- Belfer Center for Science and International Affairs, Harvard Kennedy School

Controlling Data Privacy and Security

| Spring 2022

Featured in the Spring 2022 Newsletter 

Earlier this year, the Belfer Center’s Cyber Project embarked on an ambitious project: to get a federal data privacy and security law passed. Such a law will have enormous benefits for consumers, businesses, and national security. As Belfer Center Co-Director Eric Rosenbach noted in his Senate testimony in 2019, “In the absence of a national strategy to protect Americans’ data, promote the competitiveness of American firms, and secure our information and technology infrastructure assets, the U.S. risks ceding its leadership role in the future economic, military, and political landscapes.” Yet despite years of effort and support from Industry, consumer advocates, and lawmakers on both sides of the aisle, Congress hasn’t been able to pass a law.

Because there is no law, organizations are free to collect, hold, process, use, and sell data however they wish. While data is the lifeblood of technology development, the lack of rules puts consumers at risk from adversarial nations and harmful business practices. From an economic perspective, fears over the lack of privacy regulations and lack of control over citizens’ data are leading nations to turn to data localization mechanisms, harming global business. And from a national security standpoint, as we work to develop and deploy emerging technologies that require big data, it is imperative that the collection and use of data is done in a manner that is privacy-protecting, while encouraging innovation and protecting national security through strong cybersecurity. Part of doing so is through increased collaboration with allies and like-minded nations, which will be easier and more effective with a national data privacy law.

Meanwhile, several states have started to understand the urgency around these issues. While this is positive in one sense—states taking legislative action to protect their residents—the result is a patchwork of laws that are cumbersome for businesses and organizations to navigate. Moreover, as a consumer, it is not beneficial to have varying rights when traveling between states. The time to pass a federal law is now—before the scales tip too far and the political will to get something done evaporates.

In collaboration with the R Street Institute’s Cybersecurity and Emerging Threats Team, led by Tatyana Bolton, and Cyberspace Solarium Commission’s Senior Advisor Cory Simpson, the Cyber Project is taking a focused approach to the problem. While the main bills on the table, both from Democrats and Republicans, are largely aligned in principle and process, there are some major roadblocks preventing progress: the issues of Preemption of State Law, Private Right of Action, and the Role of the Federal Trade Commission. The Cyber Project and team's goal is to get bipartisan, external consensus on each of these issues. The strategy is to dive deep on these issues and provide recommendations for pathways forward within each. After more than 50 conversations with external stakeholders from industry, consumer advocacy groups, think tanks, Congress, and former executive branch officials, detailed recommendations will be released soon. Preliminary findings are available here.

For more information on this publication: Belfer Communications Office
For Academic Citation:

"Controlling Data Privacy and Security." Belfer Center Newsletter, Belfer Center for Science and International Affairs, Harvard Kennedy School (Spring 2022).