During Senate Hearing, Tech Companies Push for Lax Federal Privacy Rules

Executives urged against GDPR-like regulations

South Dakota Sen. John Thune chairs the Senate committee.
Getty Images

As concern over personal data protections continues to mount, representatives for six major tech and communications companies, including Google, Amazon and Apple, told federal lawmakers today that they supported federal data privacy legislation—so long as it is not nearly as strict as the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act.

High-ranking executives for Google, Amazon, Apple, Twitter, Charter Communications and AT&T implored members of the Senate Commerce, Science and Transportation Committee to consider federal consumer data privacy regulations that would give consumers some protections while still allowing for their companies to collect and use personal data.

“The question is no longer whether we need a federal law to protect consumers’ privacy,” said South Dakota Sen. John Thune, a Republican who chairs the Senate committee. “The question is: what shape will that law take?”

Representatives from all of the companies encouraged a federal law that would preempt state-level laws that might impose more restrictions on the companies or may result in a “patchwork” set of rules that vary state-by-state. Leonard Cali, the senior vice president of global public policy at AT&T, urged lawmakers to “strike the right balance” between protecting consumer privacy while still allowing businesses to collect and use personal data. Cali described the GDPR law as “overly prescriptive and extremely burdensome,” and said that the California Consumer Privacy Act was too restrictive when it comes to data collection abilities.

“What we’re urging is a comprehensive federal law that looks at both of these laws, learns from these laws, and does better than them,” Cali said.

Google chief privacy officer Keith Enright and Apple software technology vice president Guy Tribble both discouraged legislators from taking the same steps as GDPR, saying that small and medium-sized businesses might be less able to finance the compliance costs related to strict regulatory frameworks. Damien Kieran, the global data protection officer and associate legal director of Twitter, said that relatively small social media companies would be impacted negatively and disproportionately by GDPR-like legislation.

Andrew DeVoce, Amazon’s vice president and associate general counsel, said that the California privacy bill contained provisions that “do not promote best privacy practices.”

Tech companies are rushing to get a seat at the table for a federal data privacy framework that could have major implications for their businesses. The push for regulation is a reversal from tech companies’ longtime approach to resist regulation, and is an effort to preempt the strict California Consumer Privacy Act, said Omer Tene, the vice president and chief knowledge officer of the nonpartisan International Association of Privacy Professionals.

“Standing alone, California is the fifth biggest economy in the world, and there are probably very few businesses in the U.S. that don’t have California customers,” Tene said. “Effectively, a California law becomes a national standard, and in that case, if it is a strict standard, it is evident why companies want Washington to preempt that with something more lenient.”

During the hearing, Massachusetts Sen. Ed Markey said he was eager to draft a strong national privacy law before preemption was discussed. Similarly, New Mexico Sen. Tom Udall warned against advancing a “weak” law that would prevent states from taking their own action.

“Each one of your companies has said publicly or privately that we must push through federal legislation based on a framework that preempts states from passing their own protections, and I’m here to say we cannot push through a weak federal law that preempts states and leaves consumers, especially children, without the necessary safeguards and protections,” Udall said.

Some lawmakers have signaled that they support the idea of giving the Federal Trade Commission more legal authority to make rules pertaining to data privacy and consumer protection. But when pressed by Florida Sen. Bill Nelson, some representatives balked at the idea that Congress might give the FTC rule-making power.

Recommended articles