New U.S. Privacy & Data Protection Law Is Inevitable Like a Pendulum Swing

It is a matter of when, not if, Congress will pass national privacy and data protection law for the 21st century.

It’s inevitable, because the U.S. privacy policy to date is operating as predictably as a pendulum swinging. Consider the evident big picture, pendulum dynamic at work here.

Before 1996, Americans enjoyed a strong offline right to privacy based on the Fourth Amendment and several Federal privacy statutes granting consumer protection of personal information spanning: telecommunications, consumer info, education, financial services, cable, electronic communications, video, law enforcement assistance, and health information.

In 1996, Congress passed section 230 in the 1996 Telecom Act, which unwittingly and effectively set in motion a huge anti-privacy pendulum counter-swing, away from pre-Internet strong offline consumer privacy protection towards Wild West Internet consumer privacy non-protection.

That’s because Congress in 1996 made it U.S. policy that Internet firms were effectively exempt from most Federal and State regulation and made it U.S. law that Internet platforms were immunized from most civil governmental accountability and consumer protection responsibilities (apparently including consumer privacy and data protection responsibilities.)   

From 1996 to ~2017, the U.S. privacy policy pendulum swung completely from strong pre-1996 offline privacy protections, to the opposite 1996-2017 Wild West Internet’s minimal online privacy protections for Internet firms’ maximal uses/(abuses) of consumers’ personal information without meaningful consumer knowledge or control.

Evidently, Internet platforms have assumed an “open Internet” is government-sanctioned “open season” on consumers’ privacy and data.

The aftermath of the 2016 U.S. Presidential election wasthe effective beginning of the reversal in the direction of the U.S. privacy pendulum swing back towardsmore pre-Internet concern for U.S. privacy and data protection.

The reportedly outsized role of Facebook, Google, Twitter, and other social media in foreign election interference and manipulation set in motion a series of high-profile Congressional hearings. These ongoing hearings have snowballed to encompass social media’s unaccountability more broadly including privacy and data protection.

This has created an overseer/media feedback loop where more public scrutiny begets more discovered problems which begets even more and deeper public scrutiny.

The U.S. pro-privacy legislation pendulum momentum accelerated substantially in 2018 when the ignominious Facebook/Cambridge-Analytica scandal broke and blanket news coverage of the April Zuckerberg Congressional hearings created a national privacy and data protection failure moment, that the world witnessed.

This scandal unearthed a whole new layer of sordid privacy and data protection failures and problems as it was discovered that vast amounts of consumer personal information was being provided routinely to multiple Internet platforms’ partners, app developers and third parties with minimal responsibility or accountability for protecting the consumers’ privacy and data.

Congress and media are now questioning why the FTC’s 2011 privacy consent decrees with Google, Facebook, and Twitter evidently have resulted it minimal actual consumer privacy protection and any deterrence of unfair and deceptive privacy and data practices.

In June, new FTC Chairman Joe Simons, announced the FTC will hold a series of 15-20 public hearings from September to January to explore eleven topics that prominently include privacy and data protection. These Simons hearings will only add to, and accelerate, the pendulum swing momentum for new U.S. privacy legislation.

That’s evident because the new FTC Chairman Simons has signaled he has tentatively concluded that the FTC, the leading Federal consumer protection agency most responsible for protecting American consumers’ privacy and data protection, does not have sufficient authority to be a credible deterrent.

Specifically, Chairman Simons said: “Our remedial authority with respect to data security and also privacy is something that’s of serious concern to me.” “And I’m very nervous that we do not really have the remedial authority that we need in order to create a sufficient deterrent to deter the kind of conduct we want to deter.”

Adding pendulum swing momentum for new U.S. privacy legislation is the coincident implementation of the EU’s General Data Protection Regulation (GDPR), which passed in 2016 and went into effect in May 2018.

Ironically, the EU is giving EU citizens the opt-out privacy and data protection rights that Americans effectively enjoyedprior to Congress passing Section 230 in 1996 that unintentionally eviscerated Americans established offline right to privacy over time.

Adding more pendulum momentum for U.S. privacy legislation was California’s passage in June of the strictest State privacy and data protection legislation in the nation, which will give California’s 11% of American consumers much more control over their personal information and how it is used.

This puts enormous pressure on Congress to pass national privacy legislation in 2019, because the California law will go into effect in 2020. The legislation passed quickly to head off a California privacy referendum in November that would have been much tougher and problematic for Internet platforms and others, because it was expected to pass easily.

No Internet-related company wants fifty different state privacy and data protection laws and regulations, creating a situation of bad or worse choices for them, i.e. national uniform consumer-centric privacy law, or 50 different privacy and data protection laws over time.

Adding further pendulum swing momentum is a June 2018 powerful prod to Congress from the U.S. Supreme Court, which decided in Carpenter v. United States that Americans still enjoy a Constitutional right to privacy in the mobile Internet world and era, in ruling that U.S. law enforcement must get a probable cause warrant to examine a citizen’s location and movement history stored in their smartphone.

If an American has a Fourth Amendment right to, and “reasonable expectation” of, privacy, from the government, it is reasonable that the established pre-Internet offline right to privacy in the nine U.S. privacy statutes listed above, should apply to online activity as they apply offline.

Finally, the most powerful momentum for U.S. privacy legislation is political.

There is overwhelming bipartisan support for legislation that comprehensively would protect Americans privacy and data online and offline regardless of technology.

Without the ability to safeguard one’s privacy and data, one cannot protect one’s safety, security, identity, reputation, relationships, dignity, or property. Voters across the political spectrum get this common sense, self-preservation notion.

No privacy or data protection means one is at the mercy of others, especially when others have no deterrent or risk in abusing or misusing another’s privacy or data.

It is important to note here, that blocking legislation is vastly easier than passing legislation. Internet platform interests have proven that fact over the last two decades in their staunch opposition to most any Internet consumer privacy law, regulation, or liability that would protect their users’ privacy and data.

In sum, the point of this piece is to provide the evidence and chronology that the public policy pendulum has evidently swung back strongly in the direction of passing U.S. privacy legislation and that pendulum swing is evidently gathering extraordinary momentum and creating a bipartisan political network effect of its own. 

If ad-only Internet platforms or their investors imagine that interest in, or bipartisan consensus around, restoring Americans’ privacy will wane and fade away, they are not paying attention or are in denial.

The question is not if there will be new U.S. privacy legislation, but when.

The 2019-2020 Congress looks particularly ripe for passage of U.S. privacy and data protection legislation that restores Americans’ right to privacy offline and online, regardless of technology involved.


Scott Cleland served as Deputy U.S. Coordinator for International Communications & Information Policy in the George H. W. Bush Administration. He is President of Precursor LLC, an internetization consultancy specializing in how the Internet affects competition, markets, the economy, and policy, for Fortune 500 companies, some of which are Internet platform competitors. He is also Chairman of NetCompetition, a pro-competition e-forum supported by broadband interests. Cleland has testified seven times before the Senate and House Antitrust Subcommittees on antitrust matters. Overall, eight different congressional subcommittees have sought his expert testimony a total of sixteen times. When he served as an investment analyst, Institutional Investor twice ranked him the #1 independent analyst in communications. He is also author of “Search & Destroy: Why You Can’t Trust Google Inc.”


Precursor LLC Research Series on Asymmetric Accountability Harms:

Part 1:   The Internet Association Proves Extreme U.S. Internet Market Concentration [6-15-17]

Part 2:   Why US Antitrust Non-Enforcement Produces Online Winner-Take-All Platforms [6-22-17]

Part 3:   Why Aren’t Google Amazon & Facebook’s Winner-Take-All Networks Neutral? [7-11-17]

Part 4:   How the Google-Facebook Ad Cartel Harms Advertisers, Publishers & Consumers [7-20-17]

Part 5:   Why Amazon and Google Are Two Peas from the Same Monopolist Pod [7-25-17]

Part 6:   Google-Facebook Ad Cartel’s Collusion Crushing Competition Comprehensively [8-1-17]

Part 7:   How the Internet Cartel Won the Internet and The Internet Competition Myth [8-9-17]

Part 8:   Debunking Edge Competition Myth Predicate in FCC Title II Broadband Order [8-21-17]

Part 9:   The Power of Facebook, Google & Amazon Is an Issue for Left & Right; BuzzFeed Op-Ed[9-7-17]

Part 10: Google Amazon & Facebook’s Section 230 Immunity Destructive Double Standard [9-18-17]

Part 11: Online-Offline Asymmetric Regulation Is Winner-Take-All Government Policy [9-22-17] 

Part 12: CDA Section 230’s Asymmetric Accountability Produces Predictable Problems [10-3-17]

Part 13: Asymmetric Absurdity in Communications Law & Regulation [10-12-17]  

Part 14: Google’s Government Influence Nixed Competition for Winner-Take All Results[10-25-17]

Part 15: Google Amazon & Facebook are Standard Monopoly Distribution Networks [11-10-17]

Part 16: Net Neutrality’s Masters of Misdirection[11-28-17]

Part 17: America’s Antitrust Enforcement Credibility Crisis – White Paper [12-12-17]

Part 18: The U.S. Internet Isn’t a Free Market or Competitive It’s Industrial Policy [1-4-18]

Part 19: Remedy for the Government-Sanctioned Monopolies: Google Facebook & Amazon [1-17-18]

Part 20: America Needs a Consumer-First Internet Policy, Not Tech-First[1-24-18]

Part 21: How U.S. Internet Policy Sabotages America’s National Security [2-9-18]

Part 22: Google’s Chrome Ad Blocker Shows Why the Ungoverned Shouldn’t Govern Others [2-21-18]

Part 23: The Beginning of the End of America’s Bad “No Rules” Internet Policy [3-2-18]

Part 24: Unregulated Google Facebook Amazon Want Their Competitors Utility Regulated [3-7-18]

Part 25: US Internet Policy’s Anticompetitive Asymmetric Accountability - DOJ Filing [3-13-18]

Part 26: Congress Learns Sect 230 Is Linchpin of Internet Platform Unaccountability [3-22-18]

Part 27: Facebook Fiasco Is Exactly What US Internet Law Incents Protects & Produces [3-26-18]

Part 28: How Did Americans Lose Their Right to Privacy? [4-14-18]

Part 29: The Huge Hidden Public Costs (>$1.5T) of U.S. Internet Industrial Policy [4-15-18]

Part 30: Rejecting the Google School of No-Antitrust Fake Consumer WelfareStandard [4-20-18]

Part 31: Why New FTC Will Be a Responsibility Reckoning for Google Facebook Amazon [4-27-18]

Part 32: “How Did Google Get So Big?” Lax Bush & Obama FTC Antitrust Enforcement [5-23-18]

Part 33: Evident Internet Market Failure to Protect Consumer Welfare -- White Paper [5-31-18]

Part 34: What Happened Since FTC Secretly Shut 2012 Google-Android Antitrust Probe? [6-8-18]

Part 35: Buying WhatsApp Tipped Facebook to Monopoly; Why Didn’t FTC Probe Purchase? [6-19-18]

Part 36: The Sea Change Significance of Simons-FTC Privacy and Antitrust Hearings [6-27-18]