Sign up to save your podcasts
Or
Share Reece Hirsch | Is it the time right for a Federal privacy agency?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Reece Hirsch | Is it the time right for a Federal privacy agency?
The Data Protection Act of 2021 would change privacy regulation worldwide. Will growing hostility toward Big Tech drive this Congress to act? And if they do act, what can we expect from this new agency?
More on Reece Hirsch.
SPEAKERS
Wayne Stacy, Reece Hirsch
Reece Hirsch 00:00
Welcome everyone to the Berkeley Center for Law and Technolog expert series podcast. I'm your host Wayne Stacey. And today we're talking about proposed privacy legislation. In particular, we're talking about the reintroduced Data Protection Act, which if passed, and that's a big if, would create a new federal agency focused on privacy. To guide us through this discussion today, we have Reece Hirsch. He's the co-head of the privacy and cybersecurity practice at Morgan Lewis and one of the nation's leading experts on privacy nationwide. Notably, he's also an author of six published books on cybersecurity. That's important because it's always great to find a lawyer that's an expert and has a personality at the same time. We get a wonderful guest today to walk us through the Data Protection Act of 2021. Well, thanks for having me, Wayne. Let's just start with the basics. I saw that this was introduced back in June of 2021, with some new provisions. So the the Data Protection Act of 2021. Tell us what the key features are. There have been several attempts to pass comprehensive us privacy legislation. This is the latest, but it is a pretty comprehensive effort, pretty ambitious, and it is getting some early traction. So I think it's worth taking a look at. And it would establish a new independent federal agency called the Data Protection Agency, which would have the authority to enforce new privacy regulations that they would develop, punish violators, study tech platform data collection practices. A lot of the kinds of things that have been here recently scrutinized by Congress, they'd be able to regulate the acts and practices involving use or collection of personal data. And then also, they would be able to examine mergers that involve significant combinations of personal data, where this new agency would be reporting on mergers to the FTC and the DOJ. And that also, they would be taking on a new role in regulating data aggregators, companies that are amassing large databases of personal information. So it's really targeting a lot of the things that have gotten the most scrutiny and criticism in recent years, It seems that this federal agency would be incredibly powerful when you compare it to the California agency. They're not really even equivalent, are they? I think it's really intended to address a perceived deficiency in US privacy regulation, because we do have the Federal Trade Commission, and they do good work with somewhat limited resources. But the US doesn't have any federal agency that's exclusively dedicated to privacy enforcement. And for example, when you look at the Organisation for Economic Cooperation and Development, they've got 38 member countries, including Germany, France, the UK, and the US is the only one that doesn't have a dedicated Data Protection Agency, this bill would be designed to try to remedy that, and also create a more kind of beefed up agency because the FTC has in the neighborhood of 40 to 50 personnel dedicated to privacy enforcement, when in the UK, their data protection agency has more in the neighborhood of 180 people concentrating on this subject. So that is kind of what they're aiming for with this bill, is to create that kind of really robust regulator in the privacy space. When I read through the proposed statute, the piece that caught my attention was a term that inevitably would be the focus of a lot of regulation, maybe litigation, and that is "high risk data practices." What's that supposed to cover? It c
View all episodes
By Kelly TorresThe Data Protection Act of 2021 would change privacy regulation worldwide. Will growing hostility toward Big Tech drive this Congress to act? And if they do act, what can we expect from this new agency?
More on Reece Hirsch.
SPEAKERS
Wayne Stacy, Reece Hirsch
Reece Hirsch 00:00
Welcome everyone to the Berkeley Center for Law and Technolog expert series podcast. I'm your host Wayne Stacey. And today we're talking about proposed privacy legislation. In particular, we're talking about the reintroduced Data Protection Act, which if passed, and that's a big if, would create a new federal agency focused on privacy. To guide us through this discussion today, we have Reece Hirsch. He's the co-head of the privacy and cybersecurity practice at Morgan Lewis and one of the nation's leading experts on privacy nationwide. Notably, he's also an author of six published books on cybersecurity. That's important because it's always great to find a lawyer that's an expert and has a personality at the same time. We get a wonderful guest today to walk us through the Data Protection Act of 2021. Well, thanks for having me, Wayne. Let's just start with the basics. I saw that this was introduced back in June of 2021, with some new provisions. So the the Data Protection Act of 2021. Tell us what the key features are. There have been several attempts to pass comprehensive us privacy legislation. This is the latest, but it is a pretty comprehensive effort, pretty ambitious, and it is getting some early traction. So I think it's worth taking a look at. And it would establish a new independent federal agency called the Data Protection Agency, which would have the authority to enforce new privacy regulations that they would develop, punish violators, study tech platform data collection practices. A lot of the kinds of things that have been here recently scrutinized by Congress, they'd be able to regulate the acts and practices involving use or collection of personal data. And then also, they would be able to examine mergers that involve significant combinations of personal data, where this new agency would be reporting on mergers to the FTC and the DOJ. And that also, they would be taking on a new role in regulating data aggregators, companies that are amassing large databases of personal information. So it's really targeting a lot of the things that have gotten the most scrutiny and criticism in recent years, It seems that this federal agency would be incredibly powerful when you compare it to the California agency. They're not really even equivalent, are they? I think it's really intended to address a perceived deficiency in US privacy regulation, because we do have the Federal Trade Commission, and they do good work with somewhat limited resources. But the US doesn't have any federal agency that's exclusively dedicated to privacy enforcement. And for example, when you look at the Organisation for Economic Cooperation and Development, they've got 38 member countries, including Germany, France, the UK, and the US is the only one that doesn't have a dedicated Data Protection Agency, this bill would be designed to try to remedy that, and also create a more kind of beefed up agency because the FTC has in the neighborhood of 40 to 50 personnel dedicated to privacy enforcement, when in the UK, their data protection agency has more in the neighborhood of 180 people concentrating on this subject. So that is kind of what they're aiming for with this bill, is to create that kind of really robust regulator in the privacy space. When I read through the proposed statute, the piece that caught my attention was a term that inevitably would be the focus of a lot of regulation, maybe litigation, and that is "high risk data practices." What's that supposed to cover? It c