As the specter of California’s Consumer Privacy Act looms over the tech world, many industry giants and trade groups have assumed a new role as collective cheerleader for broad federal privacy legislation.
It wasn’t all that long ago that tech companies balked at the idea, but many have changed their tune. That has some Democrats wary of their motivations.
“Are we here just because we don’t like the California law and we want a federal preemption law to shut it down – or do people think we can have meaningful federal privacy legislation without that?” asked Sen. Maria Cantwell, D-Wash., Wednesday during a Senate Commerce Committee hearing with tech trade groups and a privacy advocate.
With the “litany” of privacy violations in the headlines over the past year, it’s “somewhat disturbing,” though, that “the first thing people want to organize in DC is a preemption effort,” Cantwell said.
Sen. Amy Klobuchar, D-MN, who recently announced her bid to run for president in 2020, is making criticism of Big Tech a pillar of her platform. States are moving forward with their own privacy legislation, she said, to fill the void at the federal level.
“Part of it is because the companies you represent have been lobbying against legislation like this for years,” Klobuchar said, adding that she encountered pushback last year from tech players for her Honest Ads Act, although some companies, including Facebook, now support it.
But with the passage of the California Consumer Protection Act last year and the promise of more to come – there are currently 94 different privacy proposals pending in state capitals that touch on different regulatory schemes – there’s concern in the tech community that compliance is going to turn into a hellacious task.
A single law would do away with that headache, so the argument goes, and possibly be a little softer than what the various states come up with.
Preempting state laws with a strong federal privacy regime would also ensure that “wherever you go, you are protected under that same tough rule,” said Jon Leibowitz, Federal Trade Commission Chair under former President Barack Obama, and now co-chairman of the 21st Century Privacy Coalition, which represents the telecom industry.
But why is a patchwork of privacy laws de facto a bad thing? Granted, Europe went the preemption route with the General Data Protection Regulation, which replaced privacy regulations in EU member states, but that’s not the only way to do things.
“In the United States, we have a tradition of dealing with a patchwork of 50 state laws, [and] while there are virtues to consistency, it’s not the obstacle that would strike me as the first thing we have to surmount if we’re going to get privacy right,” said Woodrow Hartzog, the lone privacy advocate testifying before the committee, and a professor of law and computer science at Northeastern University.
Perhaps, though, there’s a middle ground. Look at the auto industry, which is regulated through a combination of state laws, rules enacted by the federal government and some self-regulation, said Randall Rothenberg, CEO of the Interactive Advertising Bureau.
“This trio is where you get the strongest opportunity to protect people’s safety, privacy and security,” Rothenberg said. “Clearly, you want consistency over chaos – that is the argument in favor of preemption – but, equally clearly, there is an absolute role for states to play in enforcement.”