What Will Presidential Candidates do about Privacy?

With the political babble picking up steam ahead of the 2024 US presidential election, a key issue seems to be understated, or more accurately: Unaddressed. That is the matter of a national digital privacy policy.

Living in one of the states that hold early primaries, I hear the candidates jibber jabber on a daily basis.  Yes, there are other important issues on the minds of White House Wannabees: war, taxes, education and more.

But, data privacy matters, too, and it should be addressed, even if the candidates only occasionally work it into their standard three talking points. These folks need to outline how they are going to protect our sensitive personal data, collected when we -- innocent kids to crotchety seniors -- do during the growing number of hours that we are online and during in-person business dealings. How can we limit what other individuals, businesses, and government entities do with the information they glean from us?

In the past, each time there has been a proposal for a comprehensive federal privacy policy the pushback from business and government has been along the lines of “the states already have policies” or “trust us.” Each argument is flawed.

Consider the “trust us” response first. Trusting big business can be risky, particularly, and when the business is one of the mega-sized tech companies (Hello, Google, Facebook, et al). However, every retailer, transportation company, medical center, and service provider seems to want to collect more data from us every year. Good luck in figuring out what they plan to do with that data when you read their terms of service. Let’s be honest, nobody really can understand the vagaries that businesses include on those TOS pages.

Related:US Data Privacy Relationship Status: It’s Complicated

Even where the relatively few states -- and the EU -- that have tried to protect individuals’ privacy, the issue is that businesses and government agencies look for gaps in the law. That’s how they justify borderline abuse such as spam and data sharing with partner entities.

They feel their behavior is innocent and that it's "the other guy" that really is abusing our trust. In reality, the majority of businesses today are looking for ways to leverage our financial, shopping, travel, and health data. They aren’t setting out to do evil; they see data collection as core to business today. But, they are playing in an arena that doesn’t have comprehensive and clearcut rules for what can and cannot be done with data, and, for example, when true customer “opt-in” must apply.

Similarly, we lack definition for how long data should be maintained, updated, deleted, or protected. Keep in mind that our data actually may live longer than we do.

Related:US Lawmakers Mull AI, Data Privacy Regulation

Simply, privacy protection must be a federal matter, and not left to the states. We need to hear from our next president (and congressional representatives) what our data privacy rights should entail, and how any new laws should be enforced.

I recognize there is a resurgence in reliance on states’ rights on many significant political issues, including gun control and abortion. However, the US isn’t 50 completely independent, self-ruling realms. Even back when the Constitution was enacted in 1788 and the Bill of Rights in 1791, the founders recognized the need for a central government and the sanctity of certain rights for all. Of course, data privacy wasn’t mentioned for obvious reasons. Yet, both documents, including the 9^th Amendment, left room for Congress to define new rights as needed. It’s past time for Congress and the next president to take action to recognize that we as citizens should be able to exercise control of our personal data.

The reason privacy isn’t just a state matter rests in the way the world has changed, just in our lifetimes. In business, travel, communications, and finance, our everyday lives give us a presence in multiple states (and multiple nations, but global politics present a discussion for another day).

Related:Will Your Company Be Fined in the New Data Privacy Landscape?

In fact, we have no idea where a business we are dealing with is based or incorporated. Heck, even employees of a business typically can’t tell you where the company is really based. That sets the 2023 nation apart from the 1780s country where most Americans did business in person and never left their home state.

It’s common today to cross state lines on a regular basis. A single business transaction like an online purchase may virtually touch entities in four or more states, depending on the locations of the retailer, the shopping website, your bank, the shipping service and more. Your data skips through all of them while we never leave the comfort of our home or office. Which state laws would apply to each aspect of each step in the transaction? Nobody really knows.

Some political candidates are starting to raise questions about the use of artificial intelligence, spurred by the growth of generative AI. While they view AI as a monster, they don’t consider that the privacy issue relates to more than AI. Rather, it involves the data that underlies and fuels AI and a few million other applications, even seemingly simple acts such as creation of marketing lists. Someone needs to step forward and take the initiative to lead us to a comprehensive data privacy policy. So far, today’s candidates don't seem to care. It’s time that the voters did care.