In an open letter to Congress, 51 top CEOs in the United States requested swift passage of new federal privacy legislation. In the letter addressed to House and Senate leaders, CEOs from companies such as Amazon, IBM, Dell and JP Morgan Chase signed off on the idea of a “comprehensive consumer data privacy law” that would essentially replace the growing number of state data privacy laws that govern the way corporations can use, share and monetize personal information.
According to these CEOs that are members of the Business Roundtable, the current policymaking environment is simply too unstable and too uncertain. What is needed now more than ever, they say, is a federal law that would supersede all of the competing state laws and help to unite companies across all sectors of the economy with one central way of thinking about personal privacy. Only this approach, they suggest, would establish a stable policy environment.
The pros and cons of federal privacy legislation
The big question now, of course, is whether federal privacy legislation would actually be good for consumer privacy. On one hand, it’s a very encouraging sign that top CEOs from a range of different industries – including both technology and financial services – now see the urgent need for new consumer privacy legislation. After all, haven’t the past 18 months been filled with story after story of tech companies compromising the data privacy of consumers? From this perspective, the 51 CEOs signing off on the federal privacy law would appear to have the best interests of consumers in mind, all in an effort to regain consumer trust and establish a legal and regulatory framework that respects consumers.
However, the top CEOs appear to be framing the debate over data privacy primarily in terms of economic growth and business innovation. Quite simply, there appears to be widespread agreement among companies that the current “patchwork” system of state legislation is too difficult for companies to keep up with. In the end, this uncertainty will inevitably have a chilling effect on growth and innovation. If the process of designing new products needs to be updated every few months to take into account a new state privacy law for how data is collected, wouldn’t that tend to put the brakes on any new product launches?
Thus, say policymakers and consumer groups, there is another way to view this open letter to top Congressional leaders. Data privacy advocates, for example, say that federal privacy legislation would actually end up eroding privacy protections of consumers. As they see it, this sudden push for federal privacy legislation is really just a gambit to take over the national debate over consumer privacy, potentially stave off new state legislation coming down the pike and prevent new penalties from being handed out by the Federal Trade Commission (FTC). By aggregating and consolidating all debate around consumer privacy into a single discussion about federal privacy legislation, it will be much easier for tech lobbyists and other entrenched corporate interests to whittle away at consumer protections.
Paul Bischoff, privacy advocate with Comparitech, suggests that Big Tech companies might be doing everything they can to dilute new legislation: “The letter requests a federal data protection law without giving any specifics as to what that law might contain. Treat this with a healthy dose of skepticism. Some of the executives who signed the letter work at companies that actively lobbied against pro-consumer privacy regulations in the past. Comcast and AT&T for example, were both in favor of repealing broadband privacy in 2017. I think this is more of an attempt to make doing business easier by creating a uniform set of regulations across all states, and less of an attempt to protect consumers. It’s also worth noting the companies that aren’t on the list, including Microsoft, Google, Facebook, and Apple.”
As proof of this, data privacy experts point to the Business Roundtable’s so-called “Framework for Consumer Privacy Legislation.” This framework seeks to carve out new definitions for terms like “personal data” that would protect existing business models of companies such as Google and Facebook. The proposed definition for “personal data” would be much narrower than under the current General Data Protection Regulation (GDPR) in Europe, and there are other ways that tech lobbyists might be able to chip away at the federal privacy legislation over time.
Certainly, there are both pros and cons to federal privacy legislation, as Lecio DePaula Jr., Data Privacy Director of KnowBe4, makes clear: “Creating a national privacy law can provide many benefits for U.S. consumers, especially since organizations will only have to follow one standard. However, if a law such as this were to be created, it is necessary to look at it from all angles to provide consumers the protections granted to them by the constitution and their undeniable right to self-determination. Some of the big players do not want to see U.S. consumers given full authority over their data, which is a consumer digital asset – whether the consumer is aware or not. The large players have been making billions of dollars off of this data for a long time now, and creating a law that is prescriptive such as the CCPA or the GDPR in the EU can cause harm to the bottom line. These laws are being created to protect consumers and although not all aspects are business friendly, organizations should be able to find innovative ways to still use the personal data in an legal and ethical way that still enables their businesses. Creating a national law that is less prescriptive will not be beneficial in the long run – these laws have been needed for a long time now.”
California 2020 on the horizon
While this open letter to Congress might appear at first to be some sort of promotional stunt pulled off by the Business Roundtable, there is definitely a sense of growing urgency around the call for federal privacy legislation. The big event that is coming up, of course, is the rolling out of the California Consumer Privacy Act (CCPA) in January 2020. At that time, California will have the strictest privacy laws in the nation, and since many of the top tech companies are based in California (i.e. Silicon Valley and Palo Alto), the CCPA is seen as potentially having the greatest impact on tech firms such as Google and Facebook.
What is interesting about the open letter about federal privacy legislation is who didn’t sign the letter. While tech CEOs from Amazon, IBM, SAP and Salesforce signed off on federal privacy legislation, Apple CEO Tim Cook did not. That, despite the fact that Tim Cook has been one of the most vocal advocates for stricter privacy laws, and that Apple has been making privacy a key part of its marketing and promotional strategy.
Bipartisan consensus, but still deep divisions
That would seem to suggest that, even within the tech world, there are deep divisions about what to do about federal privacy. Some companies, of course, are doing everything they can to protect their existing business models. Companies that rely on online advertising would fall into this camp. Other companies are using privacy as a way to “beat up” on their rivals and win over new consumers who are attracted to companies preaching the gospel of personal privacy. The privacy-focused Brave browser would appear to fall into this camp, as it looks for ways to win over users from Google Chrome. And then there’s the case of Apple – a company that is using privacy to beat up on rivals like Facebook and Google, but that is also understandably concerned that the debate over personal privacy might go too far.
One thing is certain – there has never been a better time to push for federal privacy legislation. It is a subject that is top-of-mind for politicians, consumers and members of the media. In the past, there have been similar attempts to push forward federal privacy legislation, but all have fallen short. As a result, it is the legislators at the state level and not the federal level that have taken the lead on protecting consumer privacy. As we head into 2020, and with the CCPA looming on the horizon, it will be interesting to see how top tech companies maneuver over the next few months to get the type of federal privacy legislation that is most favorable for their existing business models and that can strengthen consumer trust.