A group of top Senate Democrats on the Commerce, Judiciary, Banking, and Health, Education, Labor, and Pensions Committees just outlined a set of core principles that should guide any future federal legislation around consumer privacy and data protection.

While we see proclamations around principles and priorities all the time, this one is unique: four senior ranking members with distinct jurisdictions don’t come together very frequently. So this is a clear signal that action on privacy is a priority for all of them, likely after the next election. And with a topic this cumbersome and complex, an early show of solidarity is a meaningful sign that this critical group of experienced dealmakers with credibility across the political spectrum (and throughout the Senate Democratic caucus) aren’t looking just to make noise — they intend to make laws.

The framework from Senators Murray, Cantwell, Feinstein, and Brown laid out four priorities for data protection:

1. Establish data safeguards – minimize data collection to avoid abuse, establish sharing limits, and ensure security, especially around the use of sensitive data relating to race, sexual orientation, children, health or finances.
2. Invigorate competition – establish market power checks that ensure consumers maintain control of their personal data throughout separate businesses within one enterprise and during mergers, acquisitions or bankruptcies.
3. Strengthen consumer and civil rights – provide clear and concise explanation of privacy practices to safeguard individual consumers rights and ensure computer-based decisions protect civil rights for all users.
4. Impose real accountability – give regulators and individuals the tools they need to identify harmful or invasive privacy practices and pursue powerful remedies — including legal action – against bad actors.

Why it matters: Regardless of who wins in 2020 (and, at Precision, we will be working for Democrats up and down the ballot), data privacy will be a major issue. Recent polling demonstrates that most Americans are deeply concerned about — and confused by — who controls their personal information online. The benefits of technological innovation are clear in our daily lives — information readily available at our fingertips, streamlined consumer experiences across platforms, the potential for innovations like self-driving cars, medical advances, and more.

Yet the dystopian aspects are also apparent, with massive data breaches becoming more and more common, sensitive data being shared across platforms, and mounting concerns about the safety of our democracy. A recent Pew study found that 81% of Americans think the risks of data collection outweigh the benefits and most Americans are concerned about how their data is being used by companies and the government. And yet, despite these concerns, nearly 7 in 10 Americans report using social media on a daily basis.

This conflict suggests a clear opportunity for policymaking in the years ahead.

What it means for our clients: To boil it down, the time for action is now, and any company with data and privacy concerns needs to go beyond its comfort zone to ensure it stays ahead of the policymaking curve.  

As the old saying goes, if you’re not at the table, you’re on the menu. It’s time to pull up a chair.  

The ground is shifting in Washington and there is more appetite among policymakers to tackle the big questions surrounding technology and data privacy. Here’s what corporations, non-profits, and political groups should know:

1. Don’t wait for the next election – While Congress will likely continue to conduct oversight of bad actors before acting on major privacy legislation, policymakers are laying the groundwork for action later. The time is now to start thinking about how to act your values and make sure your internal policies and guidelines are ready to face public and media scrutiny.
2. Continue refining your privacy principles – and encourage your peers to follow suit. Take guidance from what is already on the books – protections for credit information in the Financial Credit Reporting Act, health information in the Health Insurance Portability and Accountability Act, and data about children in the Children’s Online Privacy Protection Act – since these laws will likely serve as foundations for future legislative action. But just following the law is not enough in the face of repeated breaches and with revisions and enhancements on the horizon. Going above and beyond is no longer an aspiration, it’s essential.
3. Be inclusive – Use this opportunity to start a dialogue with civil rights and advocacy organizations or strengthen the relationships you already have. Some organizations use the guise of free speech to mask bad practices that hurt vulnerable communities and warp our civil discourse. Now is the time to differentiate yourself by stating your values publicly and ensuring advocates know they can count on you as an ally.
4. Think beyond party lines – The tech debate has shown us that privacy and data protection lead to unique bedfellows – from Josh Hawley and Ted Cruz to Ed Markey and Richard Blumenthal, lawmakers on both sides of the aisle are sending clear signals that data privacy is the next hot issue. Advocacy strategies must be comprehensive in approach with a bipartisan, bicameral focus in Washington, D.C. and in districts and states around the country.
5. Remember the human touch – In today’s rapid-fire news cycle, it can be easy to forget that when we say data protection and privacy, we are really talking about people’s most sensitive information. And because members and the news media rely on personal stories to animate their policy conversations, it’s especially important for companies to look at the impact on the individual level.