No one needs to tell Californians how vital it is to get internet privacy right. Breaches such as the Sony studio hack, HealthNet’s loss of nearly 2 million patient records and the endless stream of “personal” celebrity photos being leaked online make clear how far we have to go.
But at the same time, many of the state’s most innovative and dynamic technology companies are built on responsible use of consumer data. Much of the modern internet depends on collecting and analyzing data to direct consumers to the best products, services and recommendations, and to deliver increasingly personalized ads.
The law needs to foster growth and innovation while protecting consumers’ privacy rights. Unfortunately, the proposed Broadband Internet Privacy Act before the Legislature accomplishes none of this.
Instead, Assembly Bill 375 would add new confusion and complexity, handicap innovation and cut California off from the rest of the internet with its own approach used nowhere else in cyberspace. Since the internet does not respect state borders, any one-state effort to regulate privacy is doomed to fail.
Even worse, the bill would put in place an arbitrary new patchwork of “opt in” and “opt out” requirements – applying high levels of privacy protection to mundane data such as sports scores and weather reports while applying very low protection to far more sensitive information. In many cases, the same data will be subject to different kinds of protection depending on the company that uses it.
The harm to consumers would be immense. Broadband companies will be prevented from offering the free or ad-supported services consumers benefit from everywhere else online. Internet providers won’t be able to offer discounts or tailored service packages. And California companies would have to re-engineer their systems to comply with these rules – costs that will be passed through to consumers.
A better path for California would be to lead the charge for smart, effective federal rules to apply consistently everywhere online. The Federal Trade Commission has the most experience in protecting consumer privacy, and it should be given lead responsibility to draft transparent policies that put consumers back in charge.
David Balto, a former policy director for the Federal Trade Commission, is an antitrust lawyer in Washington, D.C. He can be contacted at David.Balto@dcantitrustlaw.com.