You see a news story talking about the need for a national privacy law and how Congress is working on one—or, at least, should be. What year is it?
Trick question: it could be almost any year in the past two decades. Including, now, 2024. Last week, the Washington Post reported that the leaders of two key congressional committees were “nearing an agreement on a national framework aimed at protecting Americans’ personal data online.” (The news was first reported by Punchbowl News, a political newsletter.) As the Post noted, this would mean that Congress is close to passing legislation that has “eluded them for decades.” Cathy McMorris Rodgers, a Republican representative from Washington State who chairs the House Energy and Commerce Committee, and Maria Cantwell, a Democratic senator from the same state and chairperson of the Senate Commerce Committee, are expected to announce the deal next week.
According to The Hill, the two members of Congress decided that the time was right to push for a national privacy law in part because of recent fears that social platforms are harming children (a debate that I wrote about last week in this newsletter), but also due to concerns about the impact of artificial intelligence. In a statement, Cantwell said that a federal data privacy law must “make privacy a consumer right, and it must give consumers the ability to enforce that right,” adding that the bill is the protection “Americans deserve in the Information Age.” Under the draft law, companies would face limits as to what data they can collect and use, and individuals would be allowed to sue “bad actors” for violating their privacy. New data security standards would also hold companies accountable if data is hacked or stolen. And the Federal Trade Commission would form a new bureau in order to enforce the law.
To say that such a law has been a long time in the making would be an epic understatement. Writing for the Brookings Institution in 2021, Jessica Rich, a former attorney with the FTC who at one point was in charge of its privacy arm, noted that the idea of a federal privacy law goes back to at least 2000, when the FTC called on Congress to pass one, echoing similar appeals from leading privacy groups. Congress failed to act for a variety of political reasons, however, and nothing was passed for the next two decades, despite exhaustive debate and dozens of bills and hearings.
When the FTC made its request in 2000, Rich notes, the internet was still in its infancy as a public medium; Facebook would not exist for another four years, the iPhone for another seven. But Rich argues that the need for a national privacy law was obvious even before such social networks and smartphone apps started tracking our behavior, location, and consumption habits. FTC surveys had already shown that, despite collecting large amounts of private personal information, “very few companies disclosed anything about how they collected and used this data.” Fewer still promised even the most basic protections for that data.
So why has a federal law taken so long? Although most members of the House and Senate seem to agree that privacy needs to be protected, there have been some key differences in the application of those protections in the past, along with some partisan squabbling. (Surprise!) As Politico noted in 2022 while discussing a new proposal for a bipartisan privacy bill, a previous attempt at such a law in 2019 was supported by the House Energy and Commerce Committee and the Senate Commerce Committee, but fell apart because of a clause that would have permitted anyone whose data was misused to sue the company or companies involved in a private action. Among other critics, the US Chamber of Commerce said that it strongly opposed such a provision.
In the absence of a federal law, a number of states have implemented their own privacy legislation. The first to do so was California, in 2018; according to a recent estimate from the International Association of Privacy Professionals, fifteen other states now have comprehensive privacy laws. Political analysts say that these state laws, particularly California’s, have been a sticking point when it comes to crafting a national law. According to the Post, Cantwell and McMorris Rodgers’s proposed legislation would preempt state laws. They have promised that the new law will set a stronger standard than in any state. But, per the Post, this claim is “likely to provoke opposition, especially from California,” which believes that its law is better. And analysts say there are a number of other potential roadblocks to the bill. One is the ticking clock: the presidential election is in November, and unless a bill moves forward and gets to a vote before then, the clock will likely have to be reset. And McMorris Rodgers isn’t running for reelection.
Meanwhile, Congress is in the midst of another battle over privacy, but from a very different perspective: Namely, how much privacy and transparency should Americans expect when it comes to surveillance by their own government? A bipartisan coalition of lawmakers is trying to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, which expires next week. FISA is a controversial law that was originally designed to allow the US government to capture the phone calls, emails, and online activity of non-Americans—but that also lets it snoop on citizens whose data gets caught in those nets. Congressional critics of the latter practice argue that intelligence agencies should have to apply for a warrant in such cases. (Currently, they don’t have to do so. I wrote about a prior iteration of this debate in December.)
