Consumer data privacy and security concerns, including progress towards a new trans-Atlantic data deal, a new law in California and proposed rules in California and at the FTC, were top of mind for the insights industry in October. In addition, concerns about draft U.S. Department of Labor regulations impacting research subjects’ status as independent contractors, and miscellaneous other new laws, remain salient.
Consumer privacy and data security
President Joe Biden signed an executive order on government surveillance that should pave the way to an an operable trans-Atlantic data transfer deal with the European Union (EU) by spring 2023. The prior deal, the U.S.-EU Privacy Shield, was struck down by a European court in March 2020 in the Schrems II case.
Insights and analytics companies that retained their self-certification, like through the Insights Association’s Privacy Shield program, should be able to transition quickly to the new data framework once it comes to fruition. The IA Privacy Shield Program is a benefit exclusive to company members and corporate research department members, since IA serves as an Independent Recourse Mechanism (IRM), a required component of the program.
As the Federal Trade Commission (FTC) charges ahead on extremely broad new privacy rules that could rope in most aspects of the insights industry’s work, the Insights Association joined nearly 20 other business groups asking for an additional two months to respond to the complicated proposal.
Meanwhile, Congressional Democrats urged the FTC to step up “efforts to implement strong privacy safeguards that effectively protect children and teens online, including fulfilling your obligation to update regulations under the Children’s Online Privacy Protection Act (COPPA).”
Elsewhere in Congress:
- Kristen Gillibrand (D-NY) introduced the Data Protection Act, comprehensive privacy legislation that would create a new independent federal Data Protection Agency to regulate supposedly high-risk data practices and restrict the collection, processing and sharing of personal data.
- Elizabeth Warren (D-MA) introduced the Health and Location Data Protection Act, legislation that would prohibit many (or even most) insights companies and organizations from selling, sharing, or transferring any health or location data.
- The My Body, My Data Act would prohibit most collection and maintenance of personal information broadly related to reproductive or sexual health by entities outside of the HIPAA-regulated space. It would be enforced by the FTC and by private lawsuits.
- The Protecting Consumer Information Act would require a reconsideration of financial privacy standards under the Gramm Leach Bliley Act.
- Three bills from Rep. Stephen Lynch (D-MA) would further restrict financial privacy and data security and possibly newly cover a lot of insights companies under the Gramm Leach Bliley Act.
Artificial intelligence regulation has also been on the federal menu:
- The Biden Administration released a “Blueprint for an AI Bill of Rights,” identifying “five principles that should guide the design, use, and deployment of automated systems to protect the American public in the age of artificial intelligence.” It shows where the feds are heading on a variety of regulatory areas impacting the insights industry.
- A new Information Technology Industry Council (ITIC) report offered recommendations “on facilitating public trust in and understanding of” artificial intelligence (AI) systems.
At the state level:
- Pennsylvania is considering the Data Broker Registration System Act, which would require data brokers to register and report details of their operations.
- Out in the Golden State, a new draft of rules implementing the California Privacy Rights Act (CPRA) were just released. While the California Privacy Protection Agency blew past the legal July 1, 2022, deadline, it still hopes to have rules finalized by the time CPRA comes into effect on January 1, 2023.
- Finally, the California Age-Appropriate Design Code Act, a new law in California, restricts the creation of goods, services, or product features likely to be accessed by anyone under 18 and restrict the collection or use of their data. It goes well beyond the federal Children’s Online Privacy Protection Act (COPPA) in definitions, scope, and application.
Research subjects = independent contractors
The U.S. Department of Labor, having yanked a Trump Administration regulation of independent contractors in early 2021, has come up with their own rules that would make it more likely for more people to be classified as employees instead, including research subjects receiving participant incentives.
Labor law treatment of independent contractor status is an issue of prime importance in the use of incentives for research subjects in the insights industry, as demonstrated in California in 2020-21 (until the Insights Association succeeded in fixing a state law that had required minimum wage for research subjects).
Miscellaneous new laws
Your support makes all the difference
As the general election nears, the Insights Association is still meeting with policymakers (and candidates) to advocate for the insights industry on these and other important public policy issues across the U.S. This would NOT be possible without YOUR membership and sponsorship!
We are always available to answer your questions on these and other legislative/regulatory/legal issues. Please stay in contact.
Finally, IA company/department members are welcome at our next General Counsel and Privacy Officer Forum on November 4, for candid discussion with peers and experts of legal, privacy, data security and compliance issues facing your insights organization. Participation in these off-the-record forums is a complimentary privilege exclusive to company and department members of IA.
This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.