The future of online privacy: To legislate or not

Following a series of data breaches and privacy scandals, most notably the controversy surrounding Facebook’s engagement with political firm Cambridge Analytica, there has been increasing discussion over whether Congress should establish comprehensive legislation to protect American consumers’ online privacy. Achieving broad privacy legislation will be a challenge for legislators, given the rapid pace of innovation, but in the coming months, Congress may feel compelled to act. With the recent implications of the EU’s adoption of the General Data Protection Regulations (GDPR), public pressure may also encourage congressional action.

On July 26, the Center for Technology Innovation at Brookings hosted a panel discussion to explore a comprehensive framework for U.S. privacy legislation. The discussion addressed both the opportunities and challenges associated with such legislation during a period where big data analytics are fueling the new economy and online consumer data is being manipulated and mined for undemocratic purposes. What should be included in federal privacy legislation? Is either the GDPR or the California Consumer Privacy Act a good model?  What types of companies and business models should be covered by legislation? Should different types of companies in the internet ecosystem be regulated the same under a federal system? Which government entity should be responsible for enforcing online privacy guardrails?

After the session, panelists took audience questions.