Denise Zheng is vice president at the Business Roundtable, an association of CEOs of major U.S. companies, where she oversees the technology and internet innovation committee. Her previous background includes work as a technical adviser for the Plan X cyber warfare program at the U.S. Defense Advanced Research Projects Agency, known as DARPA.
The Q&A has been edited for clarity and length.
Q: Congress seems to be getting serious now about national legislation to protect the privacy of consumers’ data. The Roundtable put forward its framework for legislation in December. What’s the gist of it?
A: Last summer we heard from many of our member companies that privacy is increasingly a major concern from the standpoint of wanting to build and maintain trust with their consumers. There’s also the increasingly complex regulatory landscape on privacy at the state level across the U.S. and also internationally, with the European Union’s privacy regime and similar regulations in places like Brazil, China and India.
That’s why our team put together a working group of chief privacy officers to develop a proposal for legislation that would establish one consistent, federal privacy standard in the United States that would ideally be interoperable with international regimes as well.
What we’re advocating for is to provide consumers with a guaranteed set of individual rights over their personal data. And that includes transparency that would require companies to very clearly disclose to consumers how their data is collected, how it’s used, how it’s shared; to provide consumers with the right of control over their data, including the right to opt out of the sale of their data to third parties; and the ability to access and correct their information as well as to delete it. Those are very critical individual rights.
We also have what we call good governance practices that we’re promoting through this proposal. Practices such as privacy by design, where companies are actually embedding privacy mechanisms into their products and services from the ground up.
Q: How has the proposal been received by lawmakers?
A: I think a lot of folks in Congress are happy to see the Business Roundtable take privacy seriously. Rarely do we ever go around advocating for additional regulation. And that’s because we think maintaining and improving consumer trust is important to our companies. And the reception has been very positive to our proposal. It’s also worth pointing out that the Roundtable represents basically all the major industry sectors, including technology, and so often a lot of these debates about tech-related legislation break down because you don’t have uniformity across the industry sectors. So a lot of the lawmakers and their staff that we talk to are impressed that so many different industries have come to the table and aligned around one proposal.
Q: How do you view the prospects for legislation to emerge?
A: We’re hopeful. We think this is one of the first times that you see all of the industry and consumer groups and lawmakers on both sides of the aisle saying we need to get something done here. Of course the devil’s always in the details. So this isn’t going to be easy, but I think we’re very optimistic.
Q: What’s the importance for businesses of data privacy in terms of their bottom line?
A: I think what’s really critical to companies is consistency and predictability. A lot of people misunderstand how the business community views regulation. You don’t want regulation to kill innovation; and not all regulation is bad. What we want is consistent regulation and predictability.