Illustration: Lazaro Gamio / Axios
The White House is in the early stages of determining what a federal approach to online data privacy should look like, Axios has learned.
Why it matters: The preliminary conversations show that the White House wants a voice in the contentious domestic and global debate about how to protect consumer privacy online. So far, Europe’s strict General Data Protection Regulation has set the terms of the debate, alarming companies and some regulators in the U.S.
What's happening: Gail Slater, special assistant to President Trump for tech, telecom and cyber policy at the White House National Economic Council, has met with industry groups to discuss possible ways to put in place guardrails for the use of personal data, according to multiple sources familiar with the matter.
- Last Thursday, Slater met with members of the technology committee of The Business Roundtable to discuss possible options, according to two people with knowledge of the meeting.
- Separately, Slater talked about GDPR implementation and Privacy Shield issues with Dean Garfield, CEO of the Information Technology Industry Council, the trade association representing tech companies including Apple, Google, Facebook, IBM, Microsoft, and others.
What we’re hearing: Sources pointed to several possible outcomes from the conversations the White House is having.
- One option is an executive order directing one or more agencies to develop a privacy framework. That could direct the National Institute of Standards and Technology, an arm of the Commerce Department, to work with industry and other experts to come up with guidelines, according to two sources. (NIST declined to comment.)
- The process would likely be similar to the the one the Obama administration launched on cybersecurity in 2013. Congress later supported the continued work on the standards, and President Trump required the use of the framework to help manage government agencies' cyber risk.
- An executive order could also kick off a public-private partnership to lay out voluntary privacy best practices, which could become de-facto standards, according to sources.
- However, it's unclear how an executive order would affect the Federal Trade Commission, which is an independent agency charged with keeping an eye on private sector privacy issues.
- The White House did not respond to requests for comment.
Driving the news: Pressure is building on regulators and lawmakers to take action on privacy in the United States.
- Europe’s GDPR has set a high-water mark for companies that handle user data, as the EU can levy hefty fines on companies that don’t comply. Slater indicated the administration is interested in developing a counter-weight to GDPR so that it is not the de-facto global standard, according to a source in the BRT meeting.
- In California, voters are weighing a strict online privacy regime — the California Consumer Privacy Act — in a November ballot initiative. There is some concern that state laws will create a confusing patchwork of privacy rules.
- This fall, European and American regulators will have to review the Privacy Shield agreement, which governs how American companies treat European citizens’ data. Industry sources say there is a desire to put a stake in the ground on privacy ahead of that review.
- Facebook's Cambridge Analytica scandal raised awareness of privacy issues among both consumers and lawmakers.
What Slater has said: "We're talking through what, if anything, the administration could and should be doing" on privacy, Slater said at a conference hosted last month by the National Venture Capital Association, but added that there is no desire to create a U.S. clone of the European rules.
- Slater said she thinks that “giving consumers more control over their data” and “more access to their data” are good principles contained in GDPR. But she also raised that some portions, like the "right to be forgotten" may not work under U.S. law.
- She emphasized that the rules are burdensome for small businesses and create uncertainty for companies trying to comply — a concern raised by Commerce Secretary Wilbur Ross in a recent Financial Times op-ed.
Her background: Slater is well-versed on privacy issues. Before joining the White House earlier this year, Slater was general counsel of the Internet Association, the trade group representing Google and Facebook. Previously, she was an FTC attorney.
The other coast: Consumer data is the most valuable currency in the growing digital economy. While tech companies generally worry about the prospect of new privacy rules, many also want certainty around user data to protect themselves against fines and legal issues.