Executives from Google, Amazon, Apple, and Twitter will ask US lawmakers for greater regulation this week, in a dramatic change to their approach.
Until now, the companies have lobbied politicians to leave them alone. But when they make their latest appearance before US senators on Wednesday, tech bosses are expected to argue for a comprehensive national privacy law to supersede state legislation.
The executives, who include Keith Enright, Google’s chief privacy officer, and Damien Kieran, Twitter’s global data protection officer, are likely to offer more transparency and more access to data for consumers.
The hope is that, by pushing for a national law, they can avoid stricter rules at the state level. California passed sweeping privacy legislation this summer, while Massachusetts passed a bill strengthening protections for consumers suffering data breaches. Legislators in Illinois are proposing a controversial ban on the collection of facial recognition data.
Tech companies fear that these state laws could become the default for the entire US, in the same way that California’s legislation regulating auto emissions became the national standard, because companies are often unwilling to leave large states or create different services for different territories.
Senators ‘should not fall for the standard line’
The California privacy legislation was signed into law in June after tense negotiations between privacy activists and Silicon Valley companies.
The new legislation establishes a broad definition of what constitutes personal information, including aggregated data, and imposes restrictions on when data can be sold to third parties, giving consumers the option to pay more to opt out of the sale of their data. The law is also armed with fines for data breaches, much like the EU’s General Data Protection Regulation (GDPR), which was introduced in May.
The tech companies say that the strict rules adopted in California will hurt businesses and potentially lead to websites closing, as happened in the EU following the introduction of GDPR. They hope that a new federal law would override the state legislation.
Alastair MacTaggart, a real estate developer turned privacy activist, said Washington was taking privacy seriously for the first time, but warned against diluting the rules he had helped to create for California.
“Senators should push the companies. They should not fall for the standard line, which has been that jobs will be destroyed, the economy will suffer, and you won’t have this great innovation engine,” he said. “That is just not true — all we are doing is offering some pretty basic rights to consumers.”
Half of Americans do not trust the government or social media sites to protect their data
The US has historically had distinct privacy laws for separate sectors, such as finance or healthcare, or for categories of people, such as children. Large sections of the economy that deals in data are not covered by existing legislation. But as the use of data has exploded, so too have large data breaches, such as the leak of Facebook information to Cambridge Analytica, the political consultants, or the hack of the credit rating agency Equifax.
As a result, half of Americans do not trust the federal government or social media sites to protect their data online, according to a 2016 study from the Pew Research Center on Internet and Technology.
Lawmakers are exploring ways to introduce a comprehensive national privacy law. Democratic Senator Amy Klobuchar and Republican senator John Kennedy have introduced the bipartisan Social Media Privacy Protection and Consumer Rights Act of 2018, while Democratic senators Ed Markey and Richard Blumenthal have been working on the Consent Act.
“How many more breaches do we need when public trust in our companies is going out of the window before we decide to act and put some rules in place?” asked one Democratic staffer. “It is really important to act in this space.”
Firms call for ‘proper balanced approach’
The Senate commerce committee will question US tech executives on Wednesday with the aim of trying to understand how companies are coping with the EU’s GDPR and preparing for the new California statute, which will go into effect in 2020.
Senators will also probe how dependent the companies’ business models are on consumer data — and how they price it, debating whether consumers should be allowed to “opt out” or asked to “opt in” to data collection, if they should have the right to sue companies, and whether they should have to prove “concrete harm” was done to them if they do.
Tim Day, the senior vice-president of C_TEC, the US Chamber of Commerce’s technology engagement centre, said he did not believe the California law was the “proper balanced approach” and had concerns about other proposed state laws.
“I think a world with those states, in addition to California and GDPR, is not workable for consumers and business,” he said.
The lobbying group, which represents big tech companies and smaller firms, plans to publish its own proposed legislation by the end of next month. The organisation has spent months consulting more than 200 companies and wants punishments for data breaches to be focused on proving harm was done to consumer, which can be difficult in privacy cases. Under the California law, a victim needs only to prove their data were leaked in order to pursue a case with the regulator.
But Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation, a non-profit that pursues consumers’ digital rights, said he had “zero confidence” that the industry would pursue strong federal legislation.
“They have never supported a privacy bill or privacy regulation ever,” he said. “They should get the side eye for saying this now.”
Executives from Google, Amazon, Apple, and Twitter will ask US lawmakers for greater regulation this week, in a dramatic change to their approach.
Until now, the companies have lobbied politicians to leave them alone. But when they make their latest appearance before US senators on Wednesday, tech bosses are expected to argue for a comprehensive national privacy law to supersede state legislation.
The executives, who include Keith Enright, Google’s chief privacy officer, and Damien Kieran, Twitter’s global data protection officer, are likely to offer more transparency and more access to data for consumers.
The hope is that, by pushing for a national law, they can avoid stricter rules at the state level. California passed sweeping privacy legislation this summer, while Massachusetts passed a bill strengthening protections for consumers suffering data breaches. Legislators in Illinois are proposing a controversial ban on the collection of facial recognition data.
Tech companies fear that these state laws could become the default for the entire US, in the same way that California’s legislation regulating auto emissions became the national standard, because companies are often unwilling to leave large states or create different services for different territories.
Senators ‘should not fall for the standard line’
The California privacy legislation was signed into law in June after tense negotiations between privacy activists and Silicon Valley companies.
The new legislation establishes a broad definition of what constitutes personal information, including aggregated data, and imposes restrictions on when data can be sold to third parties, giving consumers the option to pay more to opt out of the sale of their data. The law is also armed with fines for data breaches, much like the EU’s General Data Protection Regulation (GDPR), which was introduced in May.
The tech companies say that the strict rules adopted in California will hurt businesses and potentially lead to websites closing, as happened in the EU following the introduction of GDPR. They hope that a new federal law would override the state legislation.
Alastair MacTaggart, a real estate developer turned privacy activist, said Washington was taking privacy seriously for the first time, but warned against diluting the rules he had helped to create for California.
“Senators should push the companies. They should not fall for the standard line, which has been that jobs will be destroyed, the economy will suffer, and you won’t have this great innovation engine,” he said. “That is just not true — all we are doing is offering some pretty basic rights to consumers.”
Half of Americans do not trust the government or social media sites to protect their data
The US has historically had distinct privacy laws for separate sectors, such as finance or healthcare, or for categories of people, such as children. Large sections of the economy that deal in data are not covered by existing legislation. But as the use of data has exploded, so too have large data breaches, such as the leak of Facebook information to Cambridge Analytica, the political consultants, or the hack of the credit rating agency Equifax.
As a result, half of Americans do not trust the federal government or social media sites to protect their data online, according to a 2016 study from the Pew Research Center on Internet and Technology.
Lawmakers are exploring ways to introduce a comprehensive national privacy law. Democratic Senator Amy Klobuchar and Republican senator John Kennedy have introduced the bipartisan Social Media Privacy Protection and Consumer Rights Act of 2018, while Democratic senators Ed Markey and Richard Blumenthal have been working on the Consent Act.
“How many more breaches do we need when public trust in our companies is going out of the window before we decide to act and put some rules in place?” asked one Democratic staffer. “It is really important to act in this space.”
Firms call for ‘proper balanced approach’
The Senate commerce committee will question US tech executives on Wednesday with the aim of trying to understand how companies are coping with the EU’s GDPR and preparing for the new California statute, which will go into effect in 2020.
Senators will also probe how dependent the companies’ business models are on consumer data — and how they price it, debating whether consumers should be allowed to “opt out” or asked to “opt-in” to data collection, if they should have the right to sue companies, and whether they should have to prove “concrete harm” was done to them if they do.
Tim Day, the senior vice-president of C_TEC, the US Chamber of Commerce’s technology engagement centre, said he did not believe the California law was the “proper balanced approach” and had concerns about other proposed state laws.
“I think a world with those states, in addition to California and GDPR, is not workable for consumers and business,” he said.
The lobbying group, which represents big tech companies and smaller firms, plans to publish its own proposed legislation by the end of next month. The organisation has spent months consulting more than 200 companies and wants punishments for data breaches to be focused on proving harm was done to consumer, which can be difficult in privacy cases. Under the California law, a victim needs only to prove their data were leaked in order to pursue a case with the regulator.
But Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation, a non-profit that pursues consumers’ digital rights, said he had “zero confidence” that the industry would pursue strong federal legislation.
“They have never supported a privacy bill or privacy regulation ever,” he said. “They should get the side eye for saying this now.”
