when consumers and businesses cross state lines, there are consistent rights, protections and obligations,” GOP Representative Gus Bilirakis of Florida, the subcommittee’s chair, said during his opening remarks.

Seventeen states have enacted their own privacy laws and regulations with another 18 states actively pursuing various pieces of legislation, creating a “complex landscape of state-specific privacy laws,” testified Katherine Kuehn, chief information security officer-in-residence for the National Technology Security Coalition, a cybersecurity advocacy organization.

‘Insecurity as data’

Among the other proposals the panel discussed was an update to the 1998 Children and Teens’ Online Privacy Act, co-sponsored by Michigan Republican Representative Tim Walberg and Kathy Castor, a Florida Democrat.

The bill aims to ban targeted advertising to children and teens, prohibit internet companies from collecting the data of 13-to-17-year-olds without consent, and require direct notice if data is being stored or transferred outside of the U.S.

We know that big tech has failed, ladies and gentlemen, to prioritize the health and safety of our children online, resulting in a significant increase in mental health conditions, suicide and drug overdose deaths.

– Representative Gus Bilirakis of Florida

Ava Smithing of Nashville, Tennessee, described for the committee her teen years spent on Instagram and the body image issues and eating disorder that ensued after repeated targeted content.

“The companies’ abilities to track engagements, such as the duration of time I looked at a photo, revealed to them what would keep me engaged — my own insecurity,” she testified.

“They stored my insecurity as data and linked it to all my other accounts across the internet. They used my data to infer what other types of content I might ‘like,’ leading me down a pipeline from bikini advertisements to exercise videos to dieting tips and finally to eating disorder content,” Smithing, director of advocacy for the Young People’s Alliance, said.

‘Big tech has failed’

Bilirakis is a sponsor of the similarly named Kids Online Safety Act, along with fellow Representatives Erin Houchin, an Indiana Republican, Washington Democrat Kim Schrier and Castor.

“We know that big tech has failed, ladies and gentlemen, to prioritize the health and safety of our children online, resulting in a significant increase in mental health conditions, suicide and drug overdose deaths. We’ve heard stories over and over and over again in our respective districts,” Bilirakis said.

Bilirakis’ bill would outline a set of harms to children under 17 and require big tech and video game companies to mitigate those harms. The bill also aims to increase parental protections on platforms and commission a study of age verification options.

A companion bill in the U.S. Senate has been introduced by Connecticut Democrat Richard Blumenthal and Tennessee Republican Marsha Blackburn.

Samir C. Jain, of the Center for Democracy and Technology, told the House panel that some proposals, including the Kids Online Safety Act, “while well-intentioned and pursuing an important goal, do raise some concerns.”

“Legislation that restricts access to content because government officials deem it harmful can harm youth and present significant constitutional issues,” said Jain, vice president of policy for the civil liberties advocacy organization.

“Further, requirements or strong incentives to require age verification systems to identify children often require further data collection from children and adults alike, and thereby can undermine privacy and present their own constitutional issues,” Jain testified.

However, Jain praised provisions in the American Privacy Rights Act that would increase transparency into the algorithms employed by large data companies and “prohibit using data in a way that perpetuates or exacerbates discrimination based on protected characteristics such as race, sex, religion, or disability status — whether a Black person looking for a job, a woman seeking a loan to start a business, or a veteran with a disability trying to find housing.”

During questioning, Bilirakis asked each panelist: “Yes or no, do you think this is the best chance we have to getting something done on comprehensive data privacy?”

All witnesses answered yes.

Meta, which owns Instagram, did not respond to a request for comment.


Colorado Newsline is part of States Newsroom, a nonprofit news network supported by grants and a coalition of donors as a 501c(3) public charity. Colorado Newsline maintains editorial independence. Contact Editor Quentin Young for questions: info@coloradonewsline.com. Follow Colorado Newsline on Facebook and Twitter.