UA professor warns senators not to go too far to protect personal data

Jane Bambauer, a University of Arizona law professor, cautioned a Senate committee against going too far to protect personal digital data, saying they could end up hurting consumers. (Photo by Andrew Howard/Cronkite News)

By Andrew Howard

WASHINGTON – A University of Arizona law professor cautioned members of a Senate panel Tuesday against rushing into data privacy laws that could wind up hurting consumers.

Jane Bambauer said she was “delighted” to see lawmakers considering federal laws on data privacy, but said they should not follow laws in California and the European Union that she said let people treat their personal digital data as private property.

“Property-style privacy rights do not actually serve American consumer interests,” Bambauer said in testimony prepared for the Senate Judiciary Committee. “They will burden the digital economy with transaction costs, and there is little reason to think that the compliance costs or behavioral changes will have a meaningful relationship to harm.”

But senators, pointing to the vast amounts of data collected from digital devices and the difficulty of keeping that information private, said something needs to be done.

“I don’t want to destroy the goose that laid the golden egg in terms of innovation,” said Sen. Lindsey Graham, R-South Carolina, and chairman of the committee. “I think all these social media outlets have enriched our lives, but there’s a downside and potentially a dark side.”

The remarks came during a hearing that called together experts on data privacy, advocates and representatives from tech giants Google and Intel. While they all agreed that there is a need for laws that protect consumer data, they disagreed over how much privacy should be granted and how best to present consumers with the option to keep their information private.

They said data collection needs to continue – many devices, like phones, will not operate without location information, for example, and data helps them improve and innovate new products. It also allows services to be offered free, something most consumers take for granted.

David Hoffman, director of security policy for Intel, said it is wrong to blame tech companies like his for the harm done by businesses that “monetize and weaponize the data of others.”

“Calling a data broker a technology company is like calling a paparazzi an investigative journalist,” he said.

Hoffman said Intel supports data protection, but that many proposed state laws “unduly restrict the use of data, even in situations where the use does not increase privacy risk or harm to the individual.”

Will DeVries, senior privacy counsel at Google, said the company supports privacy laws, including the one in California that is scheduled to take effect in January. He added that if consumers do not trust the company, they will seek the services elsewhere.

“If our users don’t trust us, they won’t use our products,” DeVries said. “Privacy isn’t a slogan, it’s vital to our business.”

Sen. Lindsey Graham, R-SouthCarolina, and Sen. Dianne Feinstein, D-California, pressed tech officials and experts on how people can keep private the personal data that is collected by digital devices. (Photo by Andrew Howard/Cronkite News)

But lawmakers harped on reports of data being collected on everything from location to contacts to purchase and search histories, collection often done without the consumer’s knowledge.

As he has in the past, Sen. Josh Hawley, R-Missouri, criticized Google for the fact that its phones continue to track location, even when the phone is turned off.

“Americans have not signed up for this,” Hawley said. “They think that they can opt out of the tracking that you’re performing. They can’t meaningfully opt out.

“It’s kind of like that old Eagles song, ‘You can check out any time you like, but you can never leave.’ That’s kind of what it’s like dealing with your company,” he said to DeVries.

DeVries and Hoffman both said collecting and using data – ethically – is important to society and innovation.

Bambauer said the solution is not keeping companies from collecting the data, but regulating how they use is that is the best route to protecting consumers, turning it over to an agency like the Federal Trade Commission, for example.

“We really are interconnected,” she said after the hearing. “If I demand a right to close off information about myself, that doesn’t just affect me, it affects the entire market.”

Bambauer said that legislatures should not rush into creating data privacy laws. Faced with an uncertain future, she said, their default is to close off access to data but that, “If we look at the past, we see example after example … that siloing off the data is worse for consumers.”

Alastair Mactaggart, chairman of Californians for Consumer Privacy, which helped create the California data law, said “privacy is not partisan” and he encouraged the committee to use California’s law as a starting point. That law will require that consumers be able to opt-out of companies selling their data and be able to know what data have been collected by companies.

Sen. Dianne Feinstein, D-California, said she would “not support any federal privacy bill that weakens the California law.”

“Individuals should have as much control as possible over their personal data,” she said

Bambauer said there is a need for legislation, but that California and the EU are the wrong models to follow.

“We need to be thinking less about who owns and gets to control what, and instead asking, ‘What are the harms, what are the risks and how do we reduce them?’” she said.


  1. Thank you, Luke. I too found Bambauer’s statements odd. We very much need to think about who owns and controls personal data, and not feel obligated to support a dubious market in surveillance that should never have existed in the first place.

  2. “Bambauer said the solution is not keeping companies from collecting the data, but regulating how they use is that is the best route to protecting consumers, turning it over to an agency like the Federal Trade Commission, for example.”

    I am not sure if this awkward first sentence is not a typo, but if Bambauer really believes private companies have, or should have, an absolute right to collect our personal data, she needs to prove that this is true or preferable with more than just that bare assertion. Second, given the unauthorized collection of “private” or personal communications and other data by our intelligence agencies and their abuse of the use of that information in the recent past would argue against turning over personal data to any government agency.

    “’We really are interconnected,’ she said after the hearing. ‘If I demand a right to close off information about myself, that doesn’t just affect me, it affects the entire market.'”
    The obvious answer to this statement is clear. Just because we all are interconnected in some sense, that does not give everyone the right to possess others` personal data. Furthermore, it is up to us as individuals to determine how interconnected we wish to be, that “interconnectedness” should not be determined by how much of our personal data can be gleaned by others, by hook or crook. We not only have the right to choose with whom to associate and share our personal data with but whether we wish to associate and/or share our personal data with others at all. Bambauer has a peculiar idea of “markets.” Markets do not have an inherent right to exist simply because certain data can be monetized. Because data, including personal data, is valuable and can be monetized does not mean it must be made available to anyone who wants it.

Comments are closed.