- The Association of National Advertisers (ANA) has called on the Federal Trade Commission (FTC) for a comprehensive federal law around how businesses collect and apply consumer data, The Wall Street Journal reported. The push comes in response to the FTC's request for comment before a planned February hearing on consumer privacy.
- The advertising trade body, which represents more than 1,000 companies and an estimated 25,000 brands, wants to avoid myriad state-level laws with different standards, which could create a compliance headache. The ANA is also arguing that a single federal law would be less confusing for consumers.
- The ANA said it wants the federal government to clearly define "reasonable" and "unreasonable" data practices, with the latter encompassing data used to discriminate based on personal identity — like race, religion and sexual orientation — and sensitive information around employment, credit eligibility and healthcare. "Reasonable" practices would be transparent and offer consumers choices as to how their data is used, though the ANA said it is drawing up more specific definitions for both reasonable and unreasonable data collection.
The ANA's push for a more holistic federal law around data privacy isn't surprising given some of the anxieties that have arisen in the marketing industry since the passage of the California Consumer Privacy Act, set to go into effect in 2020, or the EU's GDPR, which started to be enforced in late May. Each of these laws on their own is complex in outlining how businesses can legally obtain and leverage user data. Similar laws being implemented on a state-by-state level could be too cumbersome and costly for businesses, especially smaller ones, to handle, though most corporations with any sort of internet presence would likely be impacted.
While the CCPA and GDPR share many qualities, there are key differences, including around the number of data rights granted to consumers and the time businesses are allowed to respond to requests for information, as explained by data security firm Veronis. Both laws also carry potentially significant fines for a failure to meet compliance, which has helped to stoke concern over the introduction of a greater number of similar, but not strictly identical, laws. The CCPA was resisted particularly fiercely by telecom and technology companies, including Amazon, Google, Microsoft, Comcast, AT&T, Verizon and, initially, Facebook, which backed down following the Cambridge Analytica scandal.
Some high-profile executives have taken on a similar initiative as the ANA in recent months. Apple CEO Tim Cook, giving a keynote address at an EU-organized conference in Brussels in October, decried a "data industrial complex" and sounded off for a more comprehensive U.S. law around data privacy, highlighting GDPR as a model. Apple could potentially gain significant advantages from such a law, which would ostensibly impact competitors — namely Google and Facebook — that derive the bulk of their revenue from data-informed advertising.
The expectation for a more significant U.S. privacy law could be growing as high-profile companies land repeatedly in hot water over their data-sharing practices. The New York Times reported earlier this week on how Facebook shared sensitive information, including access to users' private messages, with certain companies and in ways that ran afoul of its own policies. Data privacy experts told the Times that such practices potentially violated a user consent decree the social network struck with the FTC in 2011, which could incur massive fines. Facebook was also sued by the DC attorney general on Wednesday over the Cambridge Analytica scandal.