The tech industry and consumer groups are gearing up for a fight as lawmakers begin considering whether to draft a national privacy law.
The push to get Congress to enact federal privacy standards is gaining new urgency after California passed what is seen as the nation’s toughest privacy law this June. The measure forces businesses to be more transparent about what they do with consumer data and gives users unprecedented control over their personal information.
But the California law has sparked worries within the tech industry, which fears having to comply with a patchwork of varying state regulations.
Now industry groups are pushing Congress to pass a national privacy bill that would block states from implementing their own standards.
Privacy advocates are skeptical of the industry proposals and concerned that internet giants will co-opt the process in order to get protections that are weaker than the California standard implemented across the country.
“They do not want effective oversight. They do not want regulation of their business practices, which is really urgently needed,” Jeff Chester, the executive director of the Center for Digital Democracy (CDD), told The Hill. “They’re going to work behind the scenes to shape legislation that will not protect Americans from having all of their information regularly gathered and used by these digital giants.”
“They see federal law as an opportunity to preempt stronger rules,” he added.
Next week, executives from Google, Apple, AT&T and other major technology and telecommunications companies will testify before the Senate Commerce Committee as the panel’s Republican chairman, Sen. John Thune (S.D.), prepares to introduce a new privacy law.
Consumer groups are concerned that only industry voices will be heard at the hearing and that internet companies will have an outsized role in shaping the legislation. They are now demanding a seat at the table.
On Wednesday, a coalition of public interest groups including the CDD, the American Civil Liberties Union and the Electronic Privacy Information Center sent a letter to Thune asking him to ensure that consumers have a voice in the process.
“While we have no objection to the participation of business groups in Senate hearings on consumer privacy, the Senate’s first instinct should be to hear from the American public on these important issues,” the letter reads.
Frederick Hill, a spokesman for the committee, told The Hill in an email that the panel will hold more hearings on the issue.
“For the first hearing, the committee is bringing in companies most consumers recognize to make the discussion about privacy more relatable,” Hill said. “We expect there will be opportunities for other voices at future hearings on the subject.”
A source familiar with the committee’s plans told The Hill that it could hold a hearing for privacy advocates to testify in the coming weeks.
The stakes are high for all sides in the privacy debate after a year which saw Facebook rocked by a massive data scandal.
The company disclosed earlier this year that a data firm had accessed the personal data of over 80 million Facebook users. The revelation sparked a firestorm that saw CEO Mark Zuckerberg testifying before Congress in a pair of marathon hearings to address lawmakers’ concerns.
Overseas, Europe has already passed its own tough privacy law, which took effect this year.
Whether Congress can actually get behind a national privacy framework, though, is an open question. Lawmakers have tried before, unsuccessfully.
In 2012, the Obama White House unveiled a “Consumer Privacy Bill of Rights” that it hoped to enact into law. The debate dragged on for several years and the process was eventually derailed by contentious disagreements between business and consumer groups.
As Congress gears up to try again, industry groups in recent weeks have been pushing wish lists for what they hope to see in a federal privacy framework. Lobbying groups including the Chamber of Commerce, the Internet Association and BSA | The Software Alliance have all released their own sets of privacy principles.
The industry proposals include calls for codifying transparency rules that require businesses to disclose their collection practices and giving consumers the right to request copies of their data and request that some data be deleted.
Shaundra Watson, BSA’s policy director, said the group’s privacy principles were not a response to the new California law but the result of a discussion among their members, including companies like Apple and Microsoft, of how to codify the consumer protections they already offer.
“Our companies really are responsible for personal data, and so they not only want to continue to embrace those practices but look more broadly to see what protections should be in place across the board and concluded the best way to do that is a [federal] law,” Watson told The Hill.
But privacy advocates remain skeptical. After a series of data scandals, many tech critics believe that any effective privacy framework needs to restrict the data collection practices that companies like Facebook and Google rely on as a business model.
Chester, who says public interest groups are banding together to come up with their own legislative principles, believes the frameworks being pushed by industry lobbyists don’t go far enough.
“What has to happen is the basic business practices have to change,” he said. “We believe there need to be restrictions on how these companies engage in data collection.
“These so-called principles are really principles to undermine privacy, not to protect it,” he said.