Our drinking water is regulated under the Safe Drinking Water Act ("SDWA"). According to the Environmental Protection Agency ("EPA"), "under the SDWA, EPA sets standards for drinking water quality and oversees the states, localities, and water suppliers who implement those standards." 1 Even though different actors might have different needs in various contexts, there is still a uniform set of federal standards for drinking water across the United States. In the water regulatory scheme, it is not up to each individual whether they receive lead-poisoned water; it's up to the government actors to do their jobs and set uniform standards across the country. Similarly, the onus of securing online privacy should not be on citizens but on government actors whose job is to set standards and regulations.
Imagining an Online Privacy Regulatory Commission
Like the EPA or the Nuclear Regulatory Commission, the Online Privacy Regulatory Commission would be an independent agency with rulemaking authority whose job would be to set standards and regulations for online privacy control and oversee that States and Online service providers implement these standards. My suggested regulatory scheme would not cure our current privacy issues but would shift U.S. regulation in the right direction. Currently, "the United States does ’t have a singular law that covers all types of data privacy. Instead, it has a mix of laws that go by acronyms like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA."2 The way our current privacy (or lack therefore) regulatory framework works is akin to allowing your neighbors use lead-poisoned water and you think your water is safe from pollution. Privacy regulation is an ecological issue and must be regulated as such. |