The State of Digital Policy in the US: Trends to Watch

The digital landscape is constantly evolving. Over the past year alone, we’ve seen a surge in remote work, an 8 percent growth of global social media use, a rise in conversations about and investments in the metaverse and non-fungible tokens, and expansions in 5G network rollouts, to name a few. These innovations in digital technology affect cybersecurity, shift consumer behaviors, uncover new trends, and shape digital policy.

Yet, anticipating, predicting, and identifying these trends can be challenging and time consuming. According to Nielsen, Only about 10 percent of internet users actively engage with content either commenting, liking, sharing, or reacting. In contrast, 90 percent of internet users are estimated to be “lurkers,” meaning they may not comment or share, but they show sentiment based on the websites they visit. Social media and sentiment analysis tools may miss this, as they typically look for engagement indicators.

To find these trends and add context to them, it’s important to look at where web traffic is going. With some analysis we can cut through the noise and help your team understand the changing policy landscape so you stay on top of emerging trends and see around the corner.

Here, we look at the U.S. digital policy trends you should watch out for based on visit patterns to millions of websites, powered by Predata, a FiscalNote company.

Data Privacy Policy

Consumer data is shared and sold to third-party data brokers to glean insight into consumer habits, direct marketing, and ultimately, to make money. In 2021, we wrote about an uptick in data privacy policy interest. States (and the European Union) developed consumer data privacy laws on the heels of large-scale data breaches and to address the lack of centralized federal consumer data privacy regulations. Corporations, too, homed in on consumer data protection efforts.

Today, Congress is still mulling over the American Data Privacy and Protection Act (ADPPA), which would centralize and shake up U.S. consumer privacy, something that has been left up to states to decide on. In comparison to the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act, the ADPPA has a broader definition of sensitive data, includes a duty of data minimization on covered entities, and preempts all state privacy laws if passed.

Opposition remains, however, considering this bill would void California’s law and send corporations that just completed or already comply with CCPA- and California Privacy Rights Act-compliance programs. House Speaker Nancy Pelosi, for instance, said Congress won’t vote on the bill in its current form and is calling to address those preemption provisions. Keep this on your radar as the conversation is constantly changing; the outcome could mean major shifts in data consumption and privacy compliance.

Consumer-facing Protections

This year also saw an increase in opt-in provisions in state consumer data privacy laws. The option to receive or not receive notices and future promotions from companies when making online purchases or visiting sites is an effort to enhance data privacy protections for citizens, and perhaps slash the influence of big tech companies.

The CCPA requires businesses to allow consumers to opt out of personal data collection before the information can be sold to a third party. However, some legislators are pushing for opt in, which allows consumers to give affirmative permission to the collection and sale of personal data by a business.

Rep. Ro Khanna, D-CA, for instance, crafted an (endorsed) Internet Bill of Rights with the opt-in stipulation, but said this hasn’t yet gained much traction in Congress. He’s hopeful recent events will shed light on the urgency for data privacy legislation.

This is an important trend to follow, as it will impact how businesses can market, and sell and collect personal data going forward.

Cybersecurity Legislation

As the digital landscape shifts and evolves, so do cybersecurity needs, threats, and sophistication levels. To keep up, organizations and governments need to ensure they’re meeting current cybersecurity standards — and preparing for near-future ones. Cybersecurity policy also changes to meet these needs, and impacts all entities of the public and private sectors.

By late 2021, the Center for Strategic and International Studies found 157 pieces of cybersecurity legislation from the 117th Congress, excluding the National Defense Authorization Act (NDAA) for fiscal year 2022. Risk assessment was the most popular category for both chambers.

Cybersecurity Policy Redefined

Identifying potential threats and vulnerabilities, and analyzing what could happen if an attack occurs, is critical to cybersecurity hygiene. This risk assessment has organizations largely turning to reporting and responding — they must know whom to tell and what to do to manage the situation. So, lawmakers have been outlining processes and procedures to streamline response.

Congress introduced the Cyber Vulnerability Disclosure Reporting Act, which would require the Department of Homeland Security to publish policies and procedures to coordinate the reporting of digital flaws. In the Strengthening American Cybersecurity Act of 2022, Congress passed a law requiring operators of critical infrastructure to report significant cyberattacks to DHS’ Cybersecurity and Infrastructure Security Agency within 72 hours. A ransomware payment would have to be reported within 24 hours.

At the state level, New Jersey introduced a bill requiring public agencies to report cybersecurity incidents to the New Jersey Office of Homeland Security. And West Virginia is calling on the Office of Technology to outline reporting requirements.

Legislators are also redefining terms like “disaster” and “larceny” to include certain cyber incidents. With the rise of massive cyberattacks like WannaCry and the Colonial Pipeline attacks, changes in cybersecurity policy (including definitions pertaining to such) will continue to evolve and impact businesses and government entities alike. Tracking cybersecurity legislation will help your organization keep abreast and compliant of important cyber policy trends.

What This All Means for Digital Policy

Data privacy and cybersecurity are just two key trends when considering the digital policy landscape. As they change with technological evolution, policy will change, too.

When new social media sites gain traction, when marketing strategies rely on consumer data, when companies and governments face cyberattacks that can impact national security — all this is used to dictate and direct digital policy. Analyzing online engagement isn’t enough to know or prepare for what’s to come — and often, these tools miss the bigger picture.

Savvy organizations know they need to not only track emerging and developing legislation and regulations, but also understand and stay ahead trends and sentiment that can affect policy and, in turn, their business. FiscalNote gives you the tools and solutions to help you get ahead of major policy, geopolitical, and marketing moving events before they become law.