Though you won’t see any of the Big Tech firms say it outright in plain language, conventional wisdom is that Silicon Valley would prefer federal privacy laws that are favorable to them to a patchwork of state laws that vary in their terms. As the notion of a federal data privacy bill has begun to pick up steam again and as it becomes more likely that such a bill will not supersede any relevant state laws, Big Tech appears to be putting more effort into lobbying at the state level.
A new report from The Markup finds that at least five state privacy laws have definite industry lobbying fingerprints on them, and that a bill in Virginia that is built on an industry-backed framework has been used as the basis for bills in at least 14 states.
Big Tech looks to control legislation at state level
The Markup’s report centers on Virginia’s newly-passed data privacy laws, which are based on a framework reportedly drafted by an Amazon lobbyist and incorporating elements from the Microsoft-backed Washington Privacy Act. Virginia state senator David Marsden, the champion of the bill, reportedly also consulted with a number of other Big Tech firms (including Microsoft) as well as major finance companies (such as Capital One) along with state delegate Cliff Hayes. When questioned by the media about the seemingly business-friendly slant of the new privacy laws, Marsden blamed consumer advocacy groups for “not showing up.”
The hastily-passed Virginia bill seems to be the basis for some fourteen other privacy laws that are now under consideration around the country. The Markup identifies certain key industry-friendly terms that are present in all of these bills: a focus on having consumers “opt out” rather than “opt in,” and immunity from civil lawsuits for companies that breach the privacy laws.
Big Tech still has its preference for federal privacy laws of this sort, and the endgame of influencing state laws may be to create the perception of a standard that should be adopted at the federal level. Some of the biggest names in tech have spent over $100,000 per state on lobbying in multiple states at this point to support these bills: Facebook, Microsoft, Apple, Amazon and Google are among the biggest spenders and those that most frequently “show up” to be heard by state legislators.
While the connection between the Virginia bill and most of these proposed state privacy laws is based on the similarity in terms, The Markup cites interviews with lawmakers and lobbying records in finding a direct connection between lobbyists and the terms found in the bills of five states: Connecticut, Florida, Oklahoma, Washington and Texas.
Competing visions of privacy laws play out in state-level battles
Big Tech wants to avoid any more bills similar to California’s Consumer Privacy Act (CCPA), which in turn takes numerous elements from the European Union’s General Data Protection Regulation (GDPR). Among other items that Big Tech considers onerous, these bills establish a right to privacy by default and a requirement that users opt in to various forms of data collection, tracking and sharing. The Big Tech approach gets users in the door first and then presents them with various options for opting out of data collection and removing personal information that has already been collected (and potentially shared). An object lesson that illustrates this preference can be seen in the recent privacy changes to Apple’s iOS operating system; when device tracking was on by default only about 50% of device users went into their settings menus to disable it, but new requirements that users proactively opt in to tracking are seeing initial opt out rates of about 75%. Tech and advertising industry lobbyists argue that opportunities for frivolous litigation created by such an approach will hurt not only Big Tech, but businesses of all sizes and types.
With enough of these copy-and-paste privacy laws passed in individual states, Big Tech may have more ammunition to go before Congress with. A June 2020 survey by eMarketer indicates that Americans are much more likely to look to the federal government for data privacy protection; 40% said that they see it as a matter for the national government to take up, as compared to 16% who put the onus of responsibility on local government. That’s slightly lower than the 17% of respondents who felt individuals were entirely responsible for their own data privacy and safety. The prospect of a federal bill was derailed for an extended period by the pandemic and the 2020 election, but members of the Senate are beginning to discuss some of the legislation that was tabled over a year ago again. Thus far the leading prospect is a bipartisan bill headed up by Sen. Amy Klobuchar (D) and Sen. John Kennedy (R), which contains the “opt out” framework that Big Tech prefers but also allows for state attorneys general to bring civil actions against violators.