Law in the Internet Society
-- AllysonChavez - 11 Dec 2023

We Need a Federal Online Privacy Regulatory Framework

When one thinks about security regulations on the internet, individuals often ask, "What can I do to keep myself safe." This instinct is of individual blame, and thus, seeking an individual solution is understandable, given that we live under Western Philosophy's idea of individualism. Nevertheless, the road toward effective security regulation is not one of individualist change but rather one of ecological change.

The Ecology of Privacy

One cannot think of privacy concerns as issues of individual action and responsibility. This perspective misses the reality that issues of privacy deal with multiple interconnected biological and non-biological actors. Take one neighborhood, for example. Let's say that House A and House B both have access to a mechanism that will protect them from any privacy concerns. Nevertheless, it is up to each house to sign up or accept the security, creating a system where not every house in the neighborhood is protected. This regulation is ineffective because it is akin to using an umbrella with holes during the rain; some water is bound to get through, and you will ultimately end up wet. It works similarly when private consumer data protection differs from state to state. Just like water, the internet doesn't stop at state lines.

Regulating Online Privacy like Water

Our drinking water is regulated under the Safe Drinking Water Act ("SDWA"). According to the Environmental Protection Agency ("EPA"), "under the SDWA, EPA sets standards for drinking water quality and oversees the states, localities, and water suppliers who implement those standards." 1 Even though different actors might have different needs in various contexts, there is still a uniform set of federal standards for drinking water across the United States. In the water regulatory scheme, it is not up to each individual whether they receive lead-poisoned water; it's up to the government actors to do their jobs and set uniform standards across the country. Similarly, the onus of securing online privacy should not be on citizens but on government actors whose job is to set standards and regulations.

Imagining an Online Privacy Regulatory Commission

Like the EPA or the Nuclear Regulatory Commission, the Online Privacy Regulatory Commission would be an independent agency with rulemaking authority whose job would be to set standards and regulations for online privacy control and oversee that States and Online service providers implement these standards. My suggested regulatory scheme would not cure our current privacy issues but would shift U.S. regulation in the right direction. Currently, "the United States does ’t have a singular law that covers all types of data privacy. Instead, it has a mix of laws that go by acronyms like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA."2 The way our current privacy (or lack therefore) regulatory framework works is akin to allowing your neighbors use lead-poisoned water and you think your water is safe from pollution. Privacy regulation is an ecological issue and must be regulated as such.


1.Regulatory and guidance information by topic: Water | US EPA

2. Thorin Klosowski, The State of Consumer Data Privacy Laws in the U.S. (and why it matters), The New York Times (2021)

 

Navigation

Webs Webs

r3 - 12 Dec 2023 - 00:30:44 - AllysonChavez
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM