The Washington PostDemocracy Dies in Darkness

Opinion Congress agrees data privacy is a problem. So where’s the bill?

A Kaspersky employee types on a keyboard in Moscow on Oct. 17, 2016.
A Kaspersky employee types on a keyboard in Moscow on Oct. 17, 2016. (Kirill Kudryavtsev/AFP/Getty Images)
Placeholder while article actions load

CONGRESS HAS been promising federal privacy legislation for a year now and producing little more than a hodgepodge of conflicting piecemeal proposals. Now, at long last, one party’s leadership has stepped up to put the muscle of its caucus behind . . . a loose set of principles.

Senate Democrats under Charles E. Schumer (D-N.Y.) unveiled this week what is basically a wish list for a bill-to-be, supported by the ranking members of the four relevant committees. The showing of support lends some leverage to Sen. Maria Cantwell (D-Wash.), who has been negotiating with Commerce Committee Chairman Roger Wicker (R-Miss.) in search of a bipartisan plan. And there’s a deadline: a hearing to be scheduled for early December, by which time lawmakers will either have to present some language or show up empty-handed.

It’s disheartening that attempts to address the downsides of the data economy have been mostly moribund for months — but somewhat encouraging that top Democrats take the issue seriously enough to defibrillate talks. Privacy shouldn’t be a partisan issue, and members’ rhetoric has suggested it isn’t. Lawmakers on both sides of the aisle are far from shy in calling out technology companies for abusing consumers’ trust, and a recent Pew Research Center poll shows the vast majority of Americans are “confused” and “concerned” about how their personal information is collected, processed and shared.

The Democratic principles are promising in this regard: They rely on some long-standing concepts about Americans’ rights to know how firms handle their data, but they also direct the focus away from the consumer’s responsibility to read impenetrable terms of service and toward corporate responsibility to treat people’s data more responsibly and respectfully. The document gestures at prohibiting some bad practices entirely, with special attention to illegal bias and discrimination.

Republicans should take the Democratic offer and run with it. Democrats, in turn, should stay serious about playing ball. What was once a deadlock over whether federal legislation should preempt state statutes seems likely to end in compromise: a bill from Congress that is stronger than existing local laws, in exchange for a unified national standard. But another sticking point has emerged. Democrats want a private right of action so that consumers can sue companies directly for privacy violations; Republicans don’t, and even those in the middle fear an onslaught of frivolous lawsuits that enrich trial lawyers rather than consumers.

Lawmakers should be willing to budge a little to get something on the table — lest U.S. companies and consumers alike end up bound by European regulations that satisfy neither the most vocal privacy advocates nor the staunchest defenders of data hoarding. The Democrats’ principles sound nice in, well, principle. It is months past time to define the details and put them into practice.

Read more:

The Post’s View: Tech platforms still have a long way to go in policing child sex abuse online

The Post’s View: Should Congress override state privacy rules? Not so fast.

The Post’s View: Our privacy regime is broken. Congress needs to create new norms for a digital age.

Mark Zuckerberg: The Internet needs new rules. Let’s start in these four areas.

Woodrow Hartzog and Neil Richards: It’s time to try something different on Internet privacy