Widgetized Section

Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone

Colorado lawmakers weigh data privacy as Congress continues to dither on tech regs

By
April 1, 2021, 10:17 am
Scott Graham, Unsplash

Colorado this legislative session may be joining a handful of states trying to fill a federal void in regulating personal data privacy and security, but most experts agree the state-level patchwork is far from an ideal solution to a problem that’s been growing online for decades.

Senate Bill 190 (Protect Personal Data Privacy), introduced in the Senate Business, Labor & Technology Committee, would create personal data privacy rights for Colorado consumers. The bill is modeled after similar laws in Washington and California.

Committee chair Robert Rodriguez, a Denver Democrat, admits lawmakers are way behind the curve on regulating personal data privacy and that the U.S. Congress should be taking the lead, but he says Coloradans deserve some form of protection.

“It’s mostly a consumer protection bill,” Rodriguez said. “It’ll give them the ability to opt out if they choose to; it’ll give them the ability to access their data; it’ll give them the ability to correct it if there’s errors.”

Sen. Robert Rodriguez

The legislation as currently proposed applies to companies that control or process the personal data of more than 100,000 consumers a year or derive revenue from the sale of personal data and control or process the personal data of at least 25,000 consumers. It would not apply to personal data governed by certain state and federal laws.

While many industry experts and media observers agree the most effective form of data privacy protection is “opt-in” regulation – rather than requiring consumers to opt out of automatic collection – Rodriguez says opt-in was a non-starter in Colorado.

“As much as I would love to do an opt-in, I don’t know where the will is,” Rodriguez said. “Nobody has an opt in other than GDPR [General Data Protection Regulation] in Europe. No other states have that. I would love to do that, but I don’t think we’re at that point.”

Opt-in laws would do away with the automatic collection of personal data and require companies to ask consumers for permission. Some proposals at the federal level, where there is currently no national data privacy standard, would allow consumers to opt in.

Rodriguez laments being behind the curve on data privacy and security, where data breaches and a lack of accountability have destroyed consumer confidence, but he says there’s still an opportunity for Colorado to lead on some forms of tech regulation.

“[This bill] doesn’t deal with facial recognition or biometrics; there’s actually a separate bill coming for that, which I would be the sponsor of [in the Senate]. That bill’s being worked on in the House,” Rodriguez said. “It’s not good to mix this technology, because it’s all so different.”

Lawmakers need to get out ahead of rapidly developing technology, he added.

“It’s an emerging technology, so it’ll be an interesting fight, but one that’s needed,” Rodriguez said. “We’re way too late on data privacy now because it’s been out and it’s so ingrained. Facial recognition is new and innovative, and it might be good to get ahead of the curve.”

Frannie Matthews of the Colorado Technology Association says these deliberations need to be happening much more robustly in Congress.

“A lot of this regulation should be happening at the federal level so we have consistency, because what we have now is inefficient,” Matthews said. “This is a federal issue because it certainly seems like interstate commerce, and we need to understand if states have jurisdiction over this.”

Matthews agrees that personal data privacy and security is a critical issue for consumers.

“We are, for convenience, just giving [our data] away,” Matthews said. “A great example of not very effective regulation is how many times a day do you see ‘this website uses cookies,’ but if you really want to get into it, you say OK? You have no idea really what that means about where your data goes and what data they’re utilizing.”

Another concession Rodriguez says he made to get Republican support in the form of Senate co-sponsor and Minority Whip Paul Lundeen of El Paso County was ceding all enforcement to the Colorado attorney general and district attorneys.

“[Colorado Attorney General Phil] Weiser is pretty knowledgeable on data privacy; we’re trying to get him on the bill,” Rodriguez said. “One of the compromises is this bill’s being run with a Republican, and we’re housing all the enforcement under the AG’s office. We’re not going after a private right of action … I can’t get Republicans if I have that.”

Weiser spokesman Lawrence Pacheco said: “The attorney general has not taken a public position on the legislation. He is reviewing it and having discussions with the bill sponsors.”

Weiser, a former Justice Department anti-trust attorney who is now going after Google as lead plaintiff in a lawsuit against its search domination and has joined with other states in suing Facebook, recently expressed his frustration with the lack of congressional action on data privacy.

