Tech News

Tech industry titans suddenly love internet privacy rules. Wanna know why? We’ll tell you

Analysis After years of fighting to prevent any form of legislation that would safeguard Americans’ online privacy, this week, Congress will have two hearings on the topic during which the tech industry will outline its newfound love for laws covering its business. But, experts warn, there is one big goal behind the sudden willingness to engage: a set of nationwide federal laws, strongly influenced by the industry itself, which override individual state laws, and in particular, a California law that was passed last year in an extraordinary last-minute compromise.

“Here’s a quiet fight brewing in Washington that you should pay attention to,” the newly appointed FTC Commissioner Rohit Chopra tweeted on Monday. “It’s called preemption – that’s the ability of Congress to hit delete on all state data protection laws.” The issue of federal versus states’ rights is one of the United States’ most enduring battles. In the past year, the rules surrounding telecoms and the internet have been pulled firmly into its orbit, not least thanks to the FCC’s controversial decision to tear up its own rules on net neutrality.

Tech industry

While Congress has failed miserably to deal with key issues in the digital era, and federal regulators have adopted a hands-off (or should that be hands-free?) approach to regulation, state legislators have stepped in and started making laws to protect their constituents from harm. But now Big Tech has realized that federal laws are inevitable; it has decided to see if it can use the process to eliminate the current rules it doesn’t like. As Chopra put it, “If Congress includes preemption in federal law, this might erase the biometric privacy law in Illinois, the data broker law in Vermont, and the new consumer privacy law in California. Members of Congress are starting to push back.” An entire raft of state laws have been developed to deal with internet privacy, all of which could be effectively struck from the law books if an overreaching federal law is introduced – you can view a list on the National Conference of State Legislatures’ dedicated internet privacy page.

All eyes on the West Coast

But the foremost target is California’s law that appeared out of nowhere and was passed in record time last July. The California Consumer Privacy Act of 2018 was the first data privacy law passed in the US, despite years of legislative efforts in Washington, DC. While it didn’t completely extend European-style GDPR protections, it did give the state’s 40 million inhabitants the ability to view the data that companies hold on them and, critically, request that it be deleted and not sold to third parties.

Tech giants loathe the law, which threatens to undermine their fundamental business model of gathering, packaging, and selling user data while doing as much as possible to keep people as uninformed as possible about what information they have on them. Under California law, any company with data on more than 50,000 people is covered, and each violation carries a hefty $7,500 fine.

How did online giants like Google and Facebook, based in Cali, ever allow such a law to pass? Why didn’t they use their full lobbying might in Sacramento to kill it? The fascinating answer behind that one is that they feared a worse alternative: a ballot measure. A chance for voters to give a thumbs up to new safeguards for their information.

In early 2016, several dedicated individuals with the funds and legislative know-how to make data privacy a reality worked together on a ballot initiative to allow Californians to provide themselves with their privacy rights after lobbyists of Big Tech and Big Cable shot down every other effort in Sacramento and Washington DC.

Such a law is enormously popular with voters. After real estate developer Alastair Mactaggart put about $2m of his own money into the initiative, it made its way through the somewhat complex procedure and was just about to be placed onto the official ballot to voters. It was almost certainly going to pass, and that meant that not only would Big Tech be forced to deal with a data privacy law, but it would be far harder for it to change the legislation after the fact through Sacramento lobbying. It came down to the wire: Mactaggart said that if California’s governor signed a new privacy act into law before the ballot deadline, he would pull it. And so California’s Congress scrambled, Governor Brown signed it, and the evening of the deadline, the ballot measure was pulled.

Some changes, I think.

But, this being a legal sausage-making machine, legislators included an 18-month window to make “technical, clean-up amendments” before the law took effect in January 2020. Big Tech has been furiously trying to undermine the rules every since, with limited impact since there is now a large spotlight on the process. Not so in Washington DC, where a data privacy law is still in its early stages and so subject to all manner of behind-the-scenes lobbying. Which is how we get to this week’s Congressional hearings.

As we mentioned last week, the industry has already sewn up the Senate hearing, to be held on Wednesday, with most of the witnesses representing the industry view. Just for good measure, the tech giants’ representatives are rubbing privacy advocates’ faces in it by holding a reelection fundraiser the night before the hearing for the committee chairman, Senate Roger Whicker (R-MS). Meanwhile, the House hearing’s witness list was released on Monday and struck more of a balance, listing a senior director of the US’ “largest online civil rights organization” Color of Change, as well as the CEO of the Center for Democracy & Technology (CDT), both of which are strongly in favor of giving netizens the right to decide what is done with their data. On the other side sit the VP of public policy for the Interactive Advertising Bureau (IAB), who will promote the idea of industry self-regulation, as well as Roslyn Layton from the “non-partisan” think-tank the American Enterprise Institute (AEI), which pushes Big Cable’s lines on everything from net neutrality to 5G to data privacy.

In a nutshell

Most crucial, though, is the vice president for technology and innovation at Business Roundtable, which closely reflect the careful line that business will take when it comes to a data privacy law: saying everything that people want to hear while focusing obsessively on the fine detail to ensure that the US does not get GDPR-style protections. “At the heart of the Business Roundtable proposal is a set of core individual rights that we believe consumers should have over their data,” reads its testimony [PDF] before listing what sounds like a privacy advocates’ dream:

The right to transparency regarding a company’s data practices, including the types of personal data that a company collects, the purposes for which these data are used, and whether and for what goals personal data are disclosed to third parties. The right to exert control over their data based upon the sensitivity of the information, including the ability to control whether their data are sold to third parties. The right to access and correct inaccuracies in personal data about them and. The right to delete personal data.

Of course, all the data remains in the hands and control of the companies, and they are the ones that get to decide how it is disclosed, how it is amended, what constitutes inaccuracies, and what kind of “rights” individual users will get. And as for fines for failing to adhere to the new law – which pretty much everyone agrees is the only thing that has given Europe’s GDPR law any teeth – there’s no need for that. There is no mention of that stick in any of the pro-industry remarks. What the testimony does mention repeatedly, however, is the need for a “consistent, uniform framework.” One that works across the United States. One that provides a “stable policy environment” that prevents “inconsistent approaches to privacy both domestically and abroad” and stops “inconsistent protections for consumers.”

Johnny J. Hernandez
I write about new gadgets and technology. I love trying out new tech products. And if it's good enough, I'll review it here. I'm a techie. I've been writing since 2004. I started Ntecha.com back in 2012.