[This piece has been published in Restoring America to highlight why the federal government should relinquish privacy regulations to the states.]
Lignetics “Green Supreme” Northeastern Blend wood pellets come in 40-pound bags that say “locally sourced and sustainable” prominently on the front. As I stacked three tons of pellets last weekend, I amused myself with thoughts of taking a bag to California or Kalamazoo to see if it still said “locally sourced.” But something else caught my eye. Lower down, in smaller type, there’s a California Proposition 65 warning about cancer risk.
Yes, wood pellets contain wood dust, a substance known to the state of California to cause cancer. Combustion of wood pellets emits carbon monoxide, soot, and other potentially cancerous byproducts. California has nothing on famed oncologist Joe Jackson.
But what’s interesting is that California has had the temerity to impose a notice requirement that reaches as far as the “Northeastern Blend” of a product overwhelmingly consumed in colder climes. When Proposition 65 passed, I imagine the wood pellet industry struggled with the precise contours of the law and California’s jurisdiction to enforce it. But it put together a compliance program that, once in place, has been largely costless — if pointless.
Such pointlessness is prominent in U.S. state privacy regulations. Many seem to ape Europe’s General Data Protection Regulation, a commercial albatross that doesn’t advance consumers’ actual interests well at all. Given state carelessness, a theme in discussions of U.S. federal privacy legislation is preemption. A patchwork of state laws burden companies too much, the argument runs. If Congress regulates in favor of privacy — actually, in the name of privacy — it should really clear out the state regulatory underbrush by preempting it.
I agree with getting rid of regulatory underbrush — perhaps pelletizing and burning it. But how that’s done is important to an arguably greater value than the commercial environment: the successful operation of our government.
The existence of national markets around consumer data seems to suggest there should be national regulation. And national regulation would almost be the right approach (see below) if a salutary business environment was the only goal. But democracy works better on scales smaller than 330 million people. I believe an animating factor in the weird, sometimes scary rejectionist strain of Republican politics today is inarticulate disgust at being ruled imperiously from above by utter strangers. In theory, ordinary people can reach their members of Congress, but in practice they will never ever get a word with their rulers, and that is deeply wrong. Congress’s work is essentially illegitimate in democratic terms.
Our republic was formed with all this in mind, breaking authority into levels and generally pushing responsibility down, nearer to the people affected. National defense is a national public good, so the national government should handle it. Matters that are highly personal to individuals and families, such as education and health care — well, we have federal agencies to disband and laws to repeal so that people can get their power back.
Privacy, of course, is intensely personal and subjective. Does anyone actually think its protection can come from a law, much less a federal one?
That brings us back to whether the U.S. federal government is the right level of government for privacy regulation. Our most prominent information businesses have global operations. The logic of the argument for national uniformity points right past national regulation to global. They should be regulated by the UN. If you see absurdity in having the UN do privacy regulation, perhaps the absurdity of having Congress do it is clearer.
There are institutions that can reduce underbrush without felling the trees that hold up our governmental system. States themselves, left to act as laboratories of democracy, would undoubtedly converge on a small suite of regulatory practices — none guaranteed to be good. (Note how few states have copied California’s cancer warnings.) In practice, there will not be 50 different laws to follow.
Through varied experience and facilitated by necessary lobbying, states would start to learn what regulatory approaches work and what approaches don’t. (By “work,” I mean produce consumer benefits greater than the costs, especially compared to market regulation undergirded by the protections of common law.) States would gradually slough off the losing strategies. To facilitate such processes, there are organizations such as the Uniform Law Commission, which is at its best developing model laws out of state experience — weaker when it drafts laws on a clean slate.
Should federal privacy legislation preempt state law? It seems not. Privacy is more complex, but if the wood products industry can comply with diverse state laws, tech can, too. The wood pellet industry has surprisingly many lessons for technology policy. For some, the lesson may be that think tankers should be required to stop thinking while they do household chores.
This article originally appeared in the AEIdeas blog and is reprinted with kind permission from the American Enterprise Institute.
