Following the passage of Europe’s General Data Protection Regulation and the California Consumer Privacy Act, local, state, and federal lawmakers in the U.S. showed new interest in passing comprehensive privacy laws. CDT shaped these efforts, serving as a resource to lawmakers about how to construct protections that serve consumers while permitting important innovation.
In 2019, CDT was often invited to address lawmakers directly on privacy issues. We testified before the U.S. Congress multiple times, speaking to the House Subcommittee on Consumer Protection and Commerce, the Senate Judiciary Committee, and the Senate Commerce Committee. We called for clear and focused privacy rules and repeatedly demonstrated that the current “notice and consent” model around personal data is no longer a viable option. It provides neither genuine choices for consumers nor certainty for companies of all sizes about what uses of data are appropriate.
We also testified at the Federal Trade Commission’s historic Hearings on Competition and Consumer Privacy in the 21st Century, and served as a resource for state lawmakers across the country. CDT also participated in the National Institute of Standards and Technology’s Privacy Framework process, which offers guidance to organizations and companies seeking to construct a holistic privacy and data protection program based on risk management and privacy engineering principles.
CDT continues to emphasize that privacy proposals that do not address unfair and discriminatory data practices are inadequate. The unregulated collection, use, and sharing of data disproportionately burdens marginalized people, and any privacy law must protect civil rights.
Until comprehensive privacy legislation becomes a reality in the U.S., CDT is committed to working with lawmakers and other stakeholders to craft data protection laws that guarantee everyone in the U.S. comprehensive protections for personal information that can’t be signed away.