This opinion piece originally appeared in Morning Consult.
The disclosures from the Facebook Papers have led to a flurry of legislative proposals on Capitol Hill to address data use, kids’ online safety, and malicious content. The single most effective step Congress can take is to enact comprehensive privacy legislation to address the explosion of digital information not covered by existing, narrower privacy laws.
Cameron F. Kerry
Ann R. and Andrew H. Tisch Distinguished Visiting Fellow - Governance Studies, Center for Technology Innovation
Chief Executive Officer - Future of Privacy Forum
Congress should not let this latest “Facebook moment” pass without meaningful action. Every day that passes without a baseline privacy protection law in effect is another day that not just Facebook, but a multitude of businesses, collect and use data generated from billions of devices. IBM estimates that the world generates 2.5 quintillion bytes of data per day – that’s 2.5 followed by 18 zeroes.
This volume will soon explode even further as data-intensive technologies power augmented and virtual reality environments (the “metaverse” to which Facebook’s new corporate name refers), and autonomous vehicles in the streets communicate with sensors that monitor traffic and pedestrian safety.
It is past time for the United States to require businesses to use data responsibly and give individuals rights in data about them, safeguard that have been absent and that would protect everyone in America. Every major democracy in the world has passed legislation to set boundaries on business data collection – and this month a new commercial privacy law took effect in China.
After the Cambridge Analytica stories in 2018, several congressional committees hauled in Facebook founder Mark Zuckerberg for back-to-back hearings carried live on cable news. Since then, Facebook has been a subject of some 70 hearings on privacy, competition, content moderation, misinformation, security, and diversity and inclusion, with 17 Facebook-affiliated witnesses.
Galvanized by Facebook’s sharing of data with Cambridge Analytica, Congress made a promising start on comprehensive privacy legislation. Leading members called for legislation, several introduced bills, and multiple committees and working groups got to work toward bipartisan legislation.
When it came to the hard bargaining, however, the early promise waned. Even though flagship bills from the leaders of the Senate Commerce Committee had encouraging areas of overlap, bipartisan agreement stalled. Ideological red lines that have frozen progress include whether a federal law should preempt state privacy laws in part or altogether, and whether to allow lawsuits by individuals for violations of privacy rights.
There is ample room for compromise on these issues, but little sense of urgency to do so. As privacy work slowed, Congress’ attention has turned to the many other concerns about Facebook and tech platforms, including their impact on children, free speech and disinformation, competition, and jobs.
Now the Facebook files have rekindled the privacy debate. The Senate Commerce Committee held its first privacy hearing this year in September. Committee Chair Maria Cantwell (D-WA) and Ranking Member Roger Wicker (R-MS) both affirmed their interest in working together on comprehensive legislation. At this hearing, Senators and business witnesses publicly softened their differences on the fractious issue of private lawsuits.
The two of us have been deeply involved in the public discussion of privacy legislation for more than a decade. We speak often with congressional staffers and members as well as advocates for industry, consumers, privacy, and civil rights. We have never seen passage of a broad privacy law as close as it is now, and no other issue targeting the major tech platforms is anywhere near as ripe for action.
The work already done in Congress and through laws passed in California, Colorado, and Virginia have laid a foundation for passage of federal legislation. Both -industry and advocates for privacy, consumer protection, and civil rights are ready to compromise on key issues when and if Congress moves toward passage of a privacy bill.
It will take more than privacy legislation to solve the wide-ranging challenges that social media has created and amplified. But protecting people’s personal information is the place to start. Congress should finish the job of enacting a privacy law that began with its first Facebook hearings in 2018.
Facebook and IBM are general, unrestricted donors to the Brookings Institution. The findings, interpretations, and conclusions posted in this piece are solely those of the authors and not influenced by any donation.