In Senate Hearing, Tech Giants Push Lawmakers For Federal Privacy Rules

Another day, another hearing of tech giants in Congress. Wednesday's hearing at the Senate Commerce Committee with Apple, Amazon, Google and Twitter, alongside AT&T and Charter, marked the latest in a string of hearings in the past few months into all things tech: but mostly controversies embroiling the companies, from election meddling to transparency. This time, privacy was at the top of the agenda. The problem, lawmakers say, is that consumers have little of it. From a report: The hearing said that the U.S. was lagging behind Europe's new GDPR privacy rules and California's recently passed privacy law, which goes into effect in 2020, and lawmakers were edging toward introducing their own federal privacy law. AT&T, Apple, Charter and Google used their time in the Senate to call on lawmakers to introduce new federal privacy legislation. Tech companies spent the past year pushing back against the new state regulations, but have conceded that new privacy rules are inevitable. Now the companies realize that it's better to sit at the table to influence a federal privacy law than stand outside in the cold. In pushing for a new federal law, representatives from each company confirmed that they support the preemption of California's new rules -- something that critics oppose. AT&T's chief lawyer Len Cali said that a patchwork of state laws would be unworkable. Apple, too, agreed to support a privacy law, but noted as a company that doesn't hoard user data for advertising -- like Facebook and Google -- that any federal law would need to put a premium on protecting the consumer rather than helping companies make money. But Amazon's chief lawyer Andrew DeVore said that complying with privacy rules has "required us to divert significant resources to administrative tasks and away from invention."

What They Really Want

What they really want is to get the federal legislators, who they already have in their pockets, to develop federal laws that are favorable to the tech companies and will override all state laws.

Re:What They Really Want

On the one hand, I agree with you completely. They absolutely will lobby the heck out of the Hill to get the laws written they way they want.

On the other hand, having 50 or so different sets of privacy laws would be incredibly problematic, not only for the tech giants, but also for anyone trying to start a business online in the future. This is going to be something all of us are going to have to stay on top of, but without the help of Big Tech because they'll be the ones we are fighting against this time. So there won't be a blackout day to call attention to it. So start passing out David nametags to everyone you know.

Re:What They Really Want

[organgtool]

This is why I'm ambivalent about states' rights. On the one hand, I like the idea of allowing states to govern their own people independently of the federal government but on the other hand, it means that businesses that want to conduct business at the national level have to be aware of and adhere to fifty different sets of laws rather than one.

Re:What They Really Want

Almost certainly you can meet CA and NY compliance and be done. No way any of the other 48 states requirements would be as stringent.

And yes, by placing the issue with the feds, the industry is saying that they have the US congress in their pockets, and they do not have the CA and NY state congresses.

Re:What They Really Want

[technosaurus]

You act like the legislators write the laws. They don't even read them. Special interests write the laws and summarize them for each key legislator. Most of the legislation is so verbose that they could require blood sacrifices and nobody would ever notice till it was passed.

Re:What They Really Want

Yep, nailed it. Even the article mentions that one thing the tech giants stated in particular is that they want these laws to preempt state laws.

Apple should get an honorable mention for actually (at least sounding like) they have the good of the people in mind.

Re:What They Really Want

[organgtool]

Almost certainly you can meet CA and NY compliance and be done. No way any of the other 48 states requirements would be as stringent.

Stringency doesn't matter - the laws among states can conflict. One state may require that data be retained for at least one year so that it could be gathered for legal proceedings of future litigation while another state could require that data be kept for no more than three months. Now you have to determine which state every one of your users lives and create a separate data retention policy for those users. And that's just one example of a potential conflict but there could be dozens.

Re:What They Really Want

[BenFranske]

There are ways to sort out those conflicts, see for example the Uniform Commercial Code.

This is not to say that I'm for doing things in a patchwork way. However, state legislatures have shown themselves to be much less bought and paid for by corporations than congress so until we can deal with the corruption that money brings to congress I think we're forced into a situation where the best path forward is to do things at state levels.

Re:What They Really Want

Which is cool because most businesses don't become shitty until they go national.

Re:What They Really Want

Correct. Right now it's looking like it's not worth it to do business online at all with the Europeans because of GDPR.

