Skip to main content
close search
site logo

Big tech calls on Congress for privacy regulation, pushing back on state mandates

Silicon Valley wants to change a lot of the language in California's bill, if not remove it completely.

Published Sept. 6, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Ryan McKnight for CIO Dive

When it comes to digital privacy, the U.S. is riding in a car without a seatbelt. A poor choice with long-range impact. The tech industry could unintentionally set precedent for other industries with its frugal acceptance of regulations.

Google, Microsoft, Facebook and IBM are lobbying the Trump administration for a federal privacy law in a bid to overrule California's newly minted state privacy bill. The language, similar to that of GDPR, is too aggressive for their liking.

While big tech views the majority of regulations as a threat, privacy is a simpler issue. GDPR, like California's Consumer Privacy Act of 2018, boils down to having a granular level understanding of where sensitive data lives and how efficiently it can be accessed.

But the narrative around this has been perceptually negative for companies. It's as if they are saying, "you are handcuffing me as an organization, you are not allowing me to succeed in the way I've traditionally succeeded," said Callum Corr, data analytics specialist at ZL Technologies, in an interview with CIO Dive.

It's understandable big tech isn't welcoming to a policy change that could aggravate its authority.

It's as if they are saying, "you are handcuffing me as an organization, you are not allowing me to succeed in the way I've traditionally succeeded."

Callum Corr

ZL Technologies

The seemingly more laissez-faire approach to digital privacy comes down to a cultural difference between the states and the European Union. Compared the EU, the U.S. is a more "litigation-happy society" and a courtroom can be the last obstacle, according to Corr.

At some point, however, organizations need checks and balances to make sure they are fair and safe. 

"The world of technology has been one hell of a great place," and because of the standards it creates and essentially sets for itself, its influence over other industries is notable and alarming, according to Corr.

The language has to change

Big tech wants to change a lot of the language in California's bill, if not remove it completely.

Among the key changes are where information is stored, how quickly businesses need to respond to a consumer's data request and steep fines, according to Corr.

No text has been revealed yet, making the tech industry's specific desires unknown, but "we know they do not support meaningful opt-in consent, right to know or civil liability for violating privacy to start," Ernesto Falcon, legislative counsel for the Electronic Frontier Foundation, told CIO Dive.

Organizations are trying to find a compromise of sorts. The U.S. Chamber of Commerce, Internet Association and Information Technology Industry Council are making efforts to craft voluntary standards in place of legal mandates. But an honor-based system could be futile.

The Information Technology Industry Council declined to comment and the Chamber of Commerce could not be reached for comment.

"It's not binding enough," said Corr. "Why am I going to opt into this? It's not beneficial to me," which makes it unlikely tech companies would vastly change any of their policies if it were voluntary standards. The American public would have to take action, like abandoning a platform, for it to really land a jab in big tech's ribs.

But the discussion of privacy is more popular then ever.

On Tuesday, the National Institute of Standards and Technology (NIST) announced a collaborative project modeled after its Cybersecurity Framework. The evolving framework is to "provide an enterprise-level approach" for aiding organizations in developing privacy strategies. The first public workshop takes place in October.

The framework is a voluntary tool for organizations to model and big tech is encouraged to participate, said Naomi Lefkovitz, senior privacy policy advisor and lead for the project at NIST, in an interview with CIO Dive. The program allows organizations to "pick your outcomes," which helps optimize privacy procedures in a collaborative manner. 

The politics of privacy

Privacy has become a political issue but it can't survive in a patchwork fashion across the 50 states.

It's natural for an industry to get involved in an issue that has direct impacts, but regulation designed by those it's meant to regulate could prove useless.

Ideally, privacy is a bipartisan issue, making progress difficult. Big tech has an agenda and is willing to lobby members of Congress. 

But change for any business is a challenge, and when it comes to the new era of privacy in the U.S., "we are wholeheartedly intimidated," said Corr. 

The change in how internet service providers (ISP) can traffic their services resulted in incentivizing ISPs to push back on privacy laws alongside big tech. While neither political party has established themselves as the champion of data privacy, there has been some interest from Democrats and Republicans exploring bills. 

Who cares

GDPR was the catalyst of California's privacy bill, and both left an impact on large tech companies, especially those that rely on consumer data to generate revenue, like Facebook and Google. But aiding in the construction of a privacy bill could make the impact less forceful.

"There are renewed efforts to define the privacy legislation frameworks of the future, and we look forward to working with policymakers around the world to move the process forward," according to a Google spokesperson.

"(Tech companies) engagement now is really just to hamstring state privacy laws and likely establish a woefully low bar while calling it privacy protections."

Ernesto Falcon

Electronic Frontier Foundation

Facebook walked back its opposition to California's initial ballot initiative. Before the Golden State's privacy bill, the social network, Google, AT&T, Comcast and Verizon all had the largest axes to grind in terms of privacy regulation.

Some of these companies have the most aggressive pushback on GDPR-like laws because of their "existing or planned monetization efforts," said Falcon. Their services, by design, have a deeply rooted connection to consumer activity. Even partly aggravating that reach could be detrimental to the bottom line.

Other tech companies, such as IBM and Salesforce, have much smaller dogs in the privacy fight. Their revenues are more dependent on their products and services, not the data within them.

Acting out of fear legislators would eventually craft a law targeting them, tech companies met a lot of potential privacy legislation with opposition. This change is a tangible "shift in strategy for them," said Falcon. But "their engagement now is really just to hamstring state privacy laws and likely establish a woefully low bar while calling it privacy protections."

Filed Under: Leadership, Corporate

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in Leadership
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell