When It Comes to Privacy, It’s Time to See the Forest for the Trees

By Wayne Matus

Unsplash

Are we watching the forest and not noticing the trees? The bipartisan American Data Privacy and Protection Act Discussion Draft has so much in it that most everyone is trying to grasp the issues, with most of the discussion on preemption and a private right of action. But, in doing that, are we failing to focus on one other?

And perhaps, the even more impactful, hidden major issue – that opt-in would be required before a company could process, collect, or transfer sensitive data?

Why is this an impactful issue? Because the bill defines sensitive covered data incredibly broadly, way beyond what you would expect, and grants the FTC rulemaking authority to broaden what is defined as sensitive even further.

An opt-in would be required for a marketer to use not just what we would usually consider sensitive data, but also, under this broad definition, online activities (over time or across third-party websites), media viewing history, private communications (emails, chat), and geolocation. (As the draft bill requires providing an opt-out for targeted advertising, there is an arguable inconsistency. However, the intent is clearly to provide an opt-in for information identifying an individual's online activities.)

Is this not effectively applying Apple's iPhone ad privacy changes to all devices? It has been reported that only 18 percent of iOS users given the choice opt-in. What would the effect be on Internet marketing if 82 percent of all users do not opt-in? 

And, when you add to an opt-in requirement the bill's direction to the FTC that it study the feasibility of a unified opt-out mechanism and grant of authority to the FTC to implement such a mechanism through rule making, the potential effect on AdTech is even more dramatic.

With 19 legislative days left before the midterms, the likelihood of the bill being passed this year is small. Still, stranger things have happened, so it would behoove those whose economic models would be impacted to notice the trees now.


The views and opinions expressed are solely those of the contributor and do not necessarily reflect the official position of the ANA or imply endorsement from the ANA.


Wayne Matus, Esq., is the co-founder and General Counsel at SafeGuard Privacy.