Privacy & Encryption | Brunswick Group

Privacy & Encryption

Biden-Harris Administration’s Next Steps on Tech

Look for the Biden administration and a Democratic Congress to be more aggressive than their predecessors around privacy. Concerns with privacy, data collection, data protection, and Big Tech overreach often tend to cross the political aisle, making the probability of some form of action in these areas even greater in the near-term. We expect to see activity in the following areas:

National privacy legislation has long been an area where the U.S. has been lagging at the federal level compared to Europe, other nations, and several U.S. states. The devil will be in details on this issue and aspects of contention include concerns around data collection, data sharing, and the use of data as a basis of discrimination. There will also be concerns around preemption of state laws in this area. But look for federal legislation here late in 2021 or early in 2022.

In the U.S. it’s important to focus on the activity in specific states. In the absence of federal law, states are taking action to improve privacy protections. After a sweeping majority, Virginia has joined California as the second state to enact comprehensive data privacy law. Virginia’s Customer Data Protection Act (CDPA) resembles the EU’s General Data Protection Regulation by implementing a “long-arm” approach by applying to any business, regardless of location, “targeting’’ residents. The growing nationwide patchwork of privacy proposals includes over 15 bills currently introduced or in committee in states such as Minnesota, New York, Washington, and many others.

Net neutrality (the concept that all data on the internet should be treated equally regardless of content, use, platform, application, or device) was an area of high activity during the Obama administration, but did not receive much attention during the Trump administration. It will likely once again come to the fore in 2021.

A replacement of the EU-U.S. Privacy Shield agreement will need to be addressed. In July 2020, the EU Court of Justice invalidated the existing agreement which provided a methodology for the transfer of data between the EU and the U.S. so as to comply with European data privacy laws. A replacement agreement has been a topic of discussion for almost 18 months, but the challenge has been trying to generate a replacement that complies with both EU law and U.S. national security laws. This will not be an immediate priority for the Biden administration, but it will have to be addressed—likely by 2022.

Data discrimination/data usage concerns could turn into legislation and policy initiatives that address the use of algorithmic-driven discrimination. This would include areas like employment, education, housing, access to credit, eligibility for government benefits, as well as data discrimination against those with disabilities, which are of high interest to Democratic leadership in both the Congress and White House.

The effects of SolarWinds will extend into privacy issues, in particular the government’s use of and protection of data. This has long been an area of concern that crosses party lines and one that will continue to be an area of focus in the coming year— especially in the aftermath of the Solar Winds cyber event.


Rebecca Kelly Slaughter was named as Acting Chair of the Federal Trade Commission in January 2021. Prior to joining the FTC, she served as Chief Counsel to Senator Charles Schumer (D-NY), who she advised on privacy and other tech policy issues. In addition to strengthening general consumer privacy protections, she has laid out two overlapping priority areas, namely: COVID-19- related privacy issues and racial equity.

Daniel Kaufman is Acting Director of the Federal Trade Commission’s Bureau of Consumer Protection. Kaufman, who has spent more than 20 years working at the FTC on matters related to privacy and data security, has been vocal on issuing financial penalties following data breaches.

Representative Jay Obernolte (R-CA) comes to Congress with experience working in the technology industry and serving as an assemblyman for California’s 33rd district. During his time as an assemblyman, Obernolte had strong views on aspects of the California Consumer Privacy Act, including concerns about shifting too much authority to consumers at the expense of industry, which may shape debates about data privacy legislation at the federal level.