Big Tech Launches Full-Court Press for Federal Privacy Rules

Industry is counting on Washington to rescue them from the aggressive new data-privacy laws coming out of California and elsewhere.

Senate Commerce, Science, and Transportation Committee Chairman John Thune (left) and Senate Judiciary Committee Chairman Chuck Grassley shake hands with Facebook CEO Mark Zuckerberg after a hearing about how data from the social-media giant was used to target American voters in the 2016 election April 10.
AP Photo/J. Scott Applewhite
Sept. 13, 2018, 8 p.m.

Despite an escalating series of privacy scandals, the tech industry’s cadre of Washington lobbyists have for years resisted attempts by policymakers and consumer advocates to craft federal rules governing the use—and punishing the misuse—of their customers’ personal data.

After the events of the last week, it seems safe to declare that resistance officially over.

On Tuesday the Internet Association, a trade group representing Facebook, Amazon, Alphabet, and nearly all other top-tier Silicon Valley platforms, announced their support for a federal framework to address data privacy. By Wednesday they were joined by the Software Alliance, a consortium that includes Apple, Oracle, IBM, and Adobe. Both groups came in behind the U.S. Chamber of Commerce, who last Thursday introduced their own plan for a federal privacy law.

Together, the groups encompass nearly every major company collecting or tracking consumer data in the United States. And representatives from all three are pointing to escalating global anxiety over privacy—supercharged by Cambridge Analytica and other scandals—as the driver of their newfound enthusiasm for federal rules.

Skeptical privacy advocates, however, point to the June passage of the California Consumer Privacy Act. The law is a forceful set of privacy provisions that restrict some common data-harvesting methods, expand opt-out requirements, mandate data portability, and potentially open the door to a flood of tech lawsuits.

California’s rules are slated to go into effect in 2020, but could be preempted by federal legislation. Achieving that preemption, say many privacy advocates, is the real reason behind Silicon Valley’s sudden U-turn.

“These industries have really fought tooth and nail against states passing privacy laws for a long time, and have never come to the table or have never supported a real consumer-privacy-protection structure,” said Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation. “And suddenly California passes a law that puts some teeth on certain practices, and now the industry is desperate for a federal law.”

The notion that California’s new law is driving industry’s about-face is echoed by some—though not all—of Washington’s tech lobbyists. “California in particular, we think they got it wrong,” Michael Beckerman, the president and chief executive of the Internet Association, said during an Atlantic Live event Thursday. “And there’s corrections that can be made at the federal level.”

Alan Friel, a privacy attorney at Baker Hostetler whose clients include many in the tech industry, said he believes California’s new law—along with similar efforts now being pursued in Illinois and elsewhere—finally pushed tech companies to the table. “I think that the industry would rather concentrate its efforts in Washington than in a dozen or half-dozen state capitals,” he told National Journal.

But Friel also took umbrage at the suggestion that the move is a ploy to dismantle real privacy protections in favor of a federal fig leaf. “Another way to say it is, it’s an attempt to preempt reckless and ill-advised and costly—maybe well-intentioned, but ill-advised—state efforts at regulation, and to prevent an unworkable patchwork of state laws that make it impractical, if not impossible, for our data-driven economy to operate,” Friel said.

The aggressive industry push for federal rules is complemented by rapid moves on privacy by the Trump administration and the Senate. The National Telecommunications and Information Administration, in coordination with industry stakeholders, is working on a nebulous set of privacy principles. So too is the National Institute of Standards and Technology, which hopes to develop best-practice privacy guidelines that industry can draw upon when needed.

Republican Senate Commerce Committee Chairman John Thune has meanwhile teased the impending release of data-privacy legislation, telling reporters last month that he hopes to release a bill in September.

On Wednesday Thune announced a hearing for later this month on data privacy, and negotiations between Senate lawmakers and industry stakeholders over potential legislation are ongoing.

“The legislative process is serious right now, and we expect significant legislation introduced this year to set the stage for next year,” said one industry source, who requested anonymity in order to freely characterize discussions with lawmakers.

