Marketing goes to Washington: why federal law needs to control data regulation
Today (25 March) sees the 4A's host its first conference in Washington DC. Here, the organization’s senior vice-president of government relations, Alison Pepper, sets out why any regulation of the media/data/privacy/technology nexus needs to land at the federal level.
Spring’s a funny transitional time in Washington DC. You never know what you’re going to wake up to – sunny skies, chirping birds, the smell of cherry blossoms permeating the air or, equally possible, an ice storm that downs power lines everywhere and causes a back up on the Beltway around the full 64-mile loop. The weather, like the mood of Congress, can change quickly and mercurially.
But there’s something a little different in the air this spring. It appears to be the slightly sour smell of a once joyful relationship gone bad – tech and Congress appear to be breaking-up, and the fallout is not pretty.
And like many messy break-ups, battle lines are being drawn and sides are being picked. What’s at stake is no less than the very future of the data economy – does data get collected, what data gets collected, who gets to use it, who doesn’t get to use it, how can it be used, when can it be used, how does it have to be protected, when does it have to be protected?
It’s this swirl of questions that provides the backdrop for the 4A’s Decisions 20/20 conference. For the first time ever, the 4A’s is convening more than 100 industry expert speakers over two days in Washington DC to discuss the increasingly messy matrix of media/data/privacy/technology.
In some ways it’s a familiar arc of any industry approaching maturation – conversations and companies that originate in Silicon Valley and New York make their way to Washington DC, sometimes voluntarily, sometimes kicking and screaming.
But what perhaps has been disorienting has been the incredible speed at which all of this has taken place.
As recently as 2008, many of the current tech companies embroiled in controversy were new and shiny and could do no wrong. When President Obama rode a wave of new generation grassroots targeting, aided by tech companies (some of which you likely haven’t heard of), it was heralded as the greatest leveler in campaigning.
No longer would you need to scrounge for big PAC [political action committee] checks and beg for primetime exposure – it no longer mattered whether you were a progressive Democrat or tea party Republican, you could now find your potential voters cheaper, faster and more efficiently without the traditional party apparatus at work.
That turned out to not entirely be the case. Money, it turns out, still matters.
If 2008 was the high point of relations between tech and Congress, it’s probably fair to say it’s been fraying ever since. The reasons for that are complicated to say the least – data collection and usage exploded in a number of ways both anticipated and unanticipated. The Valley ethos of move fast and break things might have been fine when it came to chat apps, but a little less so when it came to driverless cars and high stakes blood testing.
So what’s the state of play right now regarding regulation of the data economy?
To borrow a phrase from our UK friends, it’s a bit of a dog’s breakfast. With GDPR and Cambridge Analytica acting as a catalyst, the US has embarked on a frenzy of regulatory activity around the data economy.
Tired of waiting for federal action, California became the first state to pull the trigger with a hastily-passed bill (less than five days of deliberation) known as the California Consumer Privacy Act (CCPA). Since then, at least 21 states have passed or have bills pending that cover some aspect of privacy, data, security, advertising, or a mix of the four.
It’s easy, for even someone with little technical knowledge, to understand the problems that are going to arise from 50 different state laws attempting to regulate something that transcends borders.
While there have been three hearings on Capitol Hill in the past two months on data privacy (Senate Commerce, House Energy and Commerce and Senate Judiciary) and several bills introduced covering data privacy from multiple angles, it’s hard to see where it’s all headed just yet.
Data privacy appeared to be a bipartisan issue initially, but there have been some fracture lines as of late. It also appears that the brewing battles over antitrust might have a role to play in the year ahead.
But one thing is crystal clear – in the absence of federal regulations, the states plan to charge ahead with their own regulations. And companies will continue to struggle with not only interpreting what exactly is being asked of them by the states, but more importantly, the struggles of multiplying those ambiguities by the dozens as more and more states pass legislation.
The states have often been called the “laboratories of democracy” for good reason – there’s less reverberations from trying and failing on a smaller scale. But the technology sector isn’t really a “sector” of our economy anymore – it’s too entwined in every aspect of business now in a way it wasn’t twenty years ago. It’s a national economy, and needs to be regulated in a comprehensive, cohesive, national way that sets the ground rules, whether you’re in Kansas or Rhode Island.
There’s too much at stake here to get this wrong.