Speaking on a University of Colorado Law School panel in February entitled Trust and Trustworthiness in the Tech Sector, Weiser offered these comments:

“It’s important to think about this issue around privacy and recognize that we have an institutional problem in the U.S. in that Congress is not able to function … There is bipartisan support to address a national data privacy law,” Weiser said. “Fifty states have data breach laws. Congress has been unable to act. What that has meant in practice is that the state attorneys general have had to pick up slack. You’re seeing states passing data privacy laws, which Congress would call a second-best solution. I’d rather see a federal law with state AGs able to enforce it.”

Fellow panelists from the Federal Trade Commission and the Federal Communications Commission, whose agencies have tried to regulate without an overarching federal law, agreed.

“The point holistically is that the issues of privacy are so complex there is intersectional jurisdiction, but it is really important that Americans be able to trust and know that they can use these services,” FCC Commissioner Geoffrey Starks said.

FTC Commissioner Christine Wilson concurred.

“Consumers need transparency about what is happening with their data … So much of our most personal data and information is being hoovered up and consumers don’t understand what’s being collected, how it’s being shared, used, monetized, sold to third parties, and so we need to get a handle on that and provide guardrails for businesses,” Wilson said.

“Businesses need certainty and predictability, and the patchwork that is emerging among the states is in the end not, as General Weiser noted, the first, best solution,” she added. “We cannot be a leader in the discussions about protecting consumer privacy and data security globally if we don’t have federal privacy law and data breach legislation.”

Editor’s note: This story first posted on Colorado Times Recorder.

The following two tabs change content below.

David O. Williams

Managing Editor at RealVail
David O. Williams is the editor and co-founder of RealVail.com and has had his awarding-winning work (see About Us) published in more than 75 newspapers and magazines around the world, including 5280 Magazine, American Way Magazine (American Airlines), the Anchorage Daily News (Alaska), the Anchorage Daily Press (Alaska), Aspen Daily News, Aspen Journalism, the Aspen Times, Beaver Creek Magazine, the Boulder Daily Camera, the Casper Star Tribune (Wyoming), the Chicago Tribune, Colorado Central Magazine, the Colorado Independent (formerly Colorado Confidential), Colorado Newsline, Colorado Politics (formerly the Colorado Statesman), Colorado Public News, the Colorado Springs Gazette, the Colorado Springs Independent, the Colorado Statesman (now Colorado Politics), the Colorado Times Recorder, the Cortez Journal, the Craig Daily Press, the Curry Coastal Pilot (Oregon), the Daily Trail (Vail), the Del Norte Triplicate (California), the Denver Daily News, the Denver Gazette, the Denver Post, the Durango Herald, the Eagle Valley Enterprise, the Eastside Journal (Bellevue, Washington), ESPN.com, Explore Big Sky (Mont.), the Fort Morgan Times (Colorado), the Glenwood Springs Post-Independent, the Grand Junction Daily Sentinel, the Greeley Tribune, the Huffington Post, the King County Journal (Seattle, Washington), the Kingman Daily Miner (Arizona), KUNC.org (northern Colorado), LA Weekly, the Las Vegas Sun, the Leadville Herald-Democrat, the London Daily Mirror, the Moab Times Independent (Utah), the Montgomery Journal (Maryland), the Montrose Daily Press, The New York Times, the Parent’s Handbook, Peaks Magazine (now Epic Life), People Magazine, Powder Magazine, the Pueblo Chieftain, PT Magazine, the Rio Blanco Herald Times (Colorado), Rocky Mountain Golf Magazine, the Rocky Mountain News, RouteFifty.com (formerly Government Executive State and Local), the Salt Lake Tribune, SKI Magazine, Ski Area Management, SKIING Magazine, the Sky-Hi News, the Steamboat Pilot & Today, the Sterling Journal Advocate (Colorado), the Summit Daily News, United Hemispheres (United Airlines), Vail/Beaver Creek Magazine, Vail en Español, Vail Health Magazine, Vail Valley Magazine, the Vail Daily, the Vail Trail, Westword (Denver), Writers on the Range and the Wyoming Tribune Eagle. Williams is also the founder, publisher and editor of RealVail.com and RockyMountainPost.com.

One Response to Colorado lawmakers weigh data privacy as Congress continues to dither on tech regs

  1. Anthony Wilson

    April 4, 2021 at 11:47 am

    My comments is about Biden Administration FCC Chairwoman demanding all technologies tools be put on the table . Do this 20 plus years untold storyline behind Bell Atlantic now Verizon and Caller ID Screener qualify? Caller ID Screener automatically letting American phone consumer’s control and protect it’s privacy and Data information on phone devices.