Fighting for You: October 2022 Legislative and Regulatory Update - Articles

Articles

31Oct

Fighting for You: October 2022 Legislative and Regulatory Update

Consumer data privacy and security concerns, including progress towards a new trans-Atlantic data deal, a new law in California and proposed rules in California and at the FTC, were top of mind for the insights industry in October. In addition, concerns about draft U.S. Department of Labor regulations impacting research subjects’ status as independent contractors, and miscellaneous other new laws, remain salient.

Consumer privacy and data security

President Joe Biden signed an executive order on government surveillance that should pave the way to an an operable trans-Atlantic data transfer deal with the European Union (EU) by spring 2023. The prior deal, the U.S.-EU Privacy Shield, was struck down by a European court in March 2020 in the Schrems II case.

Insights and analytics companies that retained their self-certification, like through the Insights Association’s Privacy Shield program, should be able to transition quickly to the new data framework once it comes to fruition. The IA Privacy Shield Program is a benefit exclusive to company members and corporate research department members, since IA serves as an Independent Recourse Mechanism (IRM), a required component of the program.

As the Federal Trade Commission (FTC) charges ahead on extremely broad new privacy rules that could rope in most aspects of the insights industry’s work, the Insights Association joined nearly 20 other business groups asking for an additional two months to respond to the complicated proposal.

Meanwhile, Congressional Democrats urged the FTC to step up “efforts to implement strong privacy safeguards that effectively protect children and teens online, including fulfilling your obligation to update regulations under the Children’s Online Privacy Protection Act (COPPA).”

Elsewhere in Congress:

  • Kristen Gillibrand (D-NY) introduced the Data Protection Act, comprehensive privacy legislation that would create a new independent federal Data Protection Agency to regulate supposedly high-risk data practices and restrict the collection, processing and sharing of personal data.
  • Elizabeth Warren (D-MA) introduced the Health and Location Data Protection Act, legislation that would prohibit many (or even most) insights companies and organizations from selling, sharing, or transferring any health or location data.
  • The My Body, My Data Act would prohibit most collection and maintenance of personal information broadly related to reproductive or sexual health by entities outside of the HIPAA-regulated space. It would be enforced by the FTC and by private lawsuits.
  • The Protecting Consumer Information Act would require a reconsideration of financial privacy standards under the Gramm Leach Bliley Act.
  • Three bills from Rep. Stephen Lynch (D-MA) would further restrict financial privacy and data security and possibly newly cover a lot of insights companies under the Gramm Leach Bliley Act.

Artificial intelligence regulation has also been on the federal menu:

  • The Biden Administration released a “Blueprint for an AI Bill of Rights,” identifying “five principles that should guide the design, use, and deployment of automated systems to protect the American public in the age of artificial intelligence.” It shows where the feds are heading on a variety of regulatory areas impacting the insights industry.
  • A new Information Technology Industry Council (ITIC) report offered recommendations “on facilitating public trust in and understanding of” artificial intelligence (AI) systems.

At the state level:

  • Pennsylvania is considering the Data Broker Registration System Act, which would require data brokers to register and report details of their operations.
  • Out in the Golden State, a new draft of rules implementing the California Privacy Rights Act (CPRA) were just released. While the California Privacy Protection Agency blew past the legal July 1, 2022, deadline, it still hopes to have rules finalized by the time CPRA comes into effect on January 1, 2023.
  • Finally, the California Age-Appropriate Design Code Act, a new law in California, restricts the creation of goods, services, or product features likely to be accessed by anyone under 18 and restrict the collection or use of their data. It goes well beyond the federal Children’s Online Privacy Protection Act (COPPA) in definitions, scope, and application.

Research subjects = independent contractors

The U.S. Department of Labor, having yanked a Trump Administration regulation of independent contractors in early 2021, has come up with their own rules that would make it more likely for more people to be classified as employees instead, including research subjects receiving participant incentives.

Labor law treatment of independent contractor status is an issue of prime importance in the use of incentives for research subjects in the insights industry, as demonstrated in California in 2020-21 (until the Insights Association succeeded in fixing a state law that had required minimum wage for research subjects).

Miscellaneous new laws

Your support makes all the difference

As the general election nears, the Insights Association is still meeting with policymakers (and candidates) to advocate for the insights industry on these and other important public policy issues across the U.S. This would NOT be possible without YOUR membership and sponsorship!

We are always available to answer your questions on these and other legislative/regulatory/legal issues. Please stay in contact.

Finally, IA company/department members are welcome at our next General Counsel and Privacy Officer Forum on November 4, for candid discussion with peers and experts of legal, privacy, data security and compliance issues facing your insights organization. Participation in these off-the-record forums is a complimentary privilege exclusive to company and department members of IA.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Improving Contractor Cybersecurity Act - H.R. 5310

Improving Contractor Cybersecurity Act - H.R. 5310

The Improving Contractor Cybersecurity Act (H.R. 5310) would require cybersecurity measures for fede...

Read More >
Digital Platform Commission Act - S. 1671

Digital Platform Commission Act - S. 1671

The Digital Platform Commission Act (S. 1671) would create a new federal agency to regulate online p...

Read More >
2024 State Privacy Legislative Roundup

2024 State Privacy Legislative Roundup

The insights industry faced comprehensive consumer data privacy legislation in 2024 in dozens of sta...

Read More >
Health and Location Data Protection Act of 2024 - S. 5462

Health and Location Data Protection Act of 2024 - S. 5462

The Health and Location Data Protection Act (S. 5462) would prohibit many (or even most) insights co...

Read More >
Health Infrastructure Security and Accountability Act - S. 5218

Health Infrastructure Security and Accountability Act - S. 5218

The Health Infrastructure Security and Accountability Act (S. 5218) would require tougher data secur...

Read More >
New Colorado Biometric Privacy Law H.B. 1130

New Colorado Biometric Privacy Law H.B. 1130

A new law in Colorado builds upon the existing Colorado Privacy Act, adding specific requirements fo...

Read More >
Members only Article - Please login to view