Two weeks ago, the nation’s tech titans came to Washington to urge Congress to pass legislation that would override the data privacy law California’s legislature passed in June. On Wednesday, privacy advocates got their chance to push back.
“We understand this committee is considering a national standard for data privacy, but we implore you not to weaken or undo the safeguards (the new California law) has so recently put in place, which now cover 40 million Americans,” said Alastair Mactaggart, the wealthy Northern California real estate developer who spearheaded the campaign to enact the California Consumer Privacy Act.
Other like-minded academics and policymakers echoed Mactaggart’s pleas to senators on the Commerce, Science and Transportation Committee.
“Existing privacy protections should not be weakened,” said Nuala O’Connor, president and CEO of the Center for Democracy and Technology, a nonprofit that advocates for online civil liberties. Any new federal law “should include individual rights like the ability to access, correct and delete personal information,” O’Connor added, values that “are already ensconced both in the California law and the GDPR,” a European Union data privacy law that went into effect this past spring.
Their testimony underscores how much California’s law, which does not go into effect until 2020, figures into the national furor over Americans’ right to privacy in the digital age, sparked by Facebook’s Cambridge Analytica scandal and other massive breaches of users’ online information that have come to light in recent months. They also highlight how much the state measure could be undermined by ongoing lobbying effort to modify it, via federal action as well as in the state Legislature.
Representatives for Google, Twitter, Apple, Amazon, AT&T and Charter Communications argued before the same Senate committee on Sept. 26 that Congress needed to pass a federal data standard to prevent a “patchwork” of state laws, like California’s.
“Providers struggling with compliance may have no choice but to adopt the most restrictive elements of each state’s law, given the impracticability of complying with multiple state rules,” warned Leonard Cali, senior vice president of global public policy at AT&T. “The result may be a more restrictive privacy framework than any state intended with less innovation,investment and consumer welfare.”
Cali called for a new federal law that “learns from” and “does better than” the California Consumer Privacy Act and the European Union law. Fellow executives reiterated that imperative.
In his opening statement, Mactaggart pooh-poohed the companies’ criticism as alarmist.
“You heard from representatives of giant corporations only two weeks ago that the sky will essentially fall if you leave (California’s law) intact,” he said. “This law was rushed and badly drafted, they said, and it needs preemption right away.”
“On the contrary,” Mactaggart continued, “we spent years talking to legal and technical experts, academics, businesses, privacy advocates. And its language reflects thousands of hours of careful drafting.”
California policymakers reached a hasty agreement on the data privacy law in the face of a Mactaggart-funded ballot initiative campaign to put an even more stringent law before the voters in November. Mactaggart agreed to pull the ballot measure when the Legislature passed the compromise bill on June 28. Some privacy advocates feared the legislation did not go far enough. Californian companies from a range of industries, meanwhile, have continued to press for “corrections” to the law that would tighten definitions and prevent what they argue is overreach.
Senators on Wednesday raised some of those same issues with the privacy advocates, suggesting a sympathy with the Internet industry and other critics of the law. Republican lawmakers appeared particularly skeptical, hinting at a partisan divide that was absent from the California Legislature.
“Are you concerned that that broad definition of personal information sweeps in information that isn’t sensitive?” Kansas Republican Jerry Moran asked Mactaggart. The language in the California law “sounds somewhat removed from information that can identify an individual,” Moran added.
Republican Roger Wicker of Mississippi, meanwhile probed the witnesses about how a patchwork of state privacy laws would “affect consumers adversely.”
Given the divisions within Congress, not to mention the complexity of the issue, Washington is unlikely to advance quickly on any data privacy proposals. The problem, however, is poised to remain in the headlines. Just two days ago, Google announced it was shutting down its Google Plus social network after discovering a security problem that exposed the data of as many as 500,000 users.