As CNN noted, the debate over the law has created “some strange bedfellows” in Congress. Some Republicans have found common cause with Democrats who want to reform the law to provide more transparency, while more security-focused Republicans have joined with like-minded Democrats to oppose new restrictions on intelligence agencies, arguing that it would make it harder for them to do their jobs. Per CNN, the Biden administration has been “publicly and privately lobbying Congress on the importance of Section 702 and pushing for as few changes as possible,” including any kind of warrant requirement. Yesterday, a procedural motion to consider the extension of Section 702 failed on the House floor after Republican rebels voted to tank it.
According to Noah Chauvin, a counsel in the Liberty and National Security Program at New York University, Congress has directed intelligence agencies to minimize the retention and use of Americans’ information. Despite this, he writes in The Dispatch, officials from the FBI, CIA, and NSA perform “more than 200,000 warrantless backdoor searches every year” involving the private phone calls, text messages, and emails of American citizens. Many of these searches, Chauvin says, involve “alarming abuses.” He says that the government has searched the communications of members of Congress and journalists, and that the FBI has improperly searched the communications of a US senator and a judge who reported civil rights violations by a police chief.
All told, Americans could wind up being protected by law from having their private information taken and sold by social platforms and apps, but unprotected if the government wants to surveil their phone calls and electronic communications. Or those two outcomes could be reversed. What seems more likely is that citizens of the US will remain unprotected in either eventuality, as they have been for the past two decades or so—unless something dramatic happens, and the repetitive headlines finally stop.
Other notable stories:
- Yesterday, President Biden held his first news conference of the year during a joint appearance with Fumio Kishida, the prime minister of Japan, taking questions from Bloomberg, Agence France-Presse, and two Japanese outlets. As Politico reports, a Biden aide’s grip on the shared microphone caused a stir, as did the presence of Ken Joseph, an American and Japanese citizen who is also “a pastor who moonlights as a White House reporter, usually when the news involves Japan”; Joseph reportedly managed to get into the Oval Office and speak to Kishida despite not being part of the day’s “pool” arrangement, before eventually being asked to leave. Meanwhile, Biden told reporters that his administration is “considering” Australia’s request that the US drop its bid to prosecute Julian Assange. (We wrote about Australia’s stance last year.)
- This week, Adam Schiff, a Democratic congressman from California (and likely next senator for the state), introduced a bill that would require AI companies to disclose any copyrighted material that they have used to train their models—weighing into a copyright fight between AI firms and media companies (including in the news business) that we’ve covered in this newsletter. In other news at the intersection of AI and politics, the AP spoke with Don Beyer, a Democratic congressman from Virginia, who enrolled for a master’s degree in machine learning so that he might better understand the technology and how to regulate it. And Wired’s Vittoria Elliott reports on fears that election deniers could use AI tools to drown election workers in freedom-of-information requests.
- Yesterday, the Wall Street Journal laid off around eleven staffers, mostly working in video- and social media–related roles—continuing a recent pattern of “piecemeal” cuts at the paper, the Daily Beast’s Corbin Bolies notes. “The paper let go of nearly 20 staffers in its Washington, D.C. bureau in February as part of a newsroom shake-up that included Pulitzer Prize winner Brody Mullins, rankling staffers in both the paper’s D.C. and New York newsrooms,” Bolies writes. Meanwhile, in the UK, the nonprofit newsroom openDemocracy moved to cut around ten roles, or a fifth of its staff, including several senior journalists. Bron Maher has more details for Press Gazette.
- Last year, the Indian government cracked down on a BBC documentary about Narendra Modi, the prime minister, as we wrote in this newsletter. Indian tax officials subsequently raided the broadcaster’s offices in the country, a step many observers linked to the documentary, but which authorities described as linked to a probe under foreign investment rules. Now the BBC has moved to split its Indian operations in two: some staffers will continue to work directly for the broadcaster, but others will move over to a new Indian-owned company called the “Collective Newsroom.” The Guardian has more.
- And officials in Hong Kong detained Aleksandra Bielakowska—a representative of Reporters Without Borders (RSF) who was flying in to monitor the trial of Jimmy Lai, the jailed founder of the pro-democracy newspaper Apple Daily—at the territory’s airport, then deported her. RSF said that it had “never experienced such blatant efforts by authorities to evade scrutiny of court proceedings in any country,” and argued that the move highlighted “the dire erosion of press freedom and the rule of law in Hong Kong.”
ICYMI: Hacking journalism
Mathew Ingram is CJR’s chief digital writer. Previously, he was a senior writer with Fortune magazine. He has written about the intersection between media and technology since the earliest days of the commercial internet. His writing has been published in the Washington Post and the Financial Times as well as by Reuters and Bloomberg.