IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

The Downside to State and Local Privacy Regulations

Are stricter privacy regulations a good thing? As more state and local governments look to protect data privacy, a couple of industry experts point out some of the challenges associated with these types of policies.

Data privacy
Shutterstock
To fight back against cyber threats, state and local governments have started to implement tighter privacy regulations. But is this trend a good thing? Or do stricter rules present more challenges than they do solutions?

According to Daniel Castro, vice president of the Information Technology and Innovation Foundation, one of the main issues with stricter privacy regulations is having no centralized rules for states to follow.

“Probably the biggest problem is states setting up a set of contradictory overlapping rules across the country,” Castro said. “This creates a serious cost on organizations and businesses. They can abide by 50 state privacy laws, but there could be different regulations across local jurisdictions.”

One example of a hurdle for organizations and businesses is local jurisdictions creating specific rules for facial recognition and biometric technology.

“Let’s say a company starts selling a smart doorbell service; because of these rules, this service might not be able to be legally sold in one jurisdiction,” Castro said.

Another concern relates to the distinction between government data collection and commercial data collection, said Washington state Chief Privacy Officer Katy Ruckle. Sometimes there is a notion that one law can apply to everything, but different data types involve different types of rights for individuals.

"An example I like to use is somebody that’s been committed to a mental health institution for mental health needs," Ruckle said. "Their data collection is very different from somebody buying a vacuum cleaner off Amazon.”

On the topic of governments collecting data, Castro emphasized the importance of knowing how data will be utilized in order to set appropriate privacy regulations.

“I think new questions are going to be raised as more data comes in from new sources,” he said. “I don’t think we should cut off governments from using data in useful ways. It’s just being more aware of how it’s being used.”

For instance, a recently enacted Colorado bill has created personal data privacy rights in response to tech companies storing information about consumers. Specifically, the bill will apply to tech companies that collect information like where people shop online, the products they buy or the websites they visit.

That bill “is an effort to thread that needle, protect our privacy, and at the same time, give all the businesses we rely on, all the providers that we rely on, the ability to do their job without stealing our future, without stealing our identity, without stealing the representation of who we want ourselves actually to be,” Sen. Paul Lundeen previously told Government Technology.

Colorado consumers will have the ability to opt out of having companies collect certain information — like which websites they’re visiting — and could decide whether to deny a company access to sensitive data like a health condition.

Another version of similar privacy legislation is Senate Bill 5062 from Washington state. According to this bill, consumers will have the right to access, transfer, correct and delete data that companies hold on them.

To enforce the bill, Attorney General Bob Ferguson would focus on specific patterns of abuse, such as whether or not browsers are capturing data and inappropriately selling it to marketers, or checking to see if ISPs capture data in ways that may not be in the public interest.

“It’s all about transparency,” Sen. Reuven Carlyle previously told Government Technology. “You should be able to easily access a global platform and look at the data companies have about you and then correct that data and decide whether or not you want to have a relationship with that company.”

As for other privacy efforts in Washington state, Ruckle highlighted the importance of seven privacy principles aimed at fostering trust between the public and state agencies: lawful, fair and responsible use; data minimization; purpose limitation; transparency and accountability; due diligence; individual participation; and security.

“I would say the challenges for the collection of information is collecting too much information,” Ruckle said. “People have a right to be concerned. We need to be clear about why we are collecting information to help people trust the government a little bit more.”
Katya Diaz is a staff writer for Government Technology. She has a bachelor’s degree in journalism and a master’s degree in global strategic communications from Florida International University.