In September, the National Telecommunications and Information Administration (NTIA) issued a request for public comment in the interest of developing an approach to consumer privacy. The Coalition of Advertising, Software Media and Data Associations complied.

Ten groups, including the Association of National Advertisers, the Consumer Data Association and the Interactive Advertising Bureau, signed a joint response that calls for “federal action on privacy that better reflects the interests of consumers and innovators, and our national economy.”

It also hopes to improve upon what Stu Ingis —chairman of Venable LLP and organizer of the ad/tech trade coalition— called a lack of clarity in laws such as the EU's General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

“We're looking at whether a practice, a use of data, is reasonable, and you would have to define the criterion to determine whether a use of data is reasonable or not,” Ingis said.

The point is to give companies the flexibility they need to compete without operational impediments caused by a patchwork of varying state privacy laws or blanket judgments on the validity individual data practices.

Ingis stressed that those who signed the letter don't take issue with the general principles behind the GDPR or CCPA, but he added that there are concerns about how the execution could impact a company's ability to effectively offer its services.

“It's not that what's behind that or what's driving it is bad, it's just whether or not the laws are achieving the goals and our sense is it's not clear. It probably is not, and if that's accurate what we need is a different paradigm to help us achieve those goals,” Ingis said

The “new paradigm” outlined in the letter hints at how the associations would attempt to bring a higher degree of nuance to the regulation process. Data practices would be evaluated based on the potential benefits/harm they represent, and consider expectations of a reasonable consumer or the risk mitigation practices.

Ingis used the example of laws prohibiting the use of certain chemicals in products because they could be harmful to consumers.

“The new paradigm would just say 'look, for practices that could harm consumers, we'll just declare that they're prohibited just like you have prohibitions in law making normative decisions in other areas.”

Still, there's at least some scientific method to fall back upon in determining how a chemical might impact the human body. A “reasonable” standard is more ephemeral. Ingis acknowledges that there would have to be some additional criteria developed to identify exactly what would be considered “reasonable” when it comes to data and privacy.

Since mapping out every possible use of data out there is impractical, the new paradigm would necessitate a regulatory enforcement structure to define appropriate uses, not to mention the practices that fall somewhere in between “reasonable” and “unreasonable.”

“As the new paradigm matures and is applied by regulators, consumers and businesses will gain increasing clarity regarding the treatment of data practices that are not clearly per se reasonable or unreasonable,” the letter reads.

Until then, the associations are asking the NTIA to run a cost-benefit analysis of the impact of proposed privacy frameworks and state laws, ostensibly to see if the time and money involved have been well spent.