Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

After a Long Pause, Bipartisan Data Privacy Bill Back in Front of Congress

Friday, May 28, 2021

Categories: ASCF News Emerging Threats

Comments: 0

Photo Credit: CPO Magazine

A budding bipartisan movement toward establishing a federal data privacy bill began to take shape about two years ago, but ended up being put on pause due to the combination of the coronavirus pandemic and an especially contentious election year. With the effects of both of those things subsiding, Congress has begun to take the subject up again.

A 2018 bill introduced by Sen. Amy Klobuchar (D-MN) that has Republican support has been put back in front of the Senate, and its chances of advancing may have improved given that control of Congress has shifted to the Democrats. One of the highlights of the bill is a requirement that tech platforms allow users to opt out of data collection and tracking, but it would also allow them to deny these users service.

Proposed data privacy bill contains mixed bag of terms
The Social Media Privacy Protection and Consumer Rights Act is sponsored by Klobuchar and Joe Manchin (D-WV), and draws bipartisan support from John Kennedy (R-LA) and Richard Burr (R-NC). However, the data privacy bill stalled out in 2019 in part because it failed to draw a significant amount of additional Republican support. There are no strong indications that the political right will be any more interested in it this time, but that may now be irrelevant as the Democrats have a window of a year and a half in which to pass it while having an assured hold on the House and Senate.

One of the key terms of the data privacy bill is that platforms write their terms of service in “easily accessible language” that can be readily understood by the average person. End users must also be given the ability to opt out of data collection and tracking; however, platforms would in turn be allowed to deny service to users that opt out. The bill allows providers to disallow both “certain services” or “complete access” in cases where opting out creates “inoperability” in the platform.

The data privacy bill would provide some enhanced rights and protections to those that do opt to participate, however. The bill requires that users be notified of a data breach within 72 hours, and the breach notification must be accompanied by a full copy of the data that the service has collected along with links to request that data be deleted. The bill also requires services to delete the collected data of closed accounts within 30 days unless they are compelled to hold onto it for some sort of legal reason.

Platforms would also be required to maintain a “privacy or security program,” something of an odd wording as one would expect responsible platforms to have both of these things. But the data privacy bill specifies that the program must detail how the platform uses collected personal data, how it addresses expected security risks created by introduction of any new products or services, and detail the access that both internal employees and contractors have to collected personal data. Users would also have to be notified when new products are introduced to the platform and given the choice to opt out of them. These programs would have to be audited at least once every two years.

Enforcement would be turned over to the Federal Trade Commission (FTC), using existing “unfair or deceptive acts or practices” laws. Non-profit organizations would also be subject to the terms of the new data privacy bill. And state residents would be able to seek restitution via a civil action brought by the state attorney general. The bill would also not supersede existing state data privacy laws.

Consumer protection may be limited
The proposed data privacy bill does not go nearly as far as something like the EU’s General Data Protection Regulation (GDPR) in terms of consumer protections, and some privacy advocates are pointing out that a system focused on opting out may be untenable. The bill appears to focus on services in which a user is logged into an account, but the tech platforms also provide services that collect protected data without requiring a login. Google’s search bar and YouTube are two primary examples, and Facebook is able to build profiles on anyone visiting any unrelated website that incorporates its plugins.

The “opt out” approach is opposite the direction Apple has gone with its recent privacy changes introduced in iOS 14.5. Apple’s “opt in” system requires the end user to be notified of data collection for personalized ad tracking when they download an app, and presented with a prompt to opt in. The app developer is not allowed to restrict or deny service to users that opt out. Customers relying on an “opt out” system have to first give their personal data over to the platform, then trust that it will be handled and removed appropriately and in a timely manner.

Though the proposed data privacy bill is far from addressing all of the issues on the table, identity management expert Alexa Slinger of OneLogin notes that the data breach requirements would substantially improve at least one area of major consumer harm: “According to an Audit Analytics report, Trends in Cybersecurity Breach Disclosures, it takes an average of 108 days before companies discover a breach, and another 49 days to disclose the breach to consumers. This leaves buyers unknowingly at risk to further exploitation of their data, and companies subject to detrimental costs and penalties to their business. It’s in both the consumer and company’s best interest to implement standards, processes and systems to prevent breaches and protect valuable user data.”

Source: https://www.cpomagazine.com/data-privacy/after-a-long-pause-bipartisan-data-privacy-bill-back-in-front-of-congress/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.