Re:What They Really Want

[CanHasDIY]

it means that businesses that want to conduct business at the national level have to be aware of and adhere to fifty different sets of laws rather than one.

Which is precisely what the Commerce Clause was meant to deal with, but instead it's used to limit the rights of individual citizens.

Re:What They Really Want

EFF had a good article on this.
https://www.eff.org/deeplinks/2018/09/consumer-privacy-hearing-no-one-representing-consumers

Re:What They Really Want

[Cmdln+Daco]

One state may require that data be retained for at least one year so that it could be gathered for legal proceedings of future litigation while another state could require that data be kept for no more than three months.

And that would be an excellent outcome. It would require all the online vendors to keep the absolute minimum amount of information about their customers that is possible.

There is no need for Amazon to 'gather information' about my past purchases from them. A law that prohibited them from keeping such a record wouldn't interfere with them selling to me at all, in any way.

Re:What They Really Want

[DNS-and-BIND]

This is why there is such a push for global governance. The fewer they have to control, the better. The more governments, the more power we the people have.

Re:What They Really Want

[rtb61]

Psst, psst but if they know enough about you, as their favourite pet politician, they don't have to pay you as much and when they can create a stable of potential pet politicians, well, they can go the churn route. Get to uppity as their political slave, demand to much money and well, they'll just expose your ass and replace you with another pet from their stable of researched and disturbing sexual actions data verified potential pet politicians.

The silly fuckers might not yet fully understand but they are coming under real threat. No power, fuck all pay and extorted to obey, until they lose political sales value and either dumped with warnings of being exposed or exposed as a treat to feed to the angry wolves of a cheated populace.

The US government has been extorting control all over the world by uncovering the corrupt and abusive actions of politicians across the globe but they are tightening up security and the exposed are being replaced. I'll think you'll find there is a lot more comfort in corporations with the idea of tossing corrupt politicians to the public to chew on to distract from the actions of those corporations ie how much would it ease up public disturbance if they tossed the Klinton Krime Klan to the public, blame them for everything, make them look so bad, nothing they say is believed, sacrificing them would surely have to be in the black in terms of return on investment, the worse they look, the better everyone else will look, just the way it is.

Make no mistake though, in the current lack of privacy market, the rich are just as exposed as the poor, probably more so because information on them is worth far, far more than information on the poor. They'll soon become drone paranoid, things like tiny little drones that can fly to a window, suction attach to the glass and monitor it's vibrations. Getting the dirt on them is worth, well, billions, getting the dirt on the poor is worth a 95 cent advertisement. Tiny drones at board meetings flying in after the tech PIs cleared the room, tech PIs realising there is way more money in gaining certain secrets rather than protecting them, who watches the watchers, whoops problem, big targets means there is enough money to pay them all off. Why rob a bank when you can just get a billionaire to hand over a check for an 'er' non-disclosure agreement.

Google pushed for privacy rules?

I bet they did.

Google: "All your privacy belong to US!!!"

Of course they want rules

[Actually,+I+do+RTFA]

Rules have loopholes (or are just written to benefit industry) and "it is legal" for some reason absolves a company of any ethical responsibility. To say nothing of adding compliance costs to dissuade startups. Of course they want rules.

Re:Of course they want rules

The more rules the higher the barrier of entry to any potential rivals.

First thing a modern merchant does after climbing the ladder of success is to kick it out from under himself, so nobody can reach the heights he did.

Re:Of course they want rules

Ethics are deliberately disregarded when it comes to the law for a good reason; it would take objectivity out of the courts and allow for vigilantism and theft. This however is why we have juries, who are allowed to consider ethics.

Let me guess

None of the privacy rules proposed will give the users a say in whether or not you can share their data with third parties.

Translated to English

[Registered+Coward+v2]

AT&T, Apple, Charter and Google used their time in the Senate to call on lawmakers to introduce new federal privacy legislation. translates to "We are worried states will setup tougher standards, such as CA is doing, and we want the feds to step in and preempt state laws with federal rules that we can influence cheaper by buying key congress members rather than having to buy legislatures in 50 states. In addition, strict, but not to strict, rules will make it harder for competitors since it will cost money to setup the structures to comply with them, creating more barriers to entry and less of a threat of a new company disrupting our thing."

