It’s a debate that’s taking place right now in America, where lawmakers are considering legislation that would limit the scope of a federal law that requires businesses to store, process and protect sensitive data.
The bill has bipartisan support, and in a major win for US privacy advocates, the US House of Representatives voted last week to pass it.
The legislation has received a mixed reception.
The US Chamber of Commerce has said it’s unlikely to support it.
Critics of the bill say it could undermine security.
“The legislation’s only going to hurt businesses, it’s going to slow down the pace of technology, it’ll limit how many new and innovative products we’re going to see, and it will also give criminals a way to steal our data,” says Paul Vigna, vice president of government relations for the American Civil Liberties Union.
“It’s very dangerous.”
He argues that the bill’s implications are already being felt, and that the government already collects and stores data on millions of people who’ve not been suspected of a crime.
And the bill could even make the problem worse, he says.
“If this bill becomes law, it would make it much more difficult for law enforcement to gather and store this data,” Vignab said.
“So if you want to be a law abiding citizen, and if you’re in the US, you should be absolutely concerned.”
What’s behind the legislation?
The bill is part of a push by the House and Senate to limit the extent of a law called the National Electronic Information Sharing Act, or NIEISA.
It was signed into law in 2005, and was aimed at increasing the sharing of electronic information across the federal government.
That means it would apply to companies like the FBI and other federal agencies, as well as private companies.
The law was designed to limit access to data that would be useful to law enforcement.
For example, it requires that companies retain data that could help solve crimes.
But in recent years, NIEISAs have been used in other ways, such as to monitor social media, in the name of cybersecurity.
In many cases, they’re used to help businesses gain access to customers’ personal information.
The problem with that is that the law could be used to allow the sharing and collection of non-public information about businesses without anyone knowing about it, says Jonathan Zittrain, an information security expert at the University of Virginia.
That’s what has privacy advocates concerned.
Privacy and security experts have long worried about the amount of information that businesses are allowed to keep and how they might use it.
Privacy advocates are concerned about the implications of the law for businesses, as they worry that it will lead to a flood of nonpublic information being stored by companies.
How does the bill affect businesses?
Companies that are not part of NIEISCAs already have to store and process data in ways that are appropriate for that particular type of information, says Zittriot.
And that can mean a lot of things, like what kind of data is shared with whom and when.
If the law is interpreted as allowing companies to collect and store data about people who aren’t suspected of crimes, that could be problematic for businesses that have no idea who they are or what their business is, says Vignac.
“You could have a data set that’s very private and very sensitive,” he says, “and it’s only accessible to the government.”
What happens to people’s personal data?
The federal government already stores sensitive information on its own citizens.
However, that information is often used by law enforcement and intelligence agencies to do their jobs, such the use of surveillance tools.
The government can also share that data with other federal entities, such intelligence agencies or other private companies, if those entities have a legal obligation to share it.
In the US and around the world, the law currently allows for the sharing in certain situations.
It applies only to those agencies that have a federal statute that makes the sharing permissible, such a the National Security Agency’s law enforcement activities.
What happens if the bill is passed?
The Senate is expected to pass the bill this week, and the House is expected later this week.
There’s no way to know if the Senate and House will ultimately agree on the final bill.
But it’s a rare occasion in which lawmakers can get together to reach a compromise.
“In the absence of agreement, there are several ways to proceed,” says Michael Hayden, a former National Security Council adviser and former director of the NSA.
“There are many ways to address the privacy concerns, but the key is to reach agreement.”