Privacy advocates are dismayed by the industry’s abrupt about-face on federal legislation, convinced it’s a prelude to the passage of federal rules that will cripple the tough privacy regime passed in California.

Laura Moy, the deputy director of Georgetown Law’s Center on Privacy and Technology, said she’s confused by the Chamber of Commerce and the Internet Association’s plans to promote a “neutral” privacy framework across all industry sectors, regardless of the amount or type of consumer data handled.

“As a consumer, I don’t have the same privacy expectations when it comes to interactions with my doctor as I do when it comes to interactions with a telemarketer,” she said, suggesting that a blanket framework for different industry sectors would be unworkable.

Falcon expressed his concern over the slate of panelists set to address the Senate Commerce Committee on Sept. 26. While executives from AT&T, Amazon, Google, Twitter, Apple, and Charter Communications are expected to testify, consumer advocates are conspicuously absent.

“There’s dozens of consumer-privacy groups out there,” said Falcon. “If you invite none of them that are challenging industry, and you only invite the Chamber of Commerce membership, you’re not going to get a hearing that actually is going to produce thoughtful dialogue.”

“I think it’s 100 percent the industry driving Congress right now,” Falcon added, arguing that no committee leaders on Capitol Hill were seriously considering privacy legislation before industry began clamoring for a bill.

But Thune’s bill isn’t the only potential privacy legislation percolating in Washington. On Thursday Sen. Mark Warner, the ranking Democrat on the Senate Intelligence Committee, said at the Atlantic Live event that any privacy bill backed by him would likely receive “overwhelming” GOP support.

Warner released a white paper this summer that called for a federal privacy framework mirroring certain provisions from the EU’s new General Data Protection Regulation. That idea received a cool reception from the Washington tech lobby, many of whom have openly criticized Europe’s adoption of the GDPR.

Dean Garfield, the president and chief executive of the Information Technology Industry Council, said Thursday he supports Warner’s effort to address privacy at the federal level. But, he added, the senator is making a mistake by assuming the privacy problem is easy to solve, and that the main roadblock is the lack of industry desire to fix it.

“We haven’t developed rules before, and so we have to work together to figure it out,” Garfield said during the Atlantic Live event. “And [Warner’s] suggestion that it is so simple is simply inconsistent with reality.”

What We're Following See More »
Mueller Report Almost Done
1 hours ago

“Attorney General Bill Barr is preparing to announce as early as next week the completion of Robert Mueller's Russia investigation, with plans for Barr to submit to Congress soon after a summary of Mueller's confidential report. ... The preparations are the clearest indication yet that Mueller is nearly done with his almost two-year investigation. The precise timing of the announcement is subject to change. The scope and contours of what Barr will send to Congress remain unclear.”

SCOTUS Limits State and Local Governments' Ability to Levy Fines
3 hours ago

"The U.S. Supreme Court curbed the power of cities and states to levy fines and seize property, siding with a man trying to keep his Land Rover after he pleaded guilty to selling drugs. The unanimous ruling marks the first time the court has said that states and cities are bound by the Constitution’s ban on excessive fines, part of the Eighth Amendment."

Putin Threatens Arms Race
4 hours ago

"Moscow will match any U.S. move to deploy new nuclear missiles closer to Russia by stationing its own missiles closer to the United States or by deploying faster missiles or both, President Vladimir Putin said on Wednesday. Putin said Russia was not seeking confrontation and would not take the first step to deploy missiles in response to Washington’s decision this month to quit a landmark Cold War-era arms control treaty."

MAY 26-28
Trump to Visit Japan
4 hours ago
Trump Signs Border Deal
4 days ago

"President Trump signed a sweeping spending bill Friday afternoon, averting another partial government shutdown. The action came after Trump had declared a national emergency in a move designed to circumvent Congress and build additional barriers at the southern border, where he said the United States faces 'an invasion of our country.'"


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.