By Tom Still
MADISON, Wis. – The same body that ousted a speaker of the House of Representatives for the first time in history, is confronted by global crises and is flirting with yet another federal shutdown deadline is not likely to act any time soon on establishing a nationwide system for safeguarding consumer data.
That harsh reality about the current state of Congress is precisely why a dozen states have passed data privacy laws and six more, including Wisconsin, are considering doing so.
Whether that state-by-state approach turns out to be workable or a regulatory burden on businesses of all sizes is another matter. Sooner or later, Congress must get involved.
A hearing was held Oct. 11 on the Wisconsin Data Privacy Act (Assembly Bill 466) featuring testimony from people who think Wisconsin consumers should have a right to protect and control their “personally identifiable data” as well as those who fear a mix of privacy laws will hurt businesses that operate across state lines while confusing the very consumers they aim to help.
There is broad agreement the bill is well-intentioned. Its chief sponsor is Rep. Shannon Zimmerman, R-River Falls, one of the Legislature’s experts on technology policy. He has built and sold one software company and is helping to lead another, both in the business of solving multi-lingual data challenges. Having also served on key state committees, Zimmerman has seen first-hand the kinds of problems that can stem for misuse of consumer data.
He also understands those same consumers don’t trust private companies alone to collect and store personal information without it falling into wrong hands. His bill allows consumers to ask “data collectors” of certain sizes what personally identifiable information they hold, to learn how it has been shared or sold, and to ask for that data to be deleted.
People routinely buy things or sign up for services online, often leaving a trail of “cookie” crumbs simply by searching the internet. That information is sold in some cases to others who use it for legitimate market intelligence – but it can also be used for shady marketing, online or telephone scams and identity theft.
Opponents of AB 466 don’t disagree there should be stronger guardrails in place. However, they disagree its a matter for state regulation in an era of national and global commerce.
Small businesses don’t have the time or money to navigate competing laws across state lines. Going back over the last four decades, a driver of digital commerce was that it was relatively untethered by regulations. That lack of regulation spawned creativity and innovation. Few people want that spirit of entrepreneurism to fade.
“Wisconsin should not be adding to the business compliance headache that is growing across the country” over state data privacy laws, read testimony from a coalition organized through Wisconsin Manufacturers and Commerce.
Still others would rather see Wisconsin adopt a reasonable set of standards versus the California law, which is modeled after the European Union’s General Data Protection Regulation. Both the California and EU laws are seen by many observers as strict to the point of being innovation killers.
For example, the national State Privacy and Security Coalition testified Oct. 11 in favor of AB 466 because it’s in line with laws passed by every state outside California.
“Broadly speaking, we believe the best approach for state privacy legislation is that which works within the bounds of the Virginia/Connecticut framework” adopted by 11 states, coalition counsel Andrew Kingman said.
Is Congress able move quickly on a national data privacy law? Many people would argue otherwise, although the growing number of state laws might convince the House and Senate to act. As unlikely as that seems today, a federal solution that builds on well-crafted state laws is the best solution for the long term.
Still is president of the Wisconsin Technology Council. He can be reached at email@example.com.