Changing the default to opt-in for the use of personal data would be a good starting point for a national privacy law, but much more is needed for meaningful data protection.
A baseline federal privacy law should make clear the responsibilities for those companies that choose to collect and use personal data. And the law should establish clear rights for those whose personal data is held by others. Every effort should be made to minimize the collection of personal data where possible. The United States also needs to update its privacy infrastructure. The Federal Trade Commission can be an effective consumer protection agency, but it has not done well with privacy. We should follow the lead of other democratic countries and establish a data protection agency.
Modern privacy law also needs to consider the challenge of artificial intelligence and the biases that exist in both algorithms and data sets. Mandating transparency of automated decision-making will help ensure fairness and accountability.
There is real urgency in a comprehensive approach to data protection for the United States. The recently settled privacy case against TikTok made clear that the Chinese government has the twin goals of world domination in A.I. and population surveillance and control.
The writer is executive director of the Center for A.I. and Digital Policy at the Michael Dukakis Institute.
This letter was originally published in the New York Times.