California’s consumer privacy law, passed in late June, has spurred demand for federal regulations to avoid a patchwork of state-by-state rules.
To discuss what federal privacy laws might look like, representatives from AT&T, Amazon, Google, Twitter, Apple and Charter Communications met with the Senate Committee on Commerce, Science and Transportation on Wednesday in Washington, DC.
Here are five key points that came out of the debate.
Will federal privacy law be tough enough?
If a federal privacy law is enacted, it could end up being weaker than the California privacy law, noted Hawaii Sen. Brian Schatz, a Democrat. While “the holy grail is pre-emption,” he stated that he wouldn’t support legislation that would offer less protection than California’s law.
“We should ensure we do something meaningful,” Schatz said, expressing concern that a progressive California law could be replaced with a non-progressive federal law.
Apple doesn’t rely on personal data – and is more accepting of tough legislation
Apple stood out for taking a harder stance occasionally than its peers. “We want the bar be high enough on the federal legislation to provide protection to the consumer that’s effective,” said Guy “Bud” Tribble, Apple’s VP of software technology. Apple also wanted legislation to apply equally to everyone, even non-advertising businesses like itself.
“Apple’s business does not depend on personal data,” Tribble said. But he acknowledged that every company, at some point, has personal or private consumer information.
Most tech companies want a default opt-out – but Charter wants an opt-in
When asked if they wanted to keep the default opt-out in the California privacy law, AT&T, Apple, Google and Twitter said they would like to see that default setting continue. Charter Communications differed.
“We think consumers should be empowered to control data through an opt-in,” said Rachel Welch, SVP of policy and external affairs – perhaps signaling Charter does not see advertising as much of a strategic focus as its rival AT&T.
The FTC needs more staff to enforce consumer privacy
In order to enforce a federal data protection law, the Federal Trade Commission (FTC) would likely need more staff and more authority. It would also enable a more general law to be enacted, with the understanding that the FTC would outline appropriateness similar to how judges help clarify interpretations of the law.
The companies said that they would support provisions to increase the FTC’s budgets and authority – but gave “qualified yes” answers that spoke to some discomfort around the idea.
For the Senate, data regulation goes beyond consumer privacy
The senators at the hearing showed strong command of the advertising ecosystem – but at some points brought together topics related, but tangential, to data privacy.
Political ads were briefly discussed and dropped. Data security and data privacy were deemed to be separate but related topics. National security came up: The senators were not a fan of Google’s plans to build a separate search engine in China, or the possibility that any of the companies present gave customer data to Russia or China.
There was one moment reminiscent of Facebook CEO Mark Zuckerberg’s “Senator, we sell ads” response.
“I’m a regular guy. I’m a farmer. This thing mystifies me,” said Sen. Jon Tester (D-Mont.), waving his phone at the group. He noted that after he searches for tires, he starts getting ads elsewhere for the product. “I’m checking scores on ESPN later and an ad for tires comes up. How the hell did they get that information?”
Tester asked Google how it took his personal information to serve a tire ad on another site, and he wanted to know if a Russian firm or a Chinese firm would have access to that type of customer information.
Google Chief Privacy Officer Keith Enright didn’t explain retargeting, but informed Tester he could calibrate his Google account privacy settings.