President Obama unveiled a push Monday to enact new online privacy protections for students and consumers under the threat of identity theft as the list of companies hit by hackers — including Sony, Target and Home Depot — continues to grow.
“We can deliver the prosperity, the security and the privacy that Americans deserve,” President Obama said Monday afternoon in a speech at the Federal Trade Commission. “This should not be a partisan issue. There are some basic, pragmatic steps that everyone can support.”
The announcement is part of an effort by the White House to preview policy initiatives that will be in President Obama’s State of the Union address on January 20. Tomorrow, he’s going to talk about cyber security legislation with members of Congress, and on Wednesday, he’s heading to Iowa to unveil new proposals to increase high-speed broadband access across the U.S.
White House attention on identity theft and data breaches might help the chances of new privacy legislation, but it won’t ensure action, given that lawmakers have been debating these issues for several years.
The president unveiled two pieces of legislation Monday: The Personal Data Notification and Protection Act, which would require companies to notify consumers within 30 days if their data has been stolen, and the Student Digital Privacy Act, modeled on similar legislation enacted in California last fall, which would require that data collected on students be used only for education-related purposes.
The proposals were met with some positive reaction from Congressional Republicans, many of whom have supported beefing up federal data privacy and security laws for years.
“Consumers shouldn’t have to hold their breath and cross their fingers every time they swipe a card or enter information online,” said House Energy and Commerce Chairman Fred Upton, R-Mich., and subcommittee Chairman Rep. Michael Burgess, R-Texas, in a statement.
New Senate Commerce Committee Chairman John Thune of South Dakota said he was looking forward to talking about cyber security at the White House tomorrow, although he took a little shot, saying “this level of personal engagement on legislation by the president certainly would have helped advance the bipartisan cyber security information sharing bill” that died last year in the Senate.
Disagreements over who would foot the bill for more security — whether it’s chip-and-pin technology for debit cards or more hardened computer systems at companies — have killed previous legislative efforts. The White House announced a plan last October to upgrade payment systems in federal facilities like passport offices, but that has had little practical impact for many Americans.
And while retailers reiterated support Monday for federal standards for data-breach notifications to consumers, that effort hasn’t gotten very far because of concerns of some consumer advocates that national standards could be weaker than some current state protections.
Lawmakers have already been eyeing revival of controversial cyber security legislation — the Cyber Intelligence Sharing and Protection Act — that would make it easier for companies to share cyber security information with third parties or the federal government in return for immunity from some lawsuits.
Privacy groups worried the legislation would allow companies to hand over customer data to federal agencies without a warrant. That has been particularly concerning given Congress’ inability to pass legislation to curb the National Security Agency’s mass data collection activities despite the revelations from former contractor Edward Snowden.
“Data breaches, identity theft, kids privacy, these are all top-line issues. But it’s tinkering around the edges,” said Nuala O’Conner, president of the Center for Democracy and Technology, in an interview, adding that Congress needs to pass government mass-surveillance reform.
The president’s announcement “moves the ball forward a couple of yards,” she said. “It’s not a touchdown. It’s important because it’s symbolic.”
New privacy protections for students could be something that catches hold in Congress, since it’s generally easier to reach consensus on legislation that protects children.
On Monday, the president announced that 75 companies, including Houghton Mifflin Harcourt, Apple, Microsoft and Shutterfly, had pledged not to sell student data, to collect and store as little student data as possible and not to target students using behavioral advertising. The voluntary “student privacy pledge” is an effort of two industry-backed groups, the Future of Privacy Forum and the Software & Information Industry Association, aimed at companies offering digital services to minors.
This article originally appeared on Recode.net.