ACT | The App Association has been calling for “The Year of Privacy” since at least 2017, with the hopes that lawmakers in the United States would pass a national privacy law to protect people of all ages who use technology. Despite the fact that we have yet to see a federal privacy law pass in the United States, we have seen a global response to our privacy call with the implementation of a wide range of proposals that generally seek to protect consumers, but for one reason or another are lumped into the privacy bucket, a subcategory of consumer protection.
The Privacy Thicket, the Safety Glade, and the Content Mod Grove
Along with genuine privacy proposals like the EU’s General Data Protection Regulation (GDPR), 12 recently enacted comprehensive U.S. state privacy laws, and the introduction of the American Data Privacy and Protection Act (ADPPA), policymakers are also pursuing concepts like the UK Online Safety Act, the U.S. Kids Online Safety Act (KOSA), and most recently Washington State’s HB 1627 – a bill aimed at protecting children from being exploited on family vlogs. The second set of bills mainly seeks to protect interests other than privacy either by setting rules and restrictions on how online platforms moderate content or by creating personality-centered property rights for the minor children of vloggers who appear in their parents’ content. Ultimately, despite the widespread inclination to think of all of these efforts as offshoots of “privacy,” policymakers must approach the separate efforts to reform laws designed to affect content moderation, child safety, and privacy separately.
While each of these policies (introduced and implemented) addresses elements of consumer protection, not all of them deal with privacy, and some of them deliberately contradict privacy interests in service of other safety and consumer protection goals. That said, even though online safety proposals can occasionally interfere with privacy goals, the policy interests that animate them are not inherently irreconcilable. For example, ADPPA includes exceptions for law enforcement access and algorithm-specific requirements that dovetail with core safety interests, albeit imperfectly. Proposals can be crafted thoughtfully, especially when approached with a faithful focus on the main goals. Breaking up online consumer protection into age groups, however, carries with it some risks, and, in fact, many of the proposals across consumer protection categories focus narrowly on protecting children. We have long advocated for lawmakers to approach privacy more comprehensively across all age groups—but in a way that accounts for the varying degrees of risk posed by the collection, processing, and transfer of sensitive personal information—since the entire ecosystem would benefit from updated privacy and security laws.
Policymakers Should Stick to the Path They Start With
When taking a look at rules and regulations, our small business members and the people they serve are top of mind. We often see a piece of legislation that appears to have a great intention(protecting kids online) that actually could seriously undermine digital privacy and security (by eliminating encryption for all), inadvertently doing significant damage to small businesses powering the wider app economy. Like the encryption example above, taken from the UK’s Online Safety Bill, we often see this policy predicament occur when lawmakers are attempting to address several different overarching policy goals in one proposal.
Overstuffing legislation is always problematic, but because there is so much to lose when it comes to children’s privacy specifically, lawmakers must be mindful to keep issues around data privacy, online safety, and content moderation separate legislative ventures. Conflating these overarching policy goals could lead to a dangerous precedent that makes it next to impossible for technologists to do what they do best – keep users’ information safe.
In Conclusion
In order to protect the most at-risk populations lawmakers around the globe should tackle consumer protection issues one by one, especially the popular efforts directed at privacy, content moderation, and online safety. This includes understanding there is not a one-size-fits-all approach to protecting consumers online and that the different elements and issue areas in this arena require thoughtful, purposeful leadership. We hope to see policymakers understand the weight of this issue and regulate mindfully to keep everyone’s most personal information safe.