Re:Translated to English

[Guybrush_T]

Not exactly true. Startups will have more issues complying with GDPR, California laws, and any local laws. That's what preventing them from going world-wide, while large companies can absorb that pretty easily.

The US should go for something that is as close to GDPR as possible. That way, it would incur NO cost for companies (*) since they already implement GDPR (and most of the time for all users so that it's simpler for them) while effectively improving user's privacy.

(*) Except for companies which business model is based on selling users information, obviously.

Re:Translated to English

[Registered+Coward+v2]

Not exactly true. Startups will have more issues complying with GDPR, California laws, and any local laws. That's what preventing them from going world-wide, while large companies can absorb that pretty easily.

The US should go for something that is as close to GDPR as possible. That way, it would incur NO cost for companies (*) since they already implement GDPR (and most of the time for all users so that it's simpler for them) while effectively improving user's privacy.

(*) Except for companies which business model is based on selling users information, obviously.

You missed my point, which was regulations are often used by the regulated to create barriers to entry; in this case they would apply all through the US so a company could not find a state with lax protections to setup in and simply avoid doing business in highly regulated ones.

Re:Translated to English

[Guybrush_T]

True in general, but not in this case since they are asking for a universal rule across the US. Having per-state laws is worse for small competitors and restricts their ability to grow.

So, having consistent federal not-too-strict laws are better for businesses selling user information (your first point I think) but actually also better for small competitors who want to grow.

Some big companies spend a lot in lobbying to increase complexity of their own field because they know they can handle it better than the small actors. They are doing the opposite here : they want their job to be easier (and more importantly less regulated), but they're not trying to prevent competition.

Now, I haven't seen any company complain against GDPR. Some say it's a lot of constraints (like, it really protects users), but all seem to agree it is fair, so no company could publicly fight GDPR without clearly being anti-privacy -- and most Companies always publicly say they are pro-privacy, especially when their business model is selling user's data. I believe those laws should be like the internet : world-wide.

Re:Translated to English

[Registered+Coward+v2]

True in general, but not in this case since they are asking for a universal rule across the US. Having per-state laws is worse for small competitors and restricts their ability to grow.

So, having consistent federal not-too-strict laws are better for businesses selling user information (your first point I think) but actually also better for small competitors who want to grow.

Some big companies spend a lot in lobbying to increase complexity of their own field because they know they can handle it better than the small actors. They are doing the opposite here : they want their job to be easier (and more importantly less regulated), but they're not trying to prevent competition.

Now, I haven't seen any company complain against GDPR. Some say it's a lot of constraints (like, it really protects users), but all seem to agree it is fair, so no company could publicly fight GDPR without clearly being anti-privacy -- and most Companies always publicly say they are pro-privacy, especially when their business model is selling user's data. I believe those laws should be like the internet : world-wide.

You make some good points but I disagree on two points:

1. They are doing the opposite here : they want their job to be easier (and more importantly less regulated), but they're not trying to prevent competition.I think they are trying to craft laws that give them an advantage as an incumbent. The know what is easy to do , what costs money and what is valuable and thus can make laws that setup barriers they have hurdled but are hard for a new entry to meet. In addition, they eliminate the possibility a state would have no privacy protections, thus letting a local competitor to start and grow locally before deciding if they want to grow beyond their state. They may not like CA's laws but you can be assured they will rig the game in their favor.

2. I believe those laws should be like the internet : world-wide. Never happen because you'll never get agreement on what the law should be; some may even like lax laws to attract companies.

stop, my sides, ow...

[thomn8r]

that any federal law would need to put a premium on protecting the consumer rather than helping companies make money

NDA's will be unbrakable?

Break a NDA and go to federal prison.

Trump, Cosby endorse this.

That's a great idea!

[Rick+Zeman]

Let's roll out California's laws nationwide!

Oh, you didn't mean you wanted a nationwide law, you meant you wanted a TOOTHLESS nationwide law.

Got it.

Summary?

[datavirtue]

Do these guys know what a fucking summary is? Hint: it is not a three page diatribe.

Upgraydd gets his money

They sure as fuck know how to find you if you owe them money. I have ZERO sympathy.