NTIA Releases Request for Comment Regarding Data Privacy, Equity, and Civil Rights
On January 18, 2023, the National Telecommunications and Information Administration (NTIA) released a Privacy, Equity, and Civil Rights Request for Comment (RFC), which is “intended to examine the persistence of discriminatory disparities in the digital economy, and the extent to which the collection, processing, sharing, and use of data can lead to higher risks for some communities, exacerbate structural inequities, or contribute to their erosion.” This RFC follows a series of listening sessions on the same topics that the agency conducted at the beginning of 2022, and NTIA has explained that data gathered through the listening sessions and the RFC will be used to inform “a report on whether and how commercial data practices can lead to disparate impacts for marginalized or disadvantaged communities.”
NTIA’s RFC is the latest in a string of recent federal and state efforts regarding data privacy, including the FTC’s “Commercial Surveillance and Data Security” ANPR and a number of state privacy laws and rulemakings. The forthcoming report resulting from NTIA’s RFC is likely to inform the FTC’s rulemaking efforts.
Below is a high-level summary of the RFC, in which NTIA generally seeks information on the intersection of privacy, equity, and civil rights. Overall, the RFC seeks to:
- “gather feedback on how the processing of personal information by private entities creates, exacerbates, or alleviates disproportionate harms for marginalized and historically excluded communities”;
- “explore possible gaps in applicable privacy and civil rights laws”; and
- “identify ways to prevent and deter harmful behavior, address harmful impacts, and remedy any gaps in existing law.”
The RFC asks for information on the following topics:
- The ways in which regulators, legislators, and other stakeholders should approach the civil rights and equity implications of commercial data collection and processing;
- Specific examples of how commercial data collection and processing practices may negatively affect the underserved or marginalized communities;
- Whether there are any contexts in which commercial data collection and processing occur that warrant particularly rigorous scrutiny for their potential to cause disproportionate harm or enable discrimination;
- The existing laws and regulations that address the privacy harms experienced by underserved or marginalized groups;
- The principles that should guide the agency in addressing disproportionate harms experienced by underserved or marginalized groups due to commercial data collection, processing, and sharing, including what protections might be appropriate to protect children, teens, or older adults; and
- Other actions that legislators, regulators, and other stakeholders could take in response to the issues outlines in the RFC.
For each of these topics, NTIA lists several more targeted questions on which it seeks comment. Comments are due on March 6, 2023.
***
Wiley’s Privacy, Cyber & Data Governance Team has helped companies of all sizes from various sectors proactively address risks and address compliance with new privacy laws and requirements. Please reach out to any of the authors with questions.