Proposed Congressional Data Privacy Laws Could be Bad for Consumers

Apparently, several major internet-related businesses are going to make a major push to pass consumer privacy legislation in Congress this next year. According to a recent news account from Associated Press, companies such as Microsoft and Hewlett Packard are:

preparing to push for data-privacy legislation next year to replace what they consider an outdated patchwork of state and federal laws that are inconsistent and burdensome.

These companies suggest that apparently they are better than state and federal government regulators at structuring data privacy protections.

In general I agree that corporations rather than government are better at understanding the needs of data protection. However, I am troubled by the anticipated upcoming proposals from these companies which seem to be more like a corporate immunity program rather than consumer protection. I say this because, according to the Associated Press article, proposed congressional legislation will preempt state courts from becoming involved in data protection disputes and will set national standards for consumer protection over a broad range of businesses. In my opinion, States need to have flexibility to deal with commerce and data protection as has been the case for years. The needs, norms and values of citizens in New York City, New York vary greatly from those in Newton, Iowa. State courts have historically resolved these types of consumer protection disputes and I do not believe that consumer privacy will be further protected or enhanced by taking power away from state courts and placing it exclusively into the hands of our federal government. Our federal bureaucracy has become large enough. If Congress does anything, perhaps it should simply require that companies disclose how they use information. I agree with Marc Rotenberg, executive director of the Electronic Privacy Information Center, who indicated that a better legislative proposal would provide consumers with:

access to the data that companies have on them and have more control over how they are used, he said, similar to the way consumers can currently access their credit reports.

Apparently Microsoft, Hewlett Packard and other companies do not want us to have access to the information compiled and maintained about us. It looks like these companies have chosen instead to try to prevent consumers from filing suit in state court if a company breaches its obligation to safely and securely handle personal consumer information. I cannot agree that this type of prohibition will lead to safer and more secure on-line commerce or data protection. This is true especially in light of our ever-increasing incidents of identity theft which we see on the news all the time.