New Data Protection Agency: Good or Bad? It Depends.

New York Senator Kirsten Gillibrand has proposed legislation to create a new data protection agency. She cites the need as personal information and data is freely sold across the internet without your knowledge. She specifically calls out Facebook and Google for their misuse of consumer information. 

Similar legislation has been proposed in California. 

But is this a good idea? Bad idea? Law professor and privacy expert Doris Brogan says it ultimately depends. 

"It will depend on how well resourced the new agency is both in terms of human and financial resources, and whether it is truly independent," Brogan said. "The area is huge and complex and ever-changing. The problems are often under the radar until they explode, and the nature of the threats are often nuanced and subtle. So, a good idea to create a dedicated agency? Yes, to the extent the agency comes to the table with real independence, adequate resources and genuine expertise."

But the answer isn't all that simple, she says. 

"In terms of expertise, the agency will need people who understand the threats, and the reality of how the organizations that are managing data work. It will also need the financial resources to pursue a broad range of matters across a wide landscape not only of subject areas (hotels, airlines, credit reporting agencies, social media, financial institutions, etc.) but also the technology of how data is obtained, and accumulated, stored, used, manipulated and “shared” by the players.

"One concern with a subject-specific agency is the tendency to become overly reliant on and enmeshed with the industry being regulated. This is always an issue (like the critiques of the FAA in the Boeing matter), but with the over-sized influence of big tech, and the issues of understanding a dense, rapidly evolving, tech-heavy industry the risk is significant.

"Finally, if we are going to take seriously an agency dedicated to protecting privacy, in addition to mastering the market and developing technical expertise the new agency, if it is truly privacy-focused, it will have to develop a robust understanding of privacy conceptually—that is, privacy as more than just a consequentialist understanding.

"A dedicated agency, if properly created, will come to the task with a deep understanding of privacy beyond just the implications of my social security number being hacked—but rather an understanding of privacy as essential to humanness, to intimacy, to thought and to informed self-governance."

To speak with Brogan, email mediaexperts@villanova.edu or call 610-519-5152.