The Internet Association (IA) — a trade group representing major internet firms such as Facebook, Amazon and Alphabet/Google — called for updates to federal data privacy legislation on Tuesday. Updates at the federal level could potentially overide the newly passed California Consumer Privacy Act (CCPA).
More than 40 top tech firms are members of the IA.
The IA is calling for data handling laws that include the principles of transparency, controls, access, correction, deletion and portability. It is also asking policymakers to consider several items while crafting a federal law:
- Fostering privacy and security innovation
- National data breach notification law
- Technology and sector neutrality
- Performance standard-based approach
- Risk-based framework
- Modern and consistent national framework for individuals and companies
The CCPA is scheduled to go into effect January 1, 2020. It mirrors many of the data privacy provisions included in the Europe’s General Data Protection Regulation (GDPR), such as strong consumer rights and harsh penalties.
Last month, the US Commerce department revealed that it had started meeting with some of these companies in a move toward eventual legislation. It was unclear precisely who was included in these talks, or if any consumer advocacy groups were included. It was reported that tech companies such as Facebook, Google, IBM, Microsoft were aggressively lobbying Trump administration officials about the potential law.
In a release announcing the news, IA President and CEO Michael Beckerman said, “Data has revolutionized every part of our economy and our lives, both online and offline. Businesses and nonprofits of all sizes, in every sector of the economy, have integrated data into their products and services to the benefit of consumers, which is why internet companies support an economy-wide, national approach to regulation that protects the privacy of all Americans.”
Federal data privacy laws inevitable, likely pro-business
Last week the US Chamber of Commerce also asked Congress to to some up with federal privacy legislation that would preempt the CCPA.
The Trump administration has signaled that it will take a pro-business angle when crafting a federal law.
David J. Redl, a senior member of the US Department of Commerce, told the Internet Governance Forum (IGF) in July that for the Trump administration, “…our driving force will be a commitment to meeting [the] challenges [we face] in a way that ensures America’s prosperity and clears the way for innovation. America has seen enormous benefits from this approach, so we must continue to give a green light to innovators to create a more secure, more open and more prosperous Internet.”
Dimitri Sirota, chief executive officer of data privacy vendor BigID, says “News of the Internet Association backing a national approach speaks to the fact that leading internet companies are conceding that privacy will be regulated. Now there is a rush to shape the contours.”
Sirota says that there may be some conflicts to overcome, but that at the end of the day there will be a federal data privacy law.
The challenge for these companies is that both political parties are willing to pick a fight with them for a variety of reasons – whether because they think it’s a winning position at the ballot box, fear of power concentration, or grievances over unrelated but conflated topics like shadow banning and search bias.
Whatever the outcome, it’s evident that all sides of the dialogue are acting like federal regulation of privacy is inevitable. It’s now a debate over degrees.
But Congressional sympathy isn’t a sure thing for tech firms, as lawmakers continue to bring them in for questioning on Capitol Hill. Facebook’s Mark Zuckerberg as and Sheryl Sandberg, and Twitter’s Jack Dorsey have testified this year.
On Wednesday, Reuters reported that six major tech firms including Amazon, Apple and Twitter, will testify before the US Senate about their data privacy practices. The group also includes AT&T, Charter Communications and Google.