WASHINGTON—As Congress explores whether and how to regulate personal data privacy, a new report released today by the Information Technology and Innovation Foundation (ITIF), the world’s leading think tank for science and technology policy, proposes a “grand bargain” that would repeal existing federal data privacy laws and replace them with a single federal law. According to the report, a new data privacy law should preempt state laws, improve transparency requirements, strengthen enforcement, and establish a clear set of data privacy rights for Americans based on the sensitivity of the data and the context in which it is collected.
“Rather than trying to maximize consumer privacy, data privacy legislation should focus on maximizing consumer welfare, which also includes lower prices, consumer freedoms such as choice and expression, and the innovation that leads to new products and services,” said ITIF Vice President Daniel Castro, co-author of the report. “Europe is a case study in how to create a data protection law that harms the digital economy and create needless red tape. The United States has an opportunity to do it much better. Federal data privacy legislation should streamline existing regulations, simplify compliance, improve enforcement, and strengthen protections for consumers. But we need a bold and novel approach to achieve this goal.”
The report compares how different laws, frameworks, and proposals around the world address data privacy, including the European Union’s General Data Protection Regulation and the California Consumer Privacy Act; describes 30 key components of these existing approaches; and explains each one’s likely impact on consumers, businesses, and the digital economy. The analysis provides a specific, actionable set of recommendations for U.S. lawmakers to craft federal privacy legislation for Americans businesses and consumers.
“Privacy regulations aren’t free—they create costs for consumers and businesses, and if done badly, they could undermine the thriving U.S. digital economy,” said ITIF Senior Policy Analyst Alan McQuinn, co-author of the report. “To avoid throwing a wrench into the digital economy and imposing expensive compliance burdens on businesses across all sectors, any data privacy regulations should create rules that facilitate data collection, use, and sharing while also empowering consumers to make informed choices about their data privacy.”