At the beginning of July, California, the home of Silicon Valley, became the first of 50 states to pass a law regulating the collection, storage, and use of consumer data.
Big Tech’s fear? It won’t be the last.
It’s been surprisingly slow to dawn on the public that companies like Google and Facebook haven’t been providing their suites of online services — from email and calendar, through image sharing and social media channels which amount to free publishing platforms — solely out of warm, charitable feelings for their fellow citizens.
As DMN readers have always known, and as everyone should know following the Cambridge Analytica debacle, the Internet is not only a fabulous means of distributing information; it’s also an unsurpassed tool for collecting it. Capabilities exist, not just for identifying users of online services, and tracking their browsing history, but for compiling profiles encompassing all kinds of real-world data — location, household data, purchase histories, habits and pastimes, and even mood.
If you want to live a private life in 2018, go nowhere near any connected device. And good luck with that.
The United States is well behind Europe and Canada in responding to consumer concerns. The European Union’s GDPR, in particular, seeks to wrest control of personally identifying data wholly away from the companies which gather and process it, and put it squarely in the hands of its original owners. The California Consumer Privacy Act (CCPA) is less stringent than GDPR. For example, it makes it easier for consumers to opt out of sharing data, whereas GDPR requires companies to get informed consent (i.e. to persuade consumers to opt in).
Nevertheless, it’s been enough to stir Big Tech into action. According to new reporting, a plan is gelling. The theory is simple: a federal law on data privacy would trump (no pun intended) any state laws, including the pioneering legislation in California (“(T)he strategy here is to neuter California,” said a spokesperson for the Electronic Frontier Foundation.) But it needs to be a federal law which is kinder to Big Tech than the state laws are likely to be.
“In recent months, Facebook, Google, IBM, Microsoft and others have aggressively lobbied officials in the Trump administration and elsewhere to start outlining a federal privacy law,” reported the New York Times. The secondary advantage of federal legislation would lie in avoiding inconsistencies among state laws — a situation which would force data processors to comply differently in each jurisdiction; or, more likely, to comply nationwide with the most draconian regulatory requirements.
As the Times points out, the companies most resistant to federal intervention were those — like Google and Facebook — dependent primarily on advertising as a source of revenue. In coming around to a position of support for a federal government initiative, they’re making two assumptions:
- Big Tech and its lobbyists will have a significant role to play in framing the legislation; and
- Congress can actually get something done.
The second of those assumptions is actually plausible. Democrats are likely to favor an initiative which appears to support consumers’ rights. Republicans have frequently imposed measures which would impose burdens on industry (back in 2012, for example, the late Senator John McCain successfully led opposition which killed bipartisan legislation to secure the nation’s infrastructure against cyber attacks). But if Big Tech roots for the law, Republicans will have little motive to stand against it.
As for the first assumption, what it really means is that Big Tech is seeking to self-regulate, rather than be regulated by the states. They’ve lost the battle in Europe, but still have hopes of winning it at home. The risk, of course, lies in asking the public to trust them as guardians of…themselves.
