As new technologies continue to outpace laws governing protection of personal data, Tennessee lawmakers are considering regulations to protect consumer data privacy on the internet.
While the federal government considers several proposals to protect consumer privacy, some states, including California, have already acted. This spring, Rep. Johnny Garrett, R-Goodlettsville, filed legislation aimed at offering protections to consumers who use online platforms.
This week a special committee met to hear testimony from stakeholders on how the proposed legislation could impact them.
“This is a space that is somewhat unregulated,” Garrett told committee members Monday. “We want to figure out ways that we can protect our consumers. My goal is to make sure folks know when they interact with the platform, what that platform does with their information, how it is protected and how many people that they share it with.”
Legislation would be aimed at offering protections to consumers who use the platforms, while not creating a regulatory burden for businesses and damaging Tennessee’s attractive business climate.
‘A patchwork of state laws’
Because many businesses operate across state lines, a key consideration for lawmakers is consistency with policies of other states’ data privacy laws. So far, Colorado, California, Florida and Virginia have passed or have considered separate regulations for personal data protection.
In the absence of a federal measure, businesses that operate across state lines will struggle to comply if regulations vary widely.
After hearing testimony, Nashville Rep. John Ray Clemmons concluded that waiting for federal regulation could be in the best interest of protecting Tennessee’s strong business climate.
“There was a consistent concern about a patchwork of state laws,” Clemmons said of stakeholders’ testimony. “The consistent thing I heard was that the federal government should address this. … What business climate are we creating if we do get out front on this and create some inconsistencies with other states, creating more instability for the business community?”
Speaking on behalf of Meta (previously known as Facebook), Privacy Policy Director Melinda Claybaugh stressed the importance of regulatory consistency, particularly for the sake of small and medium sized companies.
“As more states consider new laws, there’s an increasing risk of fragmentation, which is only going to make it harder for businesses to comply,” Claybaugh said. “That’s why we support a comprehensive federal privacy law and continue advocating for this Congress. But absent federal action, greater convergence on state laws will provide more business certainty.”
Claybaugh also suggested that compliance requirements be scalable based on the size of the company, so that smaller firms don’t have the same compliance solutions as bigger companies.
Cost of compliance
New data privacy regulations would almost definitely mean compliance costs for businesses. Several stakeholders stressed the importance of protecting Tennessee’s attractive business climate and not instituting regulations that would unduly burden businesses.
“Over the past decade, Tennessee businesses have invested millions of dollars to ensure consumer and other data is secure and remains private,” said Ryan King, speaking on behalf of the Tennessee Chamber of Commerce and Industry. “There’s no question strong digital privacy as a business component is something no successful business can overlook. We also want to ensure businesses in Tennessee aren’t unnecessarily burdened with provisions with legislation.”
Costs of compliance in other states that have considered data privacy regulations are high. For example, compliance costs for California’s Consumer Privacy Act are estimated to total $55 billion for companies to implement, while Florida’s similar proposed privacy law was estimated to cost companies a collective $21 billion.
The state legislature will return to Nashville in January to continue legislative business.