But before that law is crafted, tech firms want to give their two cents.
A report from the New York Times this week says that tech companies such as Facebook, Google, IBM, Microsoft and others are aggressively lobbying Trump administration officials about a potential federal privacy law.
There’s a reason why tech is so interested in being part of the conversation. Facing the expectations put on them by Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) — as well as increased scrutiny due to data mishandling — the companies are hoping to get ahead of a federal rule. And to help to craft it in a way that is more favorable to business.
GDPR is a European data privacy law that governs all EU citizens, no matter where their data is collected. Under GDPR, data privacy breaches carry huge penalties — up to 4 percent of a company’s annual global turnover or €20 million (whichever is greater). The CCPA is California’s version, breaches of which also carry high penalties.
According to two anonymous sources who spoke to the New York Times, Facebook believes that the CCPA will seriously hamper the tech industry:
At a board meeting for the Information Technology Industry Council (ITIC) in May, Joel Kaplan, Facebook’s top lobbyist, warned that an early proposal for privacy in California posed a threat to the industry and that the trade group needed to make the issue of privacy a priority … Lobbyists for other tech companies agreed that it could be more problematic than the new European law, and that it would unleash a patchwork of state laws that would not only strap their businesses but become a regulatory headache, the people briefed on the meeting said.
The sources said that the tech firms’ proposed federal law would have a dual purpose: “It would overrule the California law and instead put into place a kinder set of rules that would give the companies wide leeway over how personal digital information was handled.”
The Times noted that “companies like IBM and Salesforce, which sell data storage and software to other businesses, were more willing to accept consumer privacy laws, IBM and other members of the Information Technology Industry Council said. Social media and other companies that relied primarily on advertising for revenue, like Facebook and Google, were adamant that the industry should fight all rules.”
For the past several years, Google and Facebook have both been struggling to find a balance that allows them to continue to the use the data their business models are based on while at least publicly showing good faith about protecting that data from misuse.
A business-friendly federal environment
It looks like the tech companies are finding the Trump Administration to be responsive to business’ concerns. Although Congress grilled Facebook Chief Executive Mark Zuckerberg on Capitol Hill about Facebook’s approach to data privacy, the administration has given signals that it will be pro-business when crafting a federal law.
Earlier this month, David J. Redl, senior member of the US Department of Commerce told the Internet Governance Forum (IGF) that for the Trump administration, “…our driving force will be a commitment to meeting [the] challenges [we face] in a way that ensures America’s prosperity and clears the way for innovation. America has seen enormous benefits from this approach, so we must continue to give a green light to innovators to create a more secure, more open and more prosperous Internet.”
That speech echoed comments made in late May by Redl’s boss, US Commerce Secretary Wilbur Ross who called GDPR “likely to create barriers